CEF Disabled — High CPU Under Moderate Traffic Load
Presenting Symptom
High CPU utilization (over 80%) on a Cisco switch under moderate traffic load, with packet drops and slow network performance.
Network Context
A small branch office with a single Cisco Catalyst 2960-X switch running IOS 15.2. The switch connects 50 end-user devices and a router for WAN access. Traffic load is moderate (around 200 Mbps), but CPU spikes to 90% during peak hours.
Diagnostic Steps
Check CPU utilization
show processes cpu sorted | exclude 0.00CPU utilization for five seconds: 90%/10%; one minute: 85%; five minutes: 80% Process PID 5Sec 1Min 5Min IP Input 123 45% 40% 35% CEF process 124 30% 25% 20%
High CPU in 'IP Input' and 'CEF process' indicates packet switching is consuming CPU. Normal CPU should be below 50% under moderate load.
Verify CEF status
show ip cefIPv4 CEF is not enabled IPv4 CEF switching is disabled
CEF is disabled. This forces the switch to use process switching, which is CPU-intensive and causes high CPU under moderate traffic.
Check interface switching path
show interfaces gigabitethernet 1/0/1 | include switchingSwitching path: Process switching Fast switching enabled
The interface is using process switching instead of CEF. This confirms that CEF is not being used for packet forwarding.
Verify CEF configuration
show running-config | include cefno ip cef
The command 'no ip cef' is present in the configuration, which disables CEF globally. This is the root cause.
Root Cause
CEF (Cisco Express Forwarding) is globally disabled on the switch via the 'no ip cef' command. Without CEF, the switch uses process switching, which punts all packets to the CPU for forwarding, causing high CPU utilization under moderate traffic loads.
Resolution
Verification
Run 'show ip cef' to confirm CEF is enabled: IPv4 CEF is enabled Run 'show processes cpu sorted | exclude 0.00' to see reduced CPU: CPU utilization for five seconds: 30%/10%; one minute: 25%; five minutes: 20% Process PID 5Sec 1Min 5Min IP Input 123 5% 4% 3% CEF process 124 2% 2% 1% Run 'show interfaces gigabitethernet 1/0/1 | include switching' to confirm CEF switching: Switching path: CEF switching
Prevention
1. Always ensure CEF is enabled by default; avoid disabling it unless troubleshooting specific issues. 2. Use 'show ip cef' during initial configuration to verify CEF status. 3. Monitor CPU utilization regularly with 'show processes cpu' to catch anomalies early.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario may appear as a troubleshooting question where you must identify the cause of high CPU. The exam tests knowledge of switching paths (process switching vs. fast switching vs. CEF) and the 'ip cef' command. Key fact: CEF is the default and recommended switching method on Cisco switches; disabling it causes high CPU.
Exam Tips
Remember that CEF is enabled by default; if you see 'no ip cef' in the config, that's likely the problem.
Know the difference between process switching (CPU-intensive) and CEF (hardware-based, efficient).
Be familiar with 'show ip cef' and 'show processes cpu' commands for troubleshooting high CPU.
Commands Used in This Scenario
show interfaces
Displays detailed status and statistics for all interfaces or a specific interface, used to verify interface operational state, errors, and performance.
show processes cpu
Displays CPU utilization statistics for all processes running on the Cisco IOS device, used to identify processes consuming excessive CPU and diagnose performance issues.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions