We're in the process of moving to ISE and our supplier has asked us to add AAA commands to all of our Access switch interfaces to allow for profiling of the network to commence.
The issue I'm having is that so far out of 22 stacks I've added the commands to, so far 9 have exhibited high CPU between 80 - 100% while the commands are enabled on the interfaces and when I've removed the commands from these switch interfaces the CPU drops back to between 40 - 60% utilization. In some instances the CPU has gone straight up to 80%+ and in others its takes a few days.
Most of the stacks affected are between 2 and 4 switches in a stack, there's one with 6 in a stack. All the unaffected stacks have between 1 and 4 switches in a stack.
All our 2960X's are running either 15.2(2)E6 or 15.2(2)E7.
I've attached docs with show process CPU and Mem with the config enabled and with it removed.
The config we've been asked to add is below
switchport mode access
ip access-group PERMIT-ALL in
authentication control-direction in
authentication event fail action next-method
authentication event server dead action authorize voice
authentication event server alive action reinitialize
authentication host-mode multi-domain
authentication order mab dot1x
authentication priority dot1x mab
authentication port-control auto
authentication timer reauthenticate server
authentication timer inactivity server dynamic
authentication violation replace
snmp trap mac-notification change added
snmp trap mac-notification change removed
dot1x pae authenticator
dot1x timeout tx-period 10
authentication mac-move permit
Any help with this issue would be much appreciated.
Solved! Go to Solution.
you may be hitting something similar to this bug looking at cpu output , have you ran the show tech through the cli analyzer when the cpu is hot , ?it may give exact bug id
if you dont have the analyzer setup post the show tech i can run it for you , otherwise i would upgrade the image or open a TAC case get the exact ID and then upgrade
Thanks for the information
When I did a sh tech and ran it through the CLI analyzer the output didn't give any specific bug information just a danger IOS CPU usage is very high.
I've had a look at the bug and if it is what's causing the issue how do I go about resolving it as it says that Cisco aren't planing on fixing the issue?