Cisco Switching/Routing :: Impact Of ACL On C6509 CPU Utilization?
Apr 4, 2012
We plan to implement a large number of ACL on our Distribution switch which is a HSRP pair of 6509C switches running on sup-bootflash:s72033-psv-mz.122-18.SXD3.bin WE need to divide the Network in three layers
unsecure layer
Proxy layer
Secure layer
We have approximately 250 vlans on the our distribution switches and plan to implement 15 ACL on different vlans Each ACL can contain upto 30 lines or less.
basic ACL example we will be applying on different vlan
vlan 200
ip access-group test123 in
My question is Can these ACL on a vlan can have a massive impact on the 6509 CPU ?
View 1 Replies
ADVERTISEMENT
Jan 13, 2013
I have a 2 cisco core (cisco WS-C6509-E (R7000) processor) and been working for quite sometime.they are conneted with HSRP with active standby config with a 10 g module for redundancy just today I see that the cpu utilization went to about 50% and its the same on both cores.
[Code] .......
View 5 Replies
View Related
Jul 26, 2012
Adding a vlan 820 to existing port channel trunk which currently allows many vlans. What is the best way to add vlan820 with least impact to network. Portchannels from 6513 core with IOS to Nexus 5k,Copy existing vlans, add 820 and paste under: switchport trunk allowed vlan 1,2,5,12,20,820
View 6 Replies
View Related
Mar 4, 2013
I am running HSRP on three 4506 switches..S1(active) S2( standby) and S3(listen)..S1 is active for all the vlansRight now, I wanted to make S3 active for two vlans: vlan 10 and 19What would be the impact to the end hosts?Also, can you tell me why the arp is not syncing for all the three devices? [code]
View 4 Replies
View Related
Apr 22, 2013
I have a query regarding the deletion and creation of one of my SVI interface on 6513 ,The reason behind it as follows.My traffic get to Internet in this manner
proxy(external int.)[IP:192.168.1.30] --> Gi0/9[6513 in VLAN 170] --> SVI VLAN 170[IP:192.168.1.10] --> Gi0/10[In VLAN 170] -->ASR[IP:192.168.1.20],I need to assign this VLAN ie 170 to my inside interface of firewall but it was mentioned in books like this "Assign the VLAN for the FWSM before it is applied to the MultilayerSwitch Feature Card (MSFC)." so I am thinking the following steps to assign VLAN 170 to firewall group first before creating SVI Interface for it
1.Remove all currently assign ie Gi 0/9 & Gi0/10 interfaces from this VLAN and then delete this VLAN.
2.Create the same SVI ie VLAN 170[IP:192.168.1.10] by this way the issue can be resolved.
As in part of my configuration PBR is define like this .
interface Vlan170
description "PUBLIC IP VLAN"
ip address 192.168.1.20. 255.255.255.0
ip policy route-map NAT
route-map NAT permit 10
match ip address 101
set ip next-hop 192.168.1.10
I need to clearify what impact it may have on PBR part if I delete and create the VLAN 170.Will the traffic move to the inside interface of FWSM.
View 0 Replies
View Related
Sep 13, 2012
I wanted to know if there is a way of upgrading the IOS on a stack of 6 - 8 3750's with minimal impact at reload. Is there a way to reload one member at a time?
View 3 Replies
View Related
Oct 14, 2012
We would like to install a WS-SVC-WISM2-1-K9 in each of our 2 WS-C6509-E chassis. Both of these have supervisor 720 engines installed. One in each chassis.From what I have read we need to upgrade the IOS to 12.2.33 SXJ4. Is this correct?If this is true then what are the memory requirements for the upgrade to this IOS version. Below is the output from Show version?Is there sufficient memory instqalled to do this install?
View 3 Replies
View Related
Mar 9, 2012
we plan to implement VSS on our datacenters (C6509/Sup720), in order to remove L2 loops (currently, access layer are C3750 stacks, which could evoluate for N5K/N2K). I would like to have some feedbacks about VSS stability. Some years ago, I have seen some bugs with this technology in another company, so I am still not totally comfortable to use it in the datacenter.
View 0 Replies
View Related
Feb 26, 2012
Last night, the C6509-E do a unexpected reload. In the crashinfo, I can see that the last error message before the reload, was as follows: %C6K_ PLATFORM-SP-2-PEER_RESET: SP is being reset by the RP
I consulted the cisco website about this error message and what I found was the following:C6K_PLATFORM-2.
View 1 Replies
View Related
Sep 26, 2012
what should it be the minimum IOS version that I require on my WS-C6509-E equipments to support "logging origin-id" command?
Cisco documentation says that this command was introduced in 12.2(15)T, and integrated into 12.2(33)SXH.
BUT my Cisco switches have 12.2(33)SXH5 IOS version......and they do not support "logging origin-id".
(config)#logging ? Hostname or A.B.C.D IP address of the logging host buffered Set buffered logging parameters buginf Enable buginf logging for debugging cns-events Set CNS Event logging level console Set console logging parameters count Count every log message and timestamp last occurance esm Set ESM filter restrictions event Global interface events exception Limit(code)
View 2 Replies
View Related
Apr 1, 2013
I operate between c6509-E, what did you flooding? its just packet capture gi1/3 but i dont know it and is it attack?also same seq no switch gots it?what is problem?
View 2 Replies
View Related
Mar 25, 2012
we have a WS-C6509-E WITH SUP VS-S720-10G, and IOS s72033-advipservicesk9_wan-mz.122-33.SXI5.bin. [code]
From, what we can see, whenever we try to clear arp-cache, it doesn't remove the IPs from the ARP. We've checked a bug in the IOS 12.2(33)SXH4 with the same issue, in version SXI4 is solved, but I have version SXI5, it is supposed to be fixed, from this caveat CSCtf16300, since it says it was fixed on 12.2(33)SXI4, it should be fixed on SXI5, right ?
View 2 Replies
View Related
Dec 22, 2011
Both regular IP traffic and ICMP traffic are passing through the source port. C6509 provides the option of filtering vlan traffic during monitoring. But I don't have vlan traffic.
qa-c6509-c(config)#monitor session 1 filter ? vlan SPAN filter VLAN
So I applied an access-list which only allows icmp traffic to be sent out of the monitoring port. But it does not work.
View 4 Replies
View Related
Nov 25, 2012
I have a C6509 with WS-X6548-GE-TX port module. The first port group, 1-8, is showing oversubscription (packets dropping) in the shared buffer. What interface commands can I use to find the specific port causing the buffer overflow?None of the ports is continuously overutilized and none of them in a SPAN destination group.I don't want to move connections without knowing which one is causing the problem. Also I fear that moving the connections may shift the bleeding to another shared port group.
View 2 Replies
View Related
Sep 9, 2009
I need those two stencils.I have checked here [URL] but:
- the one for the C6509-E is not there
- the one for the supervisor does not work properly (misaligned anchor points).
View 2 Replies
View Related
Oct 21, 2012
I have been looking at grading the IOS version on our 6509-E however there is not enough space on disk:0 to upgrade to the version I need to install. The question I would like to ask is - is it possible to boot the IOS from a TFTP server? If this is possible what configuration do I need on the 6509 to enable this. How does the 6509 know about the TFTP server as an IOS is not installed and therefore it will not have a network configuration
View 2 Replies
View Related
Jan 2, 2012
I have Cisco WS-C6509 with IOS version 12.2(18)I have several vlan interface on this device.Today I create new vlan intervace
interface Vlan165
description test5
ip address 10.10.10.1 255.255.255.252
end
and vlan:
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
165 test5 active Gi7/14
But I can't ping this IP address and show ip route shows:
sh ip route 10.10.10.1
Routing entry for 10.10.10.0/24
Known via "static", distance 254, metric 0 (connected)
I have static route for this subnet /24?I can not see any error in logs, but looks like I reached vlan interface limit on this device or something like this.How can I check it?
View 9 Replies
View Related
Sep 10, 2009
I am trying to figure out what is heat dissipation of a C6509-E configured as follows:
1 x WS-C6509-E-FAN
1 x VS-S720-10G-3C
1 x VS-F6K-PFC3C
8 x WS-X6748-GE-TX
8 x WS-F6700-DFC3C
2 x WS-CAC-6000W
I have tried two ways: 1) the power calculator and 2) manual calculation using the C6500 installation guide.
1) The power calculator says 13630 BTU/h
2) Manual calculation says: [code]
The there should be also the two PS in the picture, and the new total should be: [code] Well, 62711 BTU/h looks quite a bit too much and I think that the heat dissipation of the power supply should't be considered in the calculation.Isn't it an item that takes power from the grid and that generates heat according to its efficiency as the other modules?
View 2 Replies
View Related
Sep 19, 2012
Network newbie need to verify all necessary services and protocols on a new WS-C6509-E are turned on. This layer 3 switch will be used to connect to servers.
Cisco IOS Software, s72033_rp Software (s72033_rp-ADVIPSERVICESK9_WAN-M), Version 12.2(33)SXI9, RELEASE SOFTWARE (fc2)
[Code]....
View 6 Replies
View Related
Mar 20, 2012
We have two c6509 budled in VSS. I have noticed randomly high usage of CPU, sometimes up to 99% in peaks. I have found that it can be generated by SNMP engine. So I unconfigure all SNMP things. But situation is the same. I would like to know if this state is OK or not. CPU shows are enclosed in file.
View 1 Replies
View Related
Aug 8, 2012
We are facing issue of getting very high CPU utilization for the VSS Switch model WS-C6509-E some times approx 100%.Attaching here show tech-support taken later after CPU normal along with show logging, show cpu sorted.HCAINNOI01XXXCS0001#sh proces cpu | ex 0.0%CPU utilization for five seconds: 100%/13%; one minute: 90%; five minutes: 91%PID 5Sec 1Min 5Min Process16406 91.2% 75.2% 76.2% ios-base16426 1.7% 1.4% 1.4% udp.proc16429 0.3% 0.3% 0.3% raw_ip.proc16432 2.8% 3.1% 3.1% cdp2.iosproc
View 3 Replies
View Related
Nov 27, 2011
we have cisco WS-C6509-V-E with IOS version 12.2(33)SXI4; s3223_rp_IPSERVICESK9_WAN_M) running on a switch. I am trying to configure the command "mac-address-table synchronize" under global config mode. But when I enter the command Cisco(config)#mac-address-table ?It doesn't show the synchronize option?
View 3 Replies
View Related
Nov 14, 2012
I am trying to find a command for dhcp snooping rate-limiting on a CatOS. The PFC card is PFC. PFC3B is said to support that command. But there seems no this command.
-6k> (enable) sh ver
WS-C6509-E Software, Version NmpSW: 8.4(5)
Copyright (c) 1995-2005 by Cisco Systems
NMP S/W compiled on Aug 3 2005, 13:26:46
[Code] ......
Up time is 1183 days, 1 hour, 41 minutes
View 3 Replies
View Related
Jan 14, 2013
We are planning to replace a few line cards in the existing 6509-E chassis. The sup installed is a VS-S720-10G-3C but the line cards are legacy. As a result we are not able to enable the VSS functionality. We are looking to replace the existing line cards with the following:
1. 1 x WS-X6716-10G-3C
2. 1 x WS-X6724-SFP
3. 4 x WS-X6724-GE-TX
What are the requirements in terms of IOS and Roman.
The current IOS is: Cisco IOS Software, s72033_rp Software (s72033_rp-IPSERVICESK9_WAN-M), Version 12.2(33)SXI2a, RELEASE SOFTWARE (fc2)
And the ROM Version is: ROM: System Bootstrap, Version 12.2(17r)SX7, RELEASE SOFTWARE (fc1)
Do I need an upgrade?
View 3 Replies
View Related
Oct 17, 2012
I've a big problem with a loss of packets ICMP sent by different hosts in differents VLAN. Here my architecture:
Core Switch : 2 Switch's C6509 (Version 15.0 (1) SY1)- Mode VSS - One lien VSL , the other link is defective.Access Switch: C3750 , Connected to Core Switch through 2 fibre optique wires.Topology: redundant ring
When I send consecutive ping message I found always a missing of packets . Furthermore When I insert the "show ip traffic" command., the parameter "bad hop count" increase after a loss of packets. I've 2 hosts connected in my network and they send packets with TTL =127.
In the Core Switch I haven't configured the MEC because it gave me troubles with the packets multicast.
View 1 Replies
View Related
May 11, 2012
I have recently configured secondary ip address on LAN Interface of Cisco C6509.. We have some application which needs to use broadcast traffic communication to communicate with client... Broadcast is working within subnet & also working from broadcast server to primary subnet. But not working from secondary subnet.. I have checked broadcast within secondary IP range & it's working fine... Secondary not working broadcast with primary and also with broadcast server... broadcast address is different for these subnet but both should be communicate since configured on same interface... When I went through Cisco website found that command "ip directed broadcast" which will pass broadcast to different subnet... But I'm not sure whether any other impact if I enable that command on particular Ethernet interface...
View 6 Replies
View Related
Sep 20, 2012
I am seeing a strange situation on my 6500 switch?By having snmp walk on '1.3.6.1.4.1.9.9.109.1.1.1.1.3' (== cpmCPUTotal5sec), I came to know that there are two processor and the cpu util for switching processor is gone to 88 % and some time creeps to 99 %.
snmpwalk -v2c -c "removes" sw6500 '1.3.6.1.4.1.9.9.109.1.1.1.1.3'
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.1 = Gauge32: 12 (--- this is for CPU of Router Processor )
SNMPv2-SMI::enterprises.9.9.109.1.1.1.1.3.3 = Gauge32: 99 (--- this is for CPU of Switching Processor )
but when I do sh process cpu on the console, all looks normal as it shows cpu utilization of RP. why the value is so high on the switching processor ?
View 1 Replies
View Related
Dec 15, 2011
I am facing high CPU utilzation for cisco4507R,
sup:
WS-X4516-V
ios version:
cat4500-entservices-mz.122-54.SG.bin
!
show process cpu
CPU utilization for five seconds: 97%/1%; one minute: 97%; five minutes: 97%
[code]....
View 8 Replies
View Related
Apr 16, 2013
I'd like to know what is "masks" in the output of show platform tcam utilization. What does 784 mean? What effect has the number of mask in the amount of supported unicast direct routes?
I'm having trouble comparing the capacity of theese two switches, regarding unicast directly-connected routes. I know the second switch has cpu utilization issues and ip unicast failed routes over 4096 arp entries. What would be the case for the first one?
Switch 1:
CAM Utilization for ASIC# 0 Max Used
Masks/Values Masks/values
Unicast mac addresses: 784/6272 12/26
IPv4 IGMP groups + multicast routes: 144/1152 6/26
[Code]...
View 1 Replies
View Related
Mar 28, 2013
We have a Cisco 3845 router configured as a voice gateway with multi SIP trunks. But when it reachs 200 calls traffic, the CPU increase to 60-70% and caused by CCSIP_SPI_CONTROL process.
CPU utilization for five seconds: 46%/30%; one minute: 54%; five minutes: 58%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
377 400729448 171017979 2343 6.31% 10.71% 12.44% 0 CCSIP_SPI_CONTRO
[Code].....
View 2 Replies
View Related
Feb 20, 2013
i have two cisco 3750 in stack firts, master switch have all swports busy second have only 5 how can i see cpu utilizations of the second switch, and its reasonable to move somme devices from first switch to second for deacreases of cpu and memory utilisatio ns of the master? the stack tehnologies use both cpu as one? or its only for simple management ?
View 9 Replies
View Related
Jan 31, 2012
We are facing high CPU Utilization on Cisco 3750X-48P-L without any traffic on it. find the attached log files for 2 separate 3750's stack, we have upgraded the IOS of SW2 from "c3750e-universalk9-mz.122-55.SE3.bin" to "c3750e-universalk9-mz.122-55.SE4.bin" but still we found the same issue with CPU utilization.
View 4 Replies
View Related
Mar 30, 2011
we are using solarwinds as monitoring toll for all network devices..the solarwinds shows proper memory & cpu utilization for catalyst 3750 switches but shows hogh cpu/memory utilization values for 6509-vss...when we log into vss via cli the util & memory values are normal but same are very high on solarwinds..i have checked the solarwinds site also and fond that there was issue for 6509 related to high cpu in relase before 9.2 and 9.2 release of solarwind has resolved this issue..is anything to be checked on 6509 or as such any known bug in this regard for 6509-vss i am using software s72033-ADVIPSERVICESK9_WAN-VZ.122-33.SXI4A on my vss.
View 9 Replies
View Related