High CPU utilization with Processes Dot1x and Auth Manager (C6880)

Sindbart · ‎10-10-2022

Hello everyone,

we are having issues with a Catalyst 6880-X-LE switch which constantly shows a CPU usage of over 90% in idle, during business hours the switch is crashing. The software installed is 15.5.(1)SY8.

The command "show proc cpu sorted" tells us that the highest utilization comes from the processes Dot1x Auth and Auth Manager:

The command "show proc cpu history" shows that the CPU usage is constantly high:

We have rebooted the system multiple times without any success. In the logs we didn't see failed authentication attempts by clients, turning off the uplink interfaces (to prevent Dot1X load from clients) didn't reduce the CPU utilization.

Does someone have an idea how to further troubleshoot on this? Cisco TAC is opened but we are still waiting for a solution.

Best regards

MHM Cisco World · ‎10-11-2022

authentication timer reauthenticate

if the Dot1x is not face any problem then only make reauth timer longer to not make SW reauth the host in short period and put high load in SW CPU.

andrewswanson · ‎10-11-2022

Does the switch crash generate crashinfo logs? If so, you can use CLI Analyzer to check for know bugs - I'm sure TAC have done this already.

Are you seeing any "%AUTHMGR-5-SECURITY_VIOLATION" syslog messages on the 6880?

I recently ran into an issue on some WS-C3650-48PD stacks running 16.9.4 where this syslog was generated a number of times prior to the stacks crashing with high cpu.

CLI Analyzer didn't help, but I traced this to switchports configured to "restrict" in the event of a 802.1x/mab violation:

event violation match-all
10 class always do-all
10 restrict

Changed this to "protect", which doesn't generate the syslog - couldn't find a bug matching this.

hth
Andy