Please confirm N number of static route and ACL will cause high cpu if so  , please share the link where cisco suggested the maximum limit of static routes will cause an interrupts for Cisco 2800 series.

I am not sure whether it is a new question. It seems unrelated with the original question of why "high cpu utilization" when the command is "access-list 115 deny tcp any any log".

For the original question, you can look at the following link which could give you the general idea of "log" keyword (even if it is focused on 2960X platform): https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960x/software/15-0_2_EX/security/configuration_guide/b_sec_152ex_2960-x_cg/b_sec_152ex_2960-x_cg_chapter_01011.html

For router ACLs, other factors can cause packets to be sent to the CPU:
- Using the log keyword
- Generating ICMP unreachable messages
When traffic flows are both logged and forwarded, forwarding is done by hardware, but logging must be done by software. Because of the difference in packet handling capacity between hardware and software, if the sum of all flows being logged (both permitted flows and denied flows) is of great enough bandwidth, not all of the packets that are forwarded can be logged.

HTH,
Meheretab

hi ,

my  question is i have cisco 2811 with huge number of static routes.so is it will cause high cpu