Its definitly some kind of bug, disable dhcp snooping is our solution, but that wasnt the question. 

1: How can we detect high CPU since we cant read it with snmp

2: Why does cisco not sending the cpu value in snmp ? 

(disable ipv6 as mentioned isnt working, disable dhcp snooping is) 

 

Thanks, but still not a solution to my question.

The answer is:
1. Raise a TAC Case.
2. Upgrade to the version TAC recommends.

Please read the question again, its not related to WHY we have high CPU, its HOW we can detect it. 

 

To detect the problem and come to resolution Cisco TAC team need to investigate with you.

 

This technical Forum can help what best people can base on knowledge and experience.

 

TAC are the experts on a high level to debug the code and give you the reason why this was a High CPU since we do not have access to your device, Cisco TAC is the best for you.

 

If you have smartnet contract and its effecting rather than spending time over the forum, raise a TAC case as emergency for the solution.(if i were you i would do the same thing)

 

 

Can I be clearer? 

"base on knowledge and experience" is there a way to know if switches are having high CPU, or are the rest of you also sitting in the dark and waiting for an accident to happen? 

I want to be proactive and not be totally in the dark of theese things. 

 

 

 

Sure you can do many ways -

 

1. Send information to SYSLOG Server

2. use EEM Script to report over email or trap to SYSLOG

 

Hello,

 

on a side note, you could use the script below to have the switch proactively send you an email when the CPU reaches a certain treshold (80 percent in the example, and the switch is polled every 5 seconds).

 

logging buffered 8192 informational
process cpu threshold type total rising 80 interval 5
!
event manager applet High_CPU authorization bypass
event syslog occurs 1 pattern "CPURISINGTHRESHOLD"
action 1.0 info type routername
action 2.0 syslog msg "High CPU utilization detected on $_info_routername"
action 3.0 mail server "201.222.223.12" to "user-to@domain.com" from "user-from@domain.com" subject "High CPU Alert on $_info_routername" body "$_syslog_msg"

""base on knowledge and experience" is there a way to know if switches are having high CPU, or are the rest of you also sitting in the dark and waiting for an accident to happen? "

Why yes, either by polling the switch or using SNMP traps/informs or using EEM, as noted by myself and others.

BTW, as to knowledge and experience, high CPU on a switch often indicates an IOS bug or something "whacky" going on in your network (i.e. something control plane related). Remember, switches use dedicated hardware for their "normal" traffic forwarding (i.e. data plane), so high CPU is generally abnormal. Yea, I know you want to be proactive, and know of potential accidents before they happen, but again, we've described how that might be accomplished.

Also BTW, when a switch has a high CPU, often normal traffic forwarding isn't impacted, again because there's dedicated hardware for it and also because different software processes generally have different levels of priority. I.e. even with a switch's CPU at 100%, there might be no impact to traffic forwarding or critical control plane (e.g. STP processing, routing protocol processing, etc.; SNMP isn't a critical function). In other words, those of us with some knowledge and experience often find high switch CPU is often not critical, but when it is, other monitoring on/off the network often shows there's a problem. So, we're not always (totally) in the dark. ;)

---

@fsvensson wrote:

its HOW we can detect it. 

---

Raise a TAC Case and ask TAC that very question.