Monthly Archives: March 2015

How to see what traffic is hitting you CPU on a 6500

If you are having high CPU issues on your routers there is a way to see exactly what is causing it.

My issue was causing EIGRP to drop neighbors then come back online.

The problem is catching it fast enough to get the needed output especially when the spikes happen for only 1 second or 2.  I don’t know about you but i can’t type that fast.

To solve this issue we’ll use our friendly EEM script.

event manager session cli username “XXX” ——-This line may only be used if you have AAA configured and this “algo” must be a username that you already have in AAA

event manager applet HIGH_CPU
event snmp oid get-type exact entry-op ge entry-val 85 exit-op lt exit-val 75 poll-interval 7
action 1.01 syslog msg “——HIGH CPU DETECTED—-, CPU:$_snmp_oid_val%”
action 1.02 cli command “enable”
action 1.03 cli command “term length 0”
action 1.04 cli command “debug netdr cap rx”
action 1.05 cli command “show netdr cap | append disk0:HIGH_CPU.txt”
action 1.06 cli command “show proc cpu sort | append disk0:HIGH_CPU.txt”
action 1.07 cli command “Show users | append disk0:HIGH_CPU.txt”
action 1.08 cli command “Show proc cpu history | append disk0:HIGH_CPU.txt”
action 1.09 cli command “show logging | append disk0:HIGH_CPU.txt”
action 1.10 cli command “show spanning-tree detail | append disk0:HIGH_CPU.txt”
action 1.11 cli command “show ip traffic | append disk0:HIGH_CPU.txt”
action 1.12 cli command “show clock | append disk0:HIGH_CPU.txt”
action 1.13 cli command “undebug all”
action 1.14 cli command “term length 24”
action 1.15 cli command “exit”

Depending on your platform you may need to change disk0: to flash: or something else.

It will trigger when there is 85% CPU or greater and write a file to the destination.

With this output you can put it into a beta cisco tool which will decode it for you.

Here is what one of mine looked like:


Cisco Anyconnect and Smart Tunnels

Cool feature that is available for SSL/WebVPN users.  When a process is started (Windows) or an application in a certain directory path is launched (MAC) you can have “smart tunnels” established.

This works really easily with the Windows platform and is very easy to configure.

Edit your Clientless SSL VPN Access Group policy


Select the Portal option on the left menu.

Go to the smart tunnel section and select your Tunnel Application.  In mine I had named mine RDPclientless


Click add


I added the windows on and it worked perfectly.  I also have tried many versions of the MAC configuration but I have not had any success.


One thing to note when ever you make changes to these profiles the Auto start check box becomes un-checked.