11-16-2011 06:14 AM - edited 03-07-2019 03:25 AM
I am seeing high CPU usage on a Cat 4507. I have run the following:
show logg
Nov 16 14:08:27.154 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:01 in vlan 1 is flapping between port Gi5/10 and port Gi5/30
Nov 16 14:08:42.150 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:01 in vlan 1 is flapping between port Gi5/10 and port Gi5/30
Nov 16 14:08:57.138 UTC: %C4K_EBM-4-HOSTFLAPPING: Host 00:00:00:00:FE:01 in vlan 1 is flapping between port Gi5/30 and port Gi5/10
show process cpu sort
CPU utilization for five seconds: 81%/1%; one minute: 83%; five minutes: 83%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
46 40109659921826789115 2195 64.16% 64.07% 64.57% 0 Cat4k Mgmt LoPri
45 30200456881129227993 2674 11.65% 12.01% 11.94% 0 Cat4k Mgmt HiPri
show platform health (snipped to show high process)
%CPU %CPU RunTimeMax Priority Average %CPU Total
Target Actual Target Actual Fg Bg 5Sec Min Hour CPU
K2L2 Address Table R 2.00 65.03 12 6 100 500 82 78 60 327274:28
I assume the hostflapping is causing a spike in CPU since the packets are not being processed by CEF. A checkpoint firewall is on the other side of the two ports. Has anyone run across this problem in general or with Checkpoint firewall using the same mac on two different ports? How could I solve this?
Keith
11-16-2011 06:53 AM
Is spanning tree configured on your switch?
The %C4K_EBM-4-HOSTFLAPPING:Host [mac-addr] in vlan [dec] is flapping between port [char] and port [char] error message appears.
This error message appears on the switch when the switch detects the specified host address as a source address on multiple ports.
The issue can occur due to Spanning Tree Protocol (STP) loops in the network that cause packet drops from the specific host. In addition to packet drops, STP loops lead to several other symptoms, which are listed here:
Loss of connectivity to, from, and through affected network regions.
High link utilization (often 100 percent).
High switch backplane utilization (compared to the baseline utilization).
Syslog messages that indicate packet looping in the network (for example, HSRP duplicate IP address messages).
Syslog messages that indicate constant address relearning or MAC address flapping messages.
An increase in the number of output drops on many interfaces.
http://www.cisco.com/en/US/products/hw/switches/ps4324/products_tech_note09186a008063c36f.shtml
HTH
11-16-2011 07:02 AM
Yes.
Keith
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: