I've noticed a strange behaviour in my 2960s regarded to CPU.
CPU level is very high, 70-75% when nobody is logged by vty or console, but it drops drastically to 40% when sombebody logs in. I've been able to discover that this is due to CPU interrupt level, as it shows the output of sh process cpu sort 5sec, just logged in.
RH0A01-SW1-10G#sh proces cpu sorted 5sec
CPU utilization for five seconds: 68%/37%; one minute: 67%; five minutes: 50%
...Some seconds after logged in...
RH0A01-SW1-10G#sh proces cpu sorted 5sec
CPU utilization for five seconds: 35%/11%; one minute: 52%; five minutes: 48%
The switches see very few traffic (under 40MB on all interfaces, summed, so far), however, I/O memory utilization is about 80% as can be seen from the show memory command:
The memory allocated is almost all Packet Data, by init, "sho memory io dead" returns zero, the memory usage seems constant, there are no errors on the log, the switches operate correctly, no packet has ever been dropped, CPU usage is about 4%.
Here I showed info for one switch, the other is in the same situation. I just want to know if this behavior is expected, I don't want to find out problems when the switches will be in production whit real traffic.
I have quite a few 2960's in a manufacturing environment that are experiencing a large number of Total Output Drops. The gigabit uplinks arn't even close to fully subscribed and if I'm lucky they run at a peak of 4 - 5 Mb on a 1Gb uplink. Something really funky is going on. The individual switchports seem to have the total output drops and the uplinks at 1Gb do not have any output drops and never peak above 20Mb over a 3 month span on a 1Gb link.
I am a new network engineer on a retail company and I am having a problem on the High utilization of my 3-stack switch 2960 only during Peak Hours of the Store Sales.
Note: on Peak hours, it is peaking at 90-95 % here is the utilization after Peak hours: 4444333334444433333333333333333333333333333333333333333333
I'm having issue with one stubborn process that is consuming nearly all the CPU on all of my switches. I tried googling it, but had no luck. The process is "hulc nrgyz PD di"
I noticed on the 2960 switches we have deployed that are running the latest IOS, 12.2(58)SE2, memory utilization is really high (almost 80 percent). I have not noticed any side effects but I wanted to verify this is acceptable. My question is does the high memory utilization matter? I see this may be related to bug CSCtw83946 but no resolution is mentioned.
I did some testing various IOS revisions and below is what I have found using a WS-C2960-48TC-L with default configuration and only my laptop connected to a switchport in vlan1. You will notice memory utilization will grows with each version but jumps drastically with 58. One difference with 58 I needed to use a different command to retrieve memory utilization. The output was gathered by pasting the output of the show command into the Cisco Output Interpreter on their website.
IOS Show Command Output c2960-lanbasek9-mz.122-35.SE5.bin show memory [Code]....
In my network we use all cisco 2960 switches, problem is when someone copying 4gb data or high from one switch to another switch, by that time rto (Request time out) is coming.
router | | |
[Code]....
1. when user 1 copy data from server ,at that time who is in switch2 behind like user2 ,he is getting problem like when ping to default-gateway,or rto is coming and network is very slow .
2. when i open sw2,sw1,sw3,trunk ports utilization is very high except sw4 to sw1 trunk ports,who behind sw4 like user4 ,he is not getting problem.
3.all switches trunkport in my network is faster ethernet and i have no option to connect trunkport to gigaehternet and ethernet channel.
I just bought the Dir-655 with 2.00 firmware. I am having trouble with my NAT on my game system and I have tried everything but I have everything setup on my router where it needs to be. I read somewhere, where a guy was having my same trouble and he upgraded his firmware to 2.03na. I have tried with no success whatsoever.
Downloading the file from the d-link website with no problems. But i keep getting the same message when i try to upgrade the router saying the file may be corrupt, the router is to busy, or I am not logged in as an Admin. I am the only one using the internet and I am logged into my router as the admin. it wont even start uploading the firmware to my router..
After some time no using Cisco ACS5.1, I still don't know how I can see all logged in users. I can see logging and check why an log in goes wrong, but in ACS 3.2 I just clicked on Reports and Activity and I could choose to see logged in users, or failed attempts, etc.
I was having users on a Cisco WLC 440x controllers. Some service accounts were logged several time with the same AD-Account.Since I migrated them on the new controller (5508), it seems that we cannot have the same AD user logged several time.
I changed the Radius server with the one we were using on the old 440x but situation seems to be same,I checked the error message when trying to start a second similar connection they looks like :
*Dot1x_NW_MsgTask_4: Aug 24 14:04:51.558: %DOT1X-3-MAX_EAP_RETRIES: 1x_auth_pae.c:3062 Max EAP identity request retries (3) exceeded for client xxxxxxxxxxx *Dot1x_NW_MsgTask_4: Aug 24 14:04:51.558: %DOT1X-3-ABORT_AUTH: 1x_bauth_sm.c:447 Authentication aborted for client xxxxxxxxxxx
If I move back to the other 440x similar logins are allowed without any problems.
I have a DIR-655. Whenever I log into the router to review settings, I get kicked back to the login screen. I can't get to any of the menus. I'm running the A3 hardware version and 1.35 firmware on the router. I recently upgraded my computer from Vista 64-bit to Windows 7 64-bit. The problem occurs with Microsoft and Firefox browsers. I was able to access the router using another machine on my home network running Vista 32-bit
Is it possible to see device information for equipmnet that is logged into the AP541N access point? I was able to determine a specific IP address was eating a significant amount of bandwidth and was hoping to get the device information (name, type, etc) in the hopes of tracking down who it was.
What I got is a 5505 ASA firewall and I'm connected to it via VPN. I'm pulling an 192.168.169.x address because that's what we set their company's internet LAN to. Which is what we want. What I can't do while I'm VPN'd in is ping from the internet network to the DMZ, and the same when I try and ping from the DMZ to the internal network.
The DMZ is on a 196.0.0.x network.The internet network is 192.168.169.x network.
I don't need them to have internet access on the DMZ I just want to be able to access it from the internal network. What is going on is we need them to be able to VPN into the DMZ and access their equipment. At this point it would just make me happy to be able to ping from the internal network to the DMZ and I can figure it out from there I've setup rules and applied them and when I wasn't having success I referred back to defaults. Right now the rules are set at default, any thing in and anything out, on both internal and DMZ. I'm using a VPN client and going through Cisco ASDM Launcher to setup the rules and static routes, I haven't done anything with the command line. All the research I've done everyone does it command line, I find it easier to do it GUI. This is my first time working with an ASA firewall.
Today I've received reports of slow internet access/activity and have noticed myself that it seems a bit slow today. On the dashboard of our asa 5510 the "outside interface" traffic usage is running constantly high. It's at the top of the graph. How can I tell what is causing the spike in utilization. It usually runs at about 1500-2000 Kbps, and now it's up over 10,000.
After upgrade to ACS 5.2 appliance , we are trying to configure AAA between Ciscoworks and ACS. Authentication is working but authorization fails , logged user cannot access to admin parameters. I've configured attributes manually but it doesn't work.Does ACS 5.2 support integration with CiscoWorks?
I have a rule which permits traffic to a web server and logging is enabled. But when I go to syslog I am only seeing traffic which has been denied. What needs to change to be able to see the logged traffic on permit rules?
I have been testing WiFi devices such as the iPhones and iPads connectivity with the following setup:
1. 3502i AP 2. WLC 5508 SW 7.0.98 3. NGS
The i-devices have iOS v4.2
My goal is to have the guest user i-devices maintain the credentials (username and password) when they login again to the wireless network. Like if the device sleep, I think definitely they would loose those IP address issued by the DHCP. Once the guest user uses them again and connect them to the wireless network the user would not need to type-in those credentials on the Web Authentication page directed by the WLC.
The credentials are issued by the sponsor who created them on the NGS. It seems that there are WiFi problems with these i-devices. But somehow, I'm looking for a solution that would automated the logins like a checkbox if you want to be kept signed in, on Yahoo or Stay signed in for GMail.
We installed a solution with 2 Cisco 2801, BGP multihomed failover.
1) The router which is currently getting all the traffic gets to 55% to 60% of CPU usage when handling 40 SIP/RTP streams . This equals 10Mbit up/10Mbit down and it showed around 5800 packets TX and around 5800 packets RX, with a majority of them CEF switched. As those figures are way less than the performance figures published by Cisco, we wonder if we made any mistake in setting up our router, or if we can do something to improve the router setup.
2) Does it have an impact on router performance if we increase/decrease RTP packet size, thus increasing or decreasing the pps relative to the consumed bandwidth?
3) If it is not possible to improve router configuration, we also wonder about possible replacement units for those routers. Would a 2901 do a good job? By how much would it rise the capacity? What other models would you recommend if we plan to rise the number of concurrent calls by a factor of 4 or even 8 times of what we have now (so up to 48000 pps and 80Mbit).
Here is what we tried:
- ip route-cache same-interface does not seem to improve anything
- ip flow ingress on or off makes no difference
- disabling the inbound ACL on fa0/0 seems to reduce load by 10%, although I don't understand why - a very high percentage is CPU interrupts, and ACLs are process switched, or not?
- we tried following the Cisco guide for high CPU due to high interrupts, with no success
Here are some usage statistics:
The graphs that we plot via SNMP show a propotional growth/increase of CPU and bandwidth (and thus pps) At the highest loads, we had a bit more than 55% CPU utilization with more than 50% interrupt CPU.
CPU utilization for five seconds: 36%/30%; one minute: 30%; five minutes: 30% PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process 127 13140 954 13773 2.00% 0.29% 0.07% 194 SSH Process
how to find the current logged on user on a domain network? I tried nbtscan but it gives me ip address, machine name and mac address. In the server column it gives <server> and in the user name column it give <unknown>.
I have a Cisco 4402-25 WLC with the below information that is having an interesting issue. When you log into the GUI interface with the local account and click on WIRELESS, then choose a accesspoint it brings up a menu where you have three buttons below for the following options (Hardware Reset - Reset AP Now), (Set to Factory Defaults - Clear All Config), and (Set to Factory Defaults - Clear Config Except Static IP). The problem I am having is we access all of our WLC's using Radius and when you enter your AD username and password and go to bounce a access point the GUI interface is missing the buttons, they however appear fine when logged in with the local account.
System Information Manufacturer's Name.............................. Cisco Systems Inc. Product Name..................................... Cisco Controller Product Version.................................. 7.0.220.0 RTOS Version..................................... 7.0.220.0 Bootloader Version............................... 4.0.206.0 Emergency Image Version.......................... 5.2.157.0
I have configured PPTP Server on RV042, and created 3 accounts. I am able to connect from Windows PC without any problems.
In the router's logging utility, there doesn't appear to be any log entries indicating either successful or failed attempts to connect to PPTP server. The only access logs I see are for access to the router's configuration utility. Is there a way to view PPTP access in the router system log?
I have a D-Link 655 router. When I access it through my browser, and say I go to the advanced tab, most of the time when I click on any link in any settings it automatically brings me back to the 'login' screen. Once I log in again, then it takes me back to the status screen. For instance, I just logged on. Then I went to click on the 'tools' tab. I do, and it takes me back to 'login' I do, and then back to status.
Also, I have hardware version B1 and Firmware version 2.00NA I see downloads for firmware 2.01NA and 2.03NA under support resources. But my router says my firmware is up to date at 2.00NA. Should I be updating the firmware as it shows on the website?
I have a Cisco ACS 5.1 virtual appliance which has been working fine, I have however just discovered that it is now unable to provide me with any logs. TACACS authentication is still working without any issues, the only problem I have is viewing the logs.
We are facing issue with one of the module installed on cico 4506 swicth. All of a sudden cisco phones connected to that module went down and the messages logged on the console. [code]
I have an existing stack of 4 x 2960-S switches connected by stack cables.I would like to add another 2960-S switch to the stack but am unable to as the 2960-S will only allow 4 x 2960-S switches per stack.how I would add the 5th 2960-S switch to the existing stack of 4 x 2960-S switches.
I have a 24 port 2960-S that is not communicating with a 2960-LST that it is directly connected to over fiber. The link is up on the LST but will not come up on the -S. What command should I use to bring up this link? I have tried no shut from the (Config-if)# prompt.
