03-25-2009 09:01 AM - edited 03-06-2019 04:48 AM
Hi,
Thnaks for prompt responses yesterday.
I am currently having an issue on the network, i have a Cisco 3560 switch connected to two 4507Rs. the two 4507R are connected such that one is active and the other is standby using HSRP for all vlans. the following logs keep on appearing and the CPU on my 4507Rs are at 90%.
3w6d: SB10: Vl203 Allow proxy ARP, src 172.16.251.224 tgt 172.16.8.186 mac 0000.0c07.ac0a
Is the above message ok or could this be the reason for the high CPU process on the 4507
Br
03-25-2009 10:34 AM
Hello Obiora,
please disable proxy ARP with
int vlan 203
no ip proxy-arp
on both 4507R they are answering to ARP requests with the HSRP well known mac address mac 0000.0c07.ac0a (last a=group 10) to whatever IP address.
I suppose 172.16.8.186 is not an HSRP VIP and it is in another subnet because source address is 172.16.251.224.
This can have an impact on cpu usage
to see the processes that use more cpu do:
sh proc cpu sorted 1min
clients have to use the HSRP VIP as their default gateway.
This way they do a single ARP request for all ip addresses out of their own IP subnet
Hope to help
Giuseppe
03-25-2009 10:43 AM
Giuseppe:
I wouldn't recommend telling the OP to disable proxy ARP without first investigating why its on. It may be on for a reason, even though that reason may be simply to act as a band-aid to fix a network misconfiguration in the subnet masks or default gateway information.
Whatever the reason, it may be the only thing holding his network together right now.
Victor
03-25-2009 10:41 AM
Br:
The above message is "OK" if you want to have proxy arp enabled on your 4507 switches.
Is this causing the high CPU utilization? We would have to investigate further by, say, running the "show proc cpu" command to see which process(es) is/are monopolizing the CPU.
Before you disable proxy arp, you need to make sure that it can be done without disrupting communication on your network. I believe Cisco IOS has proxy ARP enabled by default (it may depend on platform and IOS version, not sure).
HTH
Victor
03-25-2009 11:32 AM
BR,
You may have to investigate why CPU got high. I'm not sure why you got this error. If I was in 172.16.251.X then I have to use the default gateway to get 172.16.8.X.
Let's take a look at 172.16.251.224. Is he/she using mask 255.255.0.0? If yes,I would do ARP for 172.16.8.186. (grin)
HTH,
Toshi
03-25-2009 11:40 AM
Hello Victor,
you are right it is better to see what is using the cpu with sh proc cpu sorted 1min and to find all devices that are relying on proxy-arp.
However, unless he/she is using a single /16 subnet this shouldn't be an arp response that should be sent if proxy-arp is disabled.
A /16 subnet would be a nightmare just only with standard ARP.
Note2:
the message clearly states the request is processed because proxy arp is enabled so my guess is that destination address is in a different vlan
note:
the original poster has probably used Br to stand for Best Regards if you access his/her profile you can see his/her name
Hope to help
Giuseppe
03-25-2009 11:44 AM
G-money:
I can dig where you're coming from, and we do have to make certain assumptions sometimes to be able to help people, but I honestly wouldnt receommend to anyone that they make changes to their production network given the fact that the only thing I know about their network is what they have told me in a few sentences. Maybe that's just me :-)
I thought Br meant "brutha" ;-)
03-25-2009 11:45 AM
Giuseppe,
Actually I always love to see what his/her name is. But this time I followed what Victor did. heheh..
We are here to help. We can have different opinions though! (grin)
You guys are doing good jobs!
To Obiora, How are you doing?
Toshi
03-25-2009 02:51 PM
Hello Toshi,
actually Victor is right: it is better to wait a moment before suggesting something that can cause loss of connectivity to one or many users/servers!
sometimes I'm too fast in answering I admit this
I made a note about something without any real impact (the name)
I like too to see names at first I was not able then I discovered.
Best Regards
Giuseppe
03-25-2009 02:38 PM
Thanks a million Guys!!!
Its quite interesting that after a restart of the two 4507Rs, the network seems to stablize.
Please find attached some Show output commands before the restart of the boxes.
Please find attached some more information,I guess this might be helpful to finding the root cause of the problem
thanks guys!!
Best Regards,
Obiora
03-25-2009 02:55 PM
Hello Obiora,
a bridging loop that you solved by shutting g3/6.
well done.
Thanks for your feedback
Best Regards
Giuseppe
03-25-2009 03:03 PM
thanks Guiseppe,
Feel really good!!
By the way, will be waiting for your opinion on the show output i just sent
obiora
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide