06-02-2014 07:37 PM - edited 03-07-2019 07:36 PM
Good afternoon gentlemen
Even searching some articles regarding MLS configuration and CEF configuration, both concepts are still not clear for me.
We have a 6509E switch with supervisor 720, with submodules PFC3B and MSFC3. IOS is 12.2(33)SXJ7.
Sometimes we face some high CPU usage due to IP Input and SNMP process and issuing "show run".
CEF is enable globally ("ip cef distributed") and for each interface VLAN ("ip route-cache cef")
MLS is enabled for QOS ("mls qos") for configuring policy-maps for policing traffic input and output in interface vlans. Configured "mls qos vlan-based" in physical interfaces associated to those VLANs.
There's a access-list applied in line vty with an ending deny and logging lots of attempts not allowed in switch.
Each interface VLAN has the following remaining configuration:
no mls ip
no mls switching unicast
Some remaining configuration I found in switch:
no mls ipv6 acl pbr svi hardware
no mls acl tcam override dynamic dhcp-snooping
no mls acl tcam override dynamic dai
no mls acl tcam share-acl
no mls acl tcam share-global
mls netflow interface
mls cef error action reset
Questions:
1 - Is there any tuning or best practices I could perform in switch configuration regarding mls and cef?
2 - What's the difference regarding "mls cef" and "ip cef" for comand "show" for troubleshooting?
Regards
Christian
06-04-2014 06:00 AM
Hi there,
I remember when i faced the same problem on 6500 related to snmp and TAC advised me to upgrade the IOS.
Better to check with TAC for any bugs.
HTH
Hitesh
06-05-2014 06:32 AM
Interesting that I have just upgraded the IOS to the last version 12 release.
I think that for the reason that we are facing high CPU usage for "IP Input" process, something related to mls/cef is not tunned.
Anyone has any idea regarding the configuration presented?
Regards
Christian
06-06-2014 01:12 PM
Hi Christian,
Some insight for traffic qualified as IP Input:
http://www.cisco.com/c/en/us/support/docs/routers/7500-series-routers/41160-highcpu-ip-input.html
HTH.
Regards,
RS
06-10-2014 01:07 PM
Though I've already configured CEF globally and by interface vlan, when I enable "mls ip" and "mls switching unicast" in those interface VLANs, CPU has decreased from above 70% to 20%.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide