Hi George, 

Apologies for the delayed response.

I've attached the config file.

Hi Leo,

I have attached the output of the show interface wan port command.

Apologies for the delayed response.

---

@Elopower123 wrote:

 

     7705289 packets input, 1079623756 bytes, 0 no buffer
      892957 packets output, 387007756 bytes, 0 underruns

 

---

Those are very, very low values.  What is the uptime of the router?

Yeah, I had to reboot the router today because the issue became too severe.

I have attached a screenshot of the output of the sh interface wan port command from two days ago.

Hello,

I have made some changes to your configuration, see the lines marked in bold and the comments. I don't know what your entire topology looks like, but a few things look odd...

You also might want to check if all the enabled snmp traps cause the high CPU...

Building configuration...

Current configuration : 9557 bytes
!
! No configuration change since last restart
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname ......
!
boot-start-marker
boot-end-marker
!
enable secret 4 ......
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
ip domain name et.com
!
multilink bundle-name authenticated
!
crypto pki token default removal timeout 0
!
license udi pid CISCO2901/K9 sn FCZ1632C54U
!
username .... secret 4 ....
username .... secret 4 ....
username .... secret 4 .....
username .... secret 4 ......
!
redundancy
!
track 1 ip sla 1 reachability
!
--> no class-map match-all CI (not applied anywhere)
description Customer Interent Map for 3Mbps
match access-group 61
--> no class-map match-any Server (not applied anywhere)
description SERVER CLASS MAP FOR 2MBPS
match access-group 100
!
--> no policy-map VP (not applied anywhere)
description VP SERVER BANDWIDTH OF 2MBPS
class SERVER
bandwidth 2000
--> no policy-map CVI (not applied anywhere) 
description Customer Interent 3Mbps
class CI
police 3000000 1500 1000 conform-action transmit exceed-action drop violate-action drop
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 196.56.248.5 255.255.255.248
ip access-group 50 in
ip nat outside
ip virtual-reassembly in
load-interval 30
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 102.124.18.34 255.255.255.252
ip access-group 50 in
--> ip nat outside (if this is your primary interface, it needs the NAT statement)
ip virtual-reassembly in
duplex auto
speed auto
!
interface FastEthernet0/0/0
ip address 182.60.0.1 255.255.255.252
ip policy route-map POLICY
duplex auto
speed auto
!
interface FastEthernet0/0/1
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0/1.10
encapsulation dot1Q 10
ip address 150.219.192.1 255.255.255.248
!
interface FastEthernet0/0/1.20
encapsulation dot1Q 20
ip address 150.219.192.9 255.255.255.248
!
interface FastEthernet0/0/1.30
encapsulation dot1Q 30
ip address 150.219.192.17 255.255.255.240
!
interface FastEthernet0/0/1.40
encapsulation dot1Q 40
ip address 192.168.40.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface FastEthernet0/0/1.50
encapsulation dot1Q 50
ip address 150.219.192.65 255.255.255.192
!
interface FastEthernet0/0/1.60
encapsulation dot1Q 60
!
interface FastEthernet0/0/1.70
encapsulation dot1Q 70
ip address 150.219.194.1 255.255.255.248
ip policy route-map Office-AI
!
interface FastEthernet0/0/1.71
encapsulation dot1Q 71
ip address 150.219.192.129 255.255.255.248
!
interface Serial0/1/0
no ip address
shutdown
no fair-queue
clock rate 2000000
!
interface Serial0/1/1
no ip address
shutdown
clock rate 2000000
!
router ospf 1
network 182.60.0.0 0.0.0.3 area 0
network 196.56.248.0 0.0.0.7 area 0
network 187.110.179.224 0.0.0.3 area 0
!
router bgp 123456
bgp log-neighbor-changes
network 150.219.192.0 mask 255.255.255.0
network 150.219.194.0 mask 255.255.255.0
network 150.219.195.0 mask 255.255.255.0
neighbor 102.124.18.33 remote-as 23456
neighbor 102.124.18.33 description to ISP 2
neighbor 102.124.18.33 next-hop-self
neighbor 182.60.0.2 remote-as 123456
neighbor 196.56.248.1 remote-as 34567
neighbor 196.56.248.1 description CONNECTION TO ISP 1
neighbor 196.56.248.1 next-hop-self
neighbor 196.56.248.1 advertise-map ADV_196 non-exist-map NO_ADV
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
--> no ip nat pool Internet 196.56.248.5 196.56.248.5 netmask 255.255.255.248 (the pool is used nowhere)
--> no ip nat source list 1 interface GigabitEthernet0/0 overload (ip nat enable is configured nowhere)
--> ip nat inside source list 1 interface GigabitEthernet0/1 overload (GigabitEthernet0/1 is your primary interface)
ip route 0.0.0.0 0.0.0.0 102.124.18.33 track 1
ip route 0.0.0.0 0.0.0.0 196.56.248.1 5
ip route 150.219.192.0 255.255.255.0 Null0
ip route 150.219.194.0 255.255.255.0 Null0
ip route 150.219.195.0 255.255.255.0 Null0
ip route 192.168.0.70 255.255.255.255 150.219.192.10
!
ip access-list standard VTY-MGMT
permit 150.219.192.10
permit 192.168.40.10
!
ip access-list extended ROUTER-SLA
permit ip any any
!
ip prefix-list 20 seq 5 permit 150.219.192.0/24
!
ip prefix-list 25 seq 5 permit 0.0.0.0/0
!
ip prefix-list 30 seq 5 permit 102.124.18.33/32
!
ip sla 1
--> icmp-echo 8.8.8.8 source-interface GigabitEthernet0/0 (you are pinging the next hop of the backup route, this doesn't look right. Ping 8.8.8.8 instead)
frequency 5
ip sla schedule 1 life forever start-time now

!
access-list 1 permit 192.168.40.0 0.0.0.255
access-list 50 deny 106.101.25.133
access-list 50 permit any
access-list 60 permit 150.219.194.0 0.0.0.7
access-list 61 permit 150.219.192.128 0.0.0.7
--> no access-list 199 permit ip any any log-input (this access list is applied nowhere)
!
route-map NO_ADV permit 10
match ip address prefix-list 25
match ip route-source prefix-list 30
!
route-map Office-AI permit 10
match ip address 60
set ip default next-hop 196.56.248.1
!
route-map ADV_196 permit 10
match ip address prefix-list 20
!
route-map ROUTER-TRAFFIC permit 10
match ip address ROUTER-SLA
set ip next-hop verify-availability 196.56.247.1 10 track 1
set ip next-hop 187.110.179.224
!
!
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps c3g
snmp-server enable traps ds3
snmp-server enable traps adslline
snmp-server enable traps vdsl2line
snmp-server enable traps icsudsu
snmp-server enable traps isdn call-information
snmp-server enable traps isdn layer2
snmp-server enable traps isdn chan-not-avail
snmp-server enable traps isdn ietf
snmp-server enable traps ds0-busyout
snmp-server enable traps ds1-loopback
snmp-server enable traps energywise
snmp-server enable traps vstack
snmp-server enable traps mac-notification
snmp-server enable traps bgp
snmp-server enable traps isis
snmp-server enable traps rf
snmp-server enable traps aaa_server
snmp-server enable traps atm subif
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps cnpd
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps entity
snmp-server enable traps fru-ctrl
snmp-server enable traps resource-policy
snmp-server enable traps event-manager
snmp-server enable traps frame-relay multilink bundle-mismatch
snmp-server enable traps frame-relay
snmp-server enable traps frame-relay subif
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps msdp
snmp-server enable traps mvpn
snmp-server enable traps nhrp nhs
snmp-server enable traps nhrp nhc
snmp-server enable traps nhrp nhp
snmp-server enable traps nhrp quota-exceeded
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps pppoe
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps l2tun session
snmp-server enable traps l2tun pseudowire status
snmp-server enable traps vtp
snmp-server enable traps ipsla
snmp-server enable traps bfd
snmp-server enable traps firewall serverstatus
snmp-server enable traps isakmp policy add
snmp-server enable traps isakmp policy delete
snmp-server enable traps isakmp tunnel start
snmp-server enable traps isakmp tunnel stop
snmp-server enable traps ipsec cryptomap add
snmp-server enable traps ipsec cryptomap delete
snmp-server enable traps ipsec cryptomap attach
snmp-server enable traps ipsec cryptomap detach
snmp-server enable traps ipsec tunnel start
snmp-server enable traps ipsec tunnel stop
snmp-server enable traps ipsec too-many-sas
snmp-server enable traps vrfmib vrf-up vrf-down vnet-trunk-up vnet-trunk-down
!
control-plane
!
line con 0
password 7 ....
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 5
password 7 ....
login local
transport input all
!
scheduler allocate 20000 1000
end

Hi Georg,

The snmp engine doesn't actually take up much resources when the issue is happening but I will work on your notes and see how the router responds.

Thanks a lot for your help. I'll let you know how it goes.

Hi Georg,

I have made the configuration changes but I'm still experiencing high IP input on the router.

Hi,

I would also like to add that we had two ISPs previously but currently we have suspended one. I have removed the suspended ISP from by BGP configurations and made the ISP 2 the sole WAN connection but I'm still having high IP input.