BGP - Leaking more specific routes

BGP - auto-summary best practices

STP - Multiple Spanning Tree (MST)


High CPU usage on a Cisco [switch](/switching) can be caused by several factors including:

1. Large [MAC address table](/mac-address-table) - The MAC address table takes up [memory](/memory-cam-and-tcam), and if it gets too large, it can use excessive amounts of memory. This will typically indicate a MAC flooding attack where a large number of [spoofing](/security-spoofing) [MAC address](/mac-address)s are sent to the switch causing the MAC address table to overflow.
2. Excessive logging - Check to see if you have any [ACL](/acl) logging or debugs set up, and check what the size of the local logging buffer is, and what [event severity levels](/syslog-severity-levels) are being logged . If it is too large, you may be overflowing the memory.
3. Malware or DDoS attacks - These may also cause high memory usage. In this case you should use network security tools to identify and block malicious traffic. One quick and dirty solution is to implement ACLs that will allow only acceptable traffic.
4. [Routing Table](/routing-table) - If your switch is a Layer 3 switch, a very large routing table will also cause high memory usage.
5. Large [ARP](/arp) tables - ARP tables are another construct that switches use, and if these get too large, this is another source of high memory usage. Unusually large ARP tables may be a result of APR spoofing attacks and should be investigated.

These are just some of the causes of high memory usage and are by no means exhaustive. However, to resolve such issues, you must monitor the memory usage on the switch. This can be done by using certain CLI commands that show the status of the memory and how it is being utilized.

- Check Memory Statistics:
    - Use the `show memory` command to display detailed statistics about memory usage.
    - Use the `show processes memory` command to display memory usage for each process
    - Use the `show processes memory sorted` command to display the memory usage of all processes, sorted by the amount of memory used running on the switch.
- Check Buffer Statistics:
    - Use the `show buffers` command to display buffer statistics. Buffers are used by the switch to temporarily store data packets.
- Check I/O Memory:
    - Use the `show memory io` command to display the I/O memory statistics.

Links:

https://forum.networklessons.com/t/cisco-campus-network-design-basics/1162/115?u=lagapides

Troubleshooting high CPU and memory usage on a switch

Switching - Media Access Control (MAC) addresses

Switching - Process switching

Switching - backplane

Switching - cut through

Switching - fast switching

Switching - show cable-diagnostics

Switching - store and forward

Switching - switch fabric

Switching - switched virtual interface (SVI)

Switching - switchport autostate command

Switching

Switchport - IEEE 802.1q

Switchport - ISL

Switchport access

Switchport modes

Switchport trunk configuration ignores access commands

Switchport trunk encapsulation

Switchport trunk

Symmetric Digital Subscriber Line (SDSL)

Syslog - terminal monitor

Syslog relay or proxy

Syslog severity levels

TCP - Congestion control

TCP - Header

TCP - SEQ and ACK values

TCP - Slow start

TCP - Three-way handshake

TCP - Urgent pointer field

TCP - Window Size Scaling

TCP - factors affecting segment size

TCP - role of checksum field

TCP MSS and window size

TCP RST flag

TCP SYN timeout

TCP header options

TCP phantom byte

TCP-IP model

TFTP

Tcl Shell

Telnet

Time to live

Traceroute - Interpreting output

Traceroute asterisk and !H responses

Traceroute

Transparent Cisco IOS Firewall use cases

Transport Layer port number

Troubleshooting - using Telnet to test transport layer ports

Troubleshooting a slow network

UDP - Header

UDP - Maximum Datagram Size

Unicast Reverse Path Forwarding (uRPF)

Unicast traffic

Unknown unicast traffic

Upgrade your R&S skills to modern networking

VACL - Changes to ACL are active immediately

VLAN - Extended Range

VLAN - Native VLAN best practices

VLAN - Native VLAN on a router on a stick

VLAN - Private VLAN

VLAN - VLAN IDs 0 and 4095

VLAN Access Lists

VLAN Mapping

VLAN SVI status

VLAN Tag

VLAN control frames

VLAN

VLANs - 802.1Q tunneling (QinQ)

VLANs - Dynamic VLAN membership (VMPS)

VLANs - QinQ and CDP

VLANs - Vlans allowed and active in management domain

VLANs - when a tagged frame arrives on an access port

VLANs SVI

VPN - IKEv2 peer address of 0.0.0.0 0.0.0.0

VPN - crypto keepalive

VPN - default gateway for site to site VPN

VPN - default gateway of VPN client

VPN - split tunneling

VPN DVTI tunnel source

VRF - Definition mode

VRF - VPNv4 address

VRF capability vrf-lite command

VRF lite route leaking

VRF sharing across multiple routers

VRF use cases

VRRP - Virtual IP doesn't respond to pings

VRRP - load balancing

VRRP - support for authentication

VRRP - using the same ID on different interfaces

VRRP - using the same ID on subinterfaces

VRRP on sub-interfaces

VTP - Client can't modify VLANs

VTP - Multiple Servers with VTP version 2

VTP - Per interface configuration

VTP - Revision Numbers on transparent switch

VTP - Versions

Troubleshooting high CPU and memory usage on a switch

Links to this page: