I was reading this post concerning high cpu on 3750 where the process is HTTP CORE
https://supportforums.cisco.com/discussion/12059256/high-cpu-http-core-cisco-3750
We're having the same issue caused McAffee scanning of the network.
We have both http and https currently allowed.
#sh run | in http
ip http server
ip http secure-server
Does the HTTP CORE process only relate to the http server or http secure-server ?
Should we disable both of those options and will it prevent scanning from hitting the CPU on the switch?
Yesterday we did a test of just scanning this one switch.
show tcp brief - has over 45,000 active sessions from the scanner on port 80 and 443.
After the scanning was killed the CPU was still pegged out at 100% for 30 minutes so I rebooted the switch.
We are at ios 12.2.55 (SE8)
shouldn't those sessions of timed out - is that a bug in the ios or expected ?
Thank you