there you go.

WebCache#show version
Cisco IOS Software, C3560 Software (C3560-IPSERVICESK9-M), Version 12.2(53)SE, R
ELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2009 by Cisco Systems, Inc.
Compiled Sun 13-Dec-09 15:45 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02E00000

ROM: Bootstrap program is C3560 boot loader
BOOTLDR: C3560 Boot Loader (C3560-HBOOT-M) Version 12.2(50r)SE, RELEASE SOFTWARE
(fc1)

WebCache uptime is 1 day, 30 minutes
System returned to ROM by power-on
System image file is "flash:/c3560-ipservicesk9-mz.122-53.SE.bin"

This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html

If you require further assistance please contact us by sending email to
export@cisco.com.

cisco WS-C3560V2-24PS (PowerPC405) processor (revision D0) with 131072K bytes of
memory.
Processor board ID FDO1402Y1H7
Last reset from power-on
2 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.

512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       : 04:FE:7F:F0:90:80
Motherboard assembly number     : 73-11706-10
Power supply part number        : 341-0266-02
Motherboard serial number       : FDO14021GJQ
Power supply serial number      : LIT134702TC
Model revision number           : D0
Motherboard revision number     : A0
Model number                    : WS-C3560V2-24PS-S
System serial number            : FDO1402Y1H7
Top Assembly Part Number        : 800-31038-02
Top Assembly Revision Number    : A0
Version ID                      : V02
CLEI Code Number                : COMNK10CRA
Hardware Board Revision Number  : 0x03

Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 26    WS-C3560V2-24PS    12.2(53)SE            C3560-IPSERVICESK9-M

Configuration register is 0xF

WebCache#

Hello Sulaiman,

post the configuration of the PBR rule to see if there is a chance that traffic is not processed in hardware

Resource usage is not too much.

See PBR guidelines

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swiprout.html#wp1210866

Hope to help

Giuseppe

here are the configurations

interface Vlan300
ip address xx.xx.xx.xx 255.255.255.0
ip policy route-map web

ip access-list extended web
permit tcp xx.xx.xx.xx 0.0.15.255 any eq www
permit tcp xx.xx.xx.xx 0.0.15.255 any eq 443

route-map web permit 10
match ip address web
set ip next-hop yy.yy.yy.yy
!
route-map web permit 20

the routing is working fine, there is no packet drop of any kind. and the router is working as intended. the only issue is, the high utilization.

EDIT.

going through that document i found two things. first

1-

When configuring match criteria in a route map, follow these guidelines:

–Do not match ACLs with deny ACEs. Packets that match a deny ACE are sent to the CPU, which could cause high CPU utilization.(any acl will have a deny any any statement at the end, is that causing this issue?)

2- i have not enabled fast-swtiching PBR

Hello Sulaiman,

the suggested command is a good tool for software based routers, but your C3560 should be able to perform PBR with appropriate programming of the TCAM table.

the PBR rule does not appear to use statements that could cause process switching

Further actions can be:

a bug search for the name of the process

a search in troubleshooting notes for C3560

an attempt to use an older IOS image to see if behaviour changes

Edit:

the high cpu troubheshooting for C3750/C3560 :

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/troubleshooting/cpu_util.html

try to follow suggested steps to identify the causes of high cpu usage in your switch

Hope to help

Giuseppe