Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
744
Views
0
Helpful
4
Replies

MLS x CEF in switch 6500

Christian Jorge
Level 1
Level 1

‎06-02-2014 07:37 PM - edited ‎03-07-2019 07:36 PM

Good afternoon gentlemen

 

Even searching some articles regarding MLS configuration and CEF configuration, both concepts are still not clear for me.

We have a 6509E switch with supervisor 720, with submodules PFC3B and MSFC3. IOS is 12.2(33)SXJ7.

Sometimes we face some high CPU usage due to IP Input and SNMP process and issuing "show run".

CEF is enable globally ("ip cef distributed") and for each interface VLAN ("ip route-cache cef")

MLS is enabled for QOS ("mls qos") for configuring policy-maps for policing traffic input and output in interface vlans. Configured "mls qos vlan-based" in physical interfaces associated to those VLANs.

There's a access-list applied in line vty with an ending deny and logging lots of attempts not allowed in switch.

 

 

Each interface VLAN has the following remaining configuration:

no mls ip
no mls switching unicast

 

Some remaining configuration I found in switch:

no mls ipv6 acl pbr svi hardware
no mls acl tcam override dynamic dhcp-snooping
no mls acl tcam override dynamic dai
no mls acl tcam share-acl
no mls acl tcam share-global
mls netflow interface
mls cef error action reset

 

Questions:

 

1 - Is there any tuning or best practices I could perform in switch configuration regarding mls and cef?

 

2 - What's the difference regarding "mls cef" and "ip cef" for comand "show" for troubleshooting?

 

Regards

 

Christian

 

1 person had this problem
Labels:
0 Helpful
4 Replies 4

Hitesh Vinzoda
Level 4
Level 4

‎06-04-2014 06:00 AM

Hi there,

 

I remember when i faced the same problem on 6500 related to snmp and TAC advised me to upgrade the IOS.

Better to check with TAC for any bugs.

 

HTH

Hitesh

0 Helpful

Christian Jorge
Level 1
Level 1
In response to Hitesh Vinzoda

‎06-05-2014 06:32 AM

Interesting that I have just upgraded the IOS to the last version 12 release.

I think that for the reason that we are facing high CPU usage for "IP Input" process, something related to mls/cef is not tunned.

Anyone has any idea regarding the configuration presented?

Regards

 

Christian

0 Helpful

Rajeev Sharma
Cisco Employee
Cisco Employee
In response to Christian Jorge

‎06-06-2014 01:12 PM

Hi Christian,

Some insight for traffic qualified as IP Input:

http://www.cisco.com/c/en/us/support/docs/routers/7500-series-routers/41160-highcpu-ip-input.html

HTH.

Regards,
RS

0 Helpful

Christian Jorge
Level 1
Level 1
In response to Rajeev Sharma

‎06-10-2014 01:07 PM

Though I've already configured CEF globally and by interface vlan, when I enable "mls ip" and "mls switching unicast" in those interface VLANs, CPU has decreased from above 70% to 20%.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card