[c-nsp] 2611xm slowed to crawl, ip based filter...

Jeff Johnson jeff at comfrey.net
Wed Sep 8 03:17:52 EDT 2004 

On Sep 8, 2004, at 12:05 AM, Bruce Pinsky wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Jeff Johnson wrote:
>
> | Hey all,
> |
> | Below is an excerpt from my config on a 2611xm.  I set this up last
> | friday night and foolishly walked away.  Upon checking in the next 
> day i
> | found that the network had slowed to a crawl and i could not even
> | connect vi a ssh.  the connections would time out.
> |
> | Is this acl processor bound or is there some fundamental flaw in its
> | design?
> |
> | i am new to cisco based firewalls, so please go easy on me.
> |
> | the following section was generated by configmaker.
> |
> | I appreciate the help,
> |
>
>
> Doesn't seem that unreasonable.  A little more info might help narrow 
> it
> down.  What does "show proc cpu" indicate?   Do you have some other
> features turned on such as NAT or IPSEC?   Is CEF your switching path
> (check with "sh ip int")?
>

no nat or ipsec.

It is hard to say about the cpu utilization as it stands now as the 
list is not active.

2611#sh ip int
FastEthernet0/0 is up, line protocol is up
   Internet address is X.X.X.190/26
   Broadcast address is 255.255.255.255
   Address determined by non-volatile memory
   MTU is 1500 bytes
   Helper address is not set
   Directed broadcast forwarding is disabled
   Outgoing access list is not set
   Inbound  access list is not set
   Proxy ARP is enabled
   Local Proxy ARP is disabled
   Security level is default
   Split horizon is enabled
   ICMP redirects are always sent
   ICMP unreachables are always sent
   ICMP mask replies are never sent
   IP fast switching is disabled
   IP fast switching on the same interface is disabled
   IP Flow switching is disabled
   IP Fast switching turbo vector
   IP multicast fast switching is disabled
   IP multicast distributed fast switching is disabled
   IP route-cache flags are None
   Router Discovery is disabled
   IP output packet accounting is disabled
   IP access violation accounting is disabled
   TCP/IP header compression is disabled
   RTP/IP header compression is disabled
   Probe proxy name replies are disabled
   Policy routing is disabled
   Network address translation is disabled
   WCCP Redirect outbound is disabled
   WCCP Redirect inbound is disabled
   WCCP Redirect exclude is disabled
   BGP Policy Mapping is disabled

More information about the cisco-nsp mailing list