2620 CPU usage at -1%

Discussion in 'Cisco' started by Brian Bergin, Nov 20, 2003.

  1. Brian Bergin

    Brian Bergin Guest

    Using a tool that polls using SNMP to our 2620 running 12.3.1a with IPFW I've
    always been able to pull CPU usage from the router. I can still pull bandwidth
    from it, but when I try to pull CPU usage I get -1%, and while I'd love to
    believe this router is that powerful, I'd be wrong.

    This all started after we converted from a std setup to NAT. The NAT config is
    as follows (some stuff obviously changed). Is there something here that would
    allow my accessing bandwidth usage but not CPU usage?

    Thanks....
    Brian

    !
    service timestamps debug uptime
    service timestamps log uptime
    service password-encryption
    no service tcp-small-servers
    no service udp-small-servers
    !
    hostname Cisco2620
    !
    enable password XXXXXX
    !
    clock timezone EST -5
    clock summer-time EST recurring
    !
    ip source-route
    !
    ip subnet-zero
    no ip domain-lookup
    ip routing
    !
    ! Context-Based Access Control
    !
    no ip inspect audit-trail
    ip inspect tcp synwait-time 30
    ip inspect tcp finwait-time 5
    ip inspect tcp idle-time 3600
    ip inspect udp idle-time 30
    ip inspect dns-timeout 5
    ip inspect one-minute low 900
    ip inspect one-minute high 1100
    ip inspect max-incomplete low 900
    ip inspect max-incomplete high 1100
    ip inspect tcp max-incomplete host 50 block-time 0
    !
    ! IP inspect FastEthernet_0_0
    !
    no ip inspect name FastEthernet_0_0
    ip inspect name FastEthernet_0_0 tcp
    ip inspect name FastEthernet_0_0 udp
    ip inspect name FastEthernet_0_0 cuseeme
    ip inspect name FastEthernet_0_0 ftp
    ip inspect name FastEthernet_0_0 h323
    ip inspect name FastEthernet_0_0 rcmd
    ip inspect name FastEthernet_0_0 realaudio
    ip inspect name FastEthernet_0_0 smtp
    ip inspect name FastEthernet_0_0 streamworks
    ip inspect name FastEthernet_0_0 vdolive
    ip inspect name FastEthernet_0_0 sqlnet
    ip inspect name FastEthernet_0_0 tftp
    !
    ! IP inspect Serial_0_0
    !
    no ip inspect name Serial_0_0
    ip inspect name Serial_0_0 tcp
    ip inspect name Serial_0_0 udp
    ip inspect name Serial_0_0 smtp
    !
    interface FastEthernet 0/0
    no shutdown
    description connected to EthernetLAN
    ip address 192.168.0.45 255.255.255.0
    ip nat inside
    ip inspect FastEthernet_0_0 in
    ip access-group 100 in
    keepalive 10
    speed 100
    full-duplex
    !
    interface Serial 0/0
    no shutdown
    description connected to Internet
    service-module t1 clock source line
    service-module t1 data-coding normal
    service-module t1 remote-loopback full
    service-module t1 framing esf
    service-module t1 linecode b8zs
    service-module t1 lbo none
    service-module t1 remote-alarm-enable
    ip address a.b.c.123 255.255.255.252
    ip nat outside
    ip inspect Serial_0_0 in
    ip access-group 101 in
    encapsulation hdlc
    !
    interface Serial0/1
    no ip address
    shutdown
    !
    logging trap informational
    logging 192.168.0.8
    !
    ! Access Control List 1
    !
    no access-list 1
    access-list 1 permit 192.168.0.0 0.0.0.255
    !
    ! Access Control List 100
    !
    no access-list 100
    access-list 100 permit ip any any
    !
    ! Access Control List 101
    !
    no access-list 101
    access-list 101 deny ip host 1.2.3.2 any log
    access-list 101 deny ip host 1.2.3.37 any log
    access-list 101 deny ip host 1.2.3.6 any log
    access-list 101 deny ip host 1.2.3.12 any log
    access-list 101 deny ip host 1.2.3.3 any log
    access-list 101 deny ip host 1.2.3.36 any log
    access-list 101 deny ip host 1.2.3.26 any log
    access-list 101 permit udp any host 1.2.3.2 eq domain log
    access-list 101 permit tcp any host 1.2.3.2 eq domain log
    access-list 101 deny ip any host 1.2.3.2 log
    access-list 101 permit tcp any host 1.2.3.3 eq 3389 log
    access-list 101 permit tcp any host 1.2.3.3 eq 443 log
    access-list 101 permit udp any host 1.2.3.3 eq domain log
    access-list 101 permit tcp any host 1.2.3.3 eq domain log
    access-list 101 deny ip any host 1.2.3.3 log
    access-list 101 permit tcp any host 1.2.3.36 eq 3389 log
    access-list 101 permit tcp any host 1.2.3.36 eq www log
    access-list 101 deny ip any host 1.2.3.36 log
    access-list 101 permit gre any any
    access-list 101 permit tcp any host 1.2.3.37 eq 1723 log
    access-list 101 deny ip any host 1.2.3.37 log
    access-list 101 permit tcp any host 1.2.3.6 eq www log
    access-list 101 deny ip any host 1.2.3.6 log
    access-list 101 permit tcp any host 1.2.3.12 eq smtp log
    access-list 101 deny ip any host 1.2.3.12 log
    access-list 101 permit icmp any any echo-reply log
    access-list 101 permit icmp any any time-exceeded log
    access-list 101 permit icmp any any port-unreachable log
    access-list 101 permit tcp any host 1.2.3.26 eq www log
    access-list 101 permit tcp any host 1.2.3.26 eq 443 log
    access-list 101 deny ip any host 1.2.3.26 log
    !
    ! Static NAT
    !
    ip nat inside source static 192.168.0.3 1.2.3.2
    ip nat inside source static 192.168.0.3 1.2.3.3
    ip nat inside source static 192.168.0.36 1.2.3.36
    ip nat inside source static 192.168.0.6 1.2.3.6
    ip nat inside source static 192.168.0.12 1.2.3.12
    ip nat inside source static 192.168.0.37 1.2.3.37
    ip nat inside source static 192.168.0.26 1.2.3.26
    !
    ! Dynamic NAT
    !
    ip nat translation timeout 86400
    ip nat translation tcp-timeout 86400
    ip nat translation udp-timeout 300
    ip nat translation dns-timeout 60
    ip nat translation finrst-timeout 60
    ip nat pool Cisco2620-natpool-65535 1.2.3.1 1.2.3.1 netmask 255.255.255.0
    ip nat inside source list 1 pool Cisco2620-natpool-65535 overload
    !
    router rip
    version 2
    network x.x.x.x
    passive-interface Serial 0/0
    no auto-summary
    !
    !
    ip classless
    !
    ! IP Static Routes
    ip route 0.0.0.0 0.0.0.0 Serial 0/0
    no ip http server
    snmp-server community a_string_for_snmp RW 5
    snmp-server enable traps tty
    no snmp-server location
    no snmp-server contact
    !
    line console 0
    exec-timeout 0 0
    password XXXXXXXXXXXXXXXXXX
    login
    !
    line vty 0 4
    password XXXXXXXXXXXXXXXXXX
    login
    !
    sntp server 192.5.41.40
    !
    end



    Thanks...
    Brian Bergin

    I can be reached via e-mail at
    cisco_dot_news_at_comcept_dot_net.

    Please post replies to the group so all may benefit.
    Brian Bergin, Nov 20, 2003
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Tom Del Rosso

    Firefox CPU usage

    Tom Del Rosso, Nov 1, 2005, in forum: Firefox
    Replies:
    2
    Views:
    4,741
    Ed Mullen
    Nov 2, 2005
  2. KHANS

    7206 VXR high CPU usage

    KHANS, Oct 22, 2003, in forum: Cisco
    Replies:
    10
    Views:
    7,144
    leraph
    Feb 6, 2009
  3. Bill F
    Replies:
    4
    Views:
    3,389
  4. Kevin
    Replies:
    3
    Views:
    6,857
    spamhead
    Dec 22, 2003
  5. Kevin
    Replies:
    0
    Views:
    475
    Kevin
    Dec 21, 2003
Loading...

Share This Page