|
|
|
|
11-20-2003, 06:02 PM
|
#1 |
2620 CPU usage at -1%
Using a tool that polls using SNMP to our 2620 running 12.3.1a with IPFW I've
always been able to pull CPU usage from the router. I can still pull bandwidth from it, but when I try to pull CPU usage I get -1%, and while I'd love to believe this router is that powerful, I'd be wrong. This all started after we converted from a std setup to NAT. The NAT config is as follows (some stuff obviously changed). Is there something here that would allow my accessing bandwidth usage but not CPU usage? Thanks.... Brian ! service timestamps debug uptime service timestamps log uptime service password-encryption no service tcp-small-servers no service udp-small-servers ! hostname Cisco2620 ! enable password XXXXXX ! clock timezone EST -5 clock summer-time EST recurring ! ip source-route ! ip subnet-zero no ip domain-lookup ip routing ! ! Context-Based Access Control ! no ip inspect audit-trail ip inspect tcp synwait-time 30 ip inspect tcp finwait-time 5 ip inspect tcp idle-time 3600 ip inspect udp idle-time 30 ip inspect dns-timeout 5 ip inspect one-minute low 900 ip inspect one-minute high 1100 ip inspect max-incomplete low 900 ip inspect max-incomplete high 1100 ip inspect tcp max-incomplete host 50 block-time 0 ! ! IP inspect FastEthernet_0_0 ! no ip inspect name FastEthernet_0_0 ip inspect name FastEthernet_0_0 tcp ip inspect name FastEthernet_0_0 udp ip inspect name FastEthernet_0_0 cuseeme ip inspect name FastEthernet_0_0 ftp ip inspect name FastEthernet_0_0 h323 ip inspect name FastEthernet_0_0 rcmd ip inspect name FastEthernet_0_0 realaudio ip inspect name FastEthernet_0_0 smtp ip inspect name FastEthernet_0_0 streamworks ip inspect name FastEthernet_0_0 vdolive ip inspect name FastEthernet_0_0 sqlnet ip inspect name FastEthernet_0_0 tftp ! ! IP inspect Serial_0_0 ! no ip inspect name Serial_0_0 ip inspect name Serial_0_0 tcp ip inspect name Serial_0_0 udp ip inspect name Serial_0_0 smtp ! interface FastEthernet 0/0 no shutdown description connected to EthernetLAN ip address 192.168.0.45 255.255.255.0 ip nat inside ip inspect FastEthernet_0_0 in ip access-group 100 in keepalive 10 speed 100 full-duplex ! interface Serial 0/0 no shutdown description connected to Internet service-module t1 clock source line service-module t1 data-coding normal service-module t1 remote-loopback full service-module t1 framing esf service-module t1 linecode b8zs service-module t1 lbo none service-module t1 remote-alarm-enable ip address a.b.c.123 255.255.255.252 ip nat outside ip inspect Serial_0_0 in ip access-group 101 in encapsulation hdlc ! interface Serial0/1 no ip address shutdown ! logging trap informational logging 192.168.0.8 ! ! Access Control List 1 ! no access-list 1 access-list 1 permit 192.168.0.0 0.0.0.255 ! ! Access Control List 100 ! no access-list 100 access-list 100 permit ip any any ! ! Access Control List 101 ! no access-list 101 access-list 101 deny ip host 1.2.3.2 any log access-list 101 deny ip host 1.2.3.37 any log access-list 101 deny ip host 1.2.3.6 any log access-list 101 deny ip host 1.2.3.12 any log access-list 101 deny ip host 1.2.3.3 any log access-list 101 deny ip host 1.2.3.36 any log access-list 101 deny ip host 1.2.3.26 any log access-list 101 permit udp any host 1.2.3.2 eq domain log access-list 101 permit tcp any host 1.2.3.2 eq domain log access-list 101 deny ip any host 1.2.3.2 log access-list 101 permit tcp any host 1.2.3.3 eq 3389 log access-list 101 permit tcp any host 1.2.3.3 eq 443 log access-list 101 permit udp any host 1.2.3.3 eq domain log access-list 101 permit tcp any host 1.2.3.3 eq domain log access-list 101 deny ip any host 1.2.3.3 log access-list 101 permit tcp any host 1.2.3.36 eq 3389 log access-list 101 permit tcp any host 1.2.3.36 eq www log access-list 101 deny ip any host 1.2.3.36 log access-list 101 permit gre any any access-list 101 permit tcp any host 1.2.3.37 eq 1723 log access-list 101 deny ip any host 1.2.3.37 log access-list 101 permit tcp any host 1.2.3.6 eq www log access-list 101 deny ip any host 1.2.3.6 log access-list 101 permit tcp any host 1.2.3.12 eq smtp log access-list 101 deny ip any host 1.2.3.12 log access-list 101 permit icmp any any echo-reply log access-list 101 permit icmp any any time-exceeded log access-list 101 permit icmp any any port-unreachable log access-list 101 permit tcp any host 1.2.3.26 eq www log access-list 101 permit tcp any host 1.2.3.26 eq 443 log access-list 101 deny ip any host 1.2.3.26 log ! ! Static NAT ! ip nat inside source static 192.168.0.3 1.2.3.2 ip nat inside source static 192.168.0.3 1.2.3.3 ip nat inside source static 192.168.0.36 1.2.3.36 ip nat inside source static 192.168.0.6 1.2.3.6 ip nat inside source static 192.168.0.12 1.2.3.12 ip nat inside source static 192.168.0.37 1.2.3.37 ip nat inside source static 192.168.0.26 1.2.3.26 ! ! Dynamic NAT ! ip nat translation timeout 86400 ip nat translation tcp-timeout 86400 ip nat translation udp-timeout 300 ip nat translation dns-timeout 60 ip nat translation finrst-timeout 60 ip nat pool Cisco2620-natpool-65535 1.2.3.1 1.2.3.1 netmask 255.255.255.0 ip nat inside source list 1 pool Cisco2620-natpool-65535 overload ! router rip version 2 network x.x.x.x passive-interface Serial 0/0 no auto-summary ! ! ip classless ! ! IP Static Routes ip route 0.0.0.0 0.0.0.0 Serial 0/0 no ip http server snmp-server community a_string_for_snmp RW 5 snmp-server enable traps tty no snmp-server location no snmp-server contact ! line console 0 exec-timeout 0 0 password XXXXXXXXXXXXXXXXXX login ! line vty 0 4 password XXXXXXXXXXXXXXXXXX login ! sntp server 192.5.41.40 ! end Thanks... Brian Bergin I can be reached via e-mail at cisco_dot_news_at_comcept_dot_net. Please post replies to the group so all may benefit. Brian Bergin |
|
|
