cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
redbarron
New Contributor III

3120 has high CPU with FFE enabled and IP firewall disabled

Jump to solution

ADTRAN, Inc. OS version R12.2.0.SA

  Mainline Version: ENM.16.93

  P4 Changelist: 268653

  Checksum: 9C1988B5

  Built on: Wed Nov 16 11:29:53 2016

Boot ROM version 17.02.01.00

  Checksum: D2C8

  Built on: Fri Apr 04 07:22:20 2008

  Compatibility Version: 0

Copyright (c) 1999-2016, ADTRAN, Inc.

Platform: NetVanta 3200, part number 1203860G1

Task Id    Task Name        PRI STA   (count)     (usec)     (usec)     (1sec)

1          Idle               0 W   138862470        993          0       0.00

3          PC Config          7 S   209541485        936     951405      95.14

4          PacketRouting     44 W    38371951         34       4171       0.42

The config is a PPP 1 interface cross connected to a single T1 and Eth0/1 connected to a firewall.  Added the FFE  to eth0/1 and disabled the Firewall and no change.  Any help would be greatly appreciated.

Labels (1)
0 Kudos
1 Solution

Accepted Solutions
jayh
Honored Contributor
Honored Contributor

Re: 3120 has high CPU with FFE enabled and IP firewall disabled

Jump to solution

Is the device connected to the Internet? If so, have you locked down administrative access to trusted networks? It could very well be brute-force attacks against telnet, ssh, http, https.

ip access-list standard management-list

permit [list of trusted networks and wildcard mask]

line telnet 0 4

access-class management-list in

line ssh 0 4

access-class management-list in

http ip access-class management-list in

http ip secure-access-class management-list in

View solution in original post

0 Kudos
3 Replies
redbarron
New Contributor III

Re: 3120 has high CPU with FFE enabled and IP firewall disabled

Jump to solution

I have 11 devices that are doing the exact same thing.  Any assistance would be greatly appreciated. 

jayh
Honored Contributor
Honored Contributor

Re: 3120 has high CPU with FFE enabled and IP firewall disabled

Jump to solution

Is the device connected to the Internet? If so, have you locked down administrative access to trusted networks? It could very well be brute-force attacks against telnet, ssh, http, https.

ip access-list standard management-list

permit [list of trusted networks and wildcard mask]

line telnet 0 4

access-class management-list in

line ssh 0 4

access-class management-list in

http ip access-class management-list in

http ip secure-access-class management-list in

0 Kudos
redbarron
New Contributor III

Re: 3120 has high CPU with FFE enabled and IP firewall disabled

Jump to solution

The above with also limiting SNMP access has gotten the CPU utilization down to an acceptable performance.  TY.