Log

Robo123 · ‎02-28-2018

Martin Carr · ‎02-28-2018

Packet matching that statement with the "log" keyword are process switched, which will result in high CPU utilization.

Martin

Robo123 · ‎03-04-2018

Deepak Kumar · ‎03-04-2018

Hi,

Log keyword may increase the CPU uses. If it not necessary then remove the log keyword otherwise you have to configure a rate limit on the access list. You can use following commands for the same:

ip access-list logging interval

logging rate-limit

The logging rate-limit command was introduced in IOS 12.1(3)T.

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

Georg Pauwen · ‎03-04-2018

Hello,

on a side note, what platform is this on ? Post the output of 'show ver'.

Your ACL denies every IP packet, what are you trying to accomplish ? Depending on the amount of traffic, and with everything likely to be process switched, as Martin mentioned, CPU usage can spike.

Robo123 · ‎03-05-2018

Joseph W. Doherty · ‎03-05-2018

As the other posters have noted, the "log" option is the issue. You either need to do without it, rate limit such logging, or perhaps have earlier deny statements that catch traffic before the statement with the log.

For an example of the latter, if you knew you wanted there was a lot of FTP traffic that would be denied by this ACL, you could:
access-list 114 deny tcp any any equal ftp
access-list 115 deny ip any any log