Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1288
Views
0
Helpful
5
Replies

high cpu due to ipv6 multicast traffic from clients in cisco 4506-E switch

vijay kumar
Level 2
Level 2

‎07-22-2014 09:31 PM - edited ‎03-07-2019 08:09 PM

Hi Folks ,

We are facing high cpu (always 99%) in our cisco 4506-E switches. Then found that huge ipv6 multicast packets are hitting to switch CPU.

 

Index 1:

36 days 18:9:45:440850 - RxVlan: 102, RxPort: Te1/1

Priority: Normal, Tag: Dot1Q Tag, Event: 21, Flags: 0x40, Size: 90

Eth: Src A0:48:1C:86:78:7A

Index 2:

36 days 18:9:45:442373 - RxVlan: 102, RxPort: Te1/1

Priority: Normal, Tag: Dot1Q Tag, Event: 21, Flags: 0x40, Size: 90

Eth: Src F0:92:1C:F2:91:CE Dst 33:33:FF:27:F3:C2 Type/Len 0x86DD

Index 3:

 

 

Is there a way that we can configure in switch to not process theese packets. Or only way to disable IPV6 functionality in clients?

 

Thanks,

Vijay.

 

Labels:
0 Helpful
5 Replies 5

LJ Gabrillo
Level 5
Level 5

‎07-23-2014 12:00 AM

Hi Vijay,

I doubt that the cause of that high CPU is the multicast addresses. There might be a loop in your network. 
Kindly do isolation of each of your backbones.

one-by-one, remove your backbones from the different switches, while constantly doing "show processes cpu" 

Once you hit a backbone that suddenly decreases the CPU, your loop is in that segment. Try to find it.

0 Helpful

vijay kumar
Level 2
Level 2
In response to LJ Gabrillo

‎07-23-2014 09:32 AM

Hi Isgabrillo ,

 

Thanks for your suggestion .We didn't see any STP TCN in our switches . The  debug previously I have posted has packets from uplink. But we able to see lot of traffic from access ports (Connected with end machines) also.All the packets destined to IPV6 multicast address 33:33:FF:27:F3:C2.

 

ndex 1:
36 days 17:47:37:910324 - RxVlan: 102, RxPort: Gi4/27
Priority: Normal, Tag: No Tag, Event: 21, Flags: 0x40, Size: 90
Eth: Src A0:48:1C:86:38:97 Dst 33:33:FF:27:F3:C2 Type/Len 0x86DD

 

Index 4:
36 days 17:47:37:921663 - RxVlan: 102, RxPort: Gi4/29
Priority: Normal, Tag: Dot1Q Tag, Event: 21, Flags: 0x40, Size: 90
Eth: Src A0:48:1C:86:7A:BE Dst 33:33:FF:27:F3:C2 Type/Len 0x86DD

0 Helpful

LJ Gabrillo
Level 5
Level 5
In response to vijay kumar

‎07-23-2014 09:38 AM

Hi

I would recommend tracking down whoever owns that mac address: 33:33:FF:27:F3:C2
a show arp should do the trick

Now, try removing that host/server for a short time, see if the CPU improves (like to normal levels)
worse case that MAC may be a security/virus beach considering it continually asks other hosts for data.

0 Helpful

InayathUlla Sharieff
Cisco Employee
Cisco Employee
In response to LJ Gabrillo

‎09-17-2014 03:12 AM

i would suggest create an acl to drop this mac address to prevent the high cpu quickly.

use vacl right away.

0 Helpful

Vladislav Vyakin
Level 1
Level 1

‎06-29-2015 10:52 PM

Hello. I have same issue with 4500. I found port that send traffic, shutdown it and cpu load normalized.

User said that some time before he send pc to sleep.

Is you found any reason of traffic? 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card