[Cisco ACS] Memory Utilization limit

Similar Messages

• Cisco Router Memory Utilization

  Hi,
  We have a Cisco SA520 Router (Firmware 2.1.18)
  We are only using this for about 1 month now. Router seems ok its just
  I am worried about the  Memory utilization which reach to 62% (144/234 MB)
  Is this something to worry about?
  How can I utilize this by lowering down the usage?
  Pardon me I am just to new Cisco devices.
  Many Thanks.
  AC

  AC,
  Please go ahead and upgrade to the latest firmware 2.1.51 Memory utilization shouldn't be a problem. After the upgrade please keep an eye on the memory and report back.
  Thanks,
  Jasbryan
  Cisco Support Engineer
  .:|:.:|:.

• CISCO ACS, How to Limit User Session ?

  Hi Guys,
  hope you would help me,
  how to limit the user session in ACS 5.x ?
  i'm aware the menu on
  Access Policies >Max User Session Policy > Max Session Group Settings
  i already set the global value to 1, Max Session for User in Group to 1, and Max Session for Group to 1.
  so it means the user only could open 1 connect at the same time right?
  the problem, it didn't works.
  i had 1 ACS 5.5
  2 CISCO Cisco IOS Software, 3700 Software (C3725-ADVENTERPRISEK9-M), Version 12.4(15)T13, RELEASE SOFTWARE (fc3)
  (let's call it R1 and R2 )
  i'm trying to telnet both of them at the same time, and it works ( it means the session limit didn't works, cmiiw )
  i already include :
  radius-server attribute 44 include-in-access-req
  radius-server host 192.168.217.98 auth-port 1645 acct-port 1646 key somekey
  on the line vty :
   accounting connection acs
   login authentication acs
  am i missing something?
  also, is this feature works on tacacs+ too?
  Thanks,

  Dash,
  You can leverage the group mapping feature where members of a certain AD group are mapped to a local group in ACS with the max sessions defined.
  http://www.cisco.com/c/en/us/td/docs/net_mgmt/cisco_secure_access_control_system/5-3/user/guide/acsuserguide/access_policies.html#pgfId-1162308
  Thanks,
  Tarik Admani

• Supported devices/users on Cisco ACS 4.2

  Hi,
  Does anyone know how many devices/users does Cisco ACS  4.2 support ?
  I need to know this information for a very large deployment.
  Regards,           

  Hello,
  The following items are general answers to common system-performance questions. The performance of ACS in your network depends on your specific environment and AAA requirements.
  •Maximum users supported by the ACS internal database—There is no theoretical limit to the number of users the ACS internal database can support. We have successfully tested ACS with databases in excess of 100,000 users. The practical limit for a single ACS authenticating against all its databases, internal and external, is 300,000 to 500,000 users. This number increases significantly if the authentication load is spread across a number of replicated ACS instances.
  •Transactions per second—Authentication and authorization transactions per second depend on many factors, most of which are external to ACS. For example, high network latency in communication with an external user database lowers the number of transactions per second that ACS can achieve.
  •Maximum number of AAA clients supported— ACS has been tested to support AAA services for approximately 50,000 AAA client configurations. This limitation is primarily a limitation of the ACS memory.
  System Performance Specification.
  http://www.cisco.com/en/US/docs/net_mgmt/cisco_secure_access_control_server_for_windows/4.2/user/guide/Overvw.html#wp827669
  ~BR
  Jatin Katyal
  **Do rate helpful posts**

• Cisco ACS / Trend Micro Office / Cisco Trust Agent

  We currently utilize Cisco ACS Server and Trend Micro OfficeScan and would like to deploy Cisco Trust Agent 2.0 on a few laptops.  Has anyone been involved with such a deployment?  If so, any suggestions, documentation, suggestions?
  Thanks,

  CTR uses the admin shares to connect to a windows server.
  Depending on how you configured it: It will try a nmap fingerprint scan, use static OS mappings or perform a level 2 scan by using the admin shares.
  If you are using it through firewalls, the fingerprinting does not work properly.
  You will also notice that since version 2.0.3 there hasn't been any new agents developed for it. Also 2.0.5 started to upgrade all port scans etc whereas before it didn't.
  I would look to speaking to your cisco account team about the next version of Cisco IPS instead.

• SNMP OID for CPU and Memory Utilization on a MDS 9509

  Does anyone know what the OIDs are for CPU and Memory utilization on a MDS 9509?
  Thanks

  CISCO-SYSTEM-EXT-MIB.my is a good place to start and you can determine the OID from the MIB.
  Once you feel as though you are on the right track, have a look at:
  http://www.oidview.com/mibs/9/CISCO-SYSTEM-EXT-MIB.html
  I gather that what you need is:
  1.3.6.1.4.1.9.9.305.1.1.1
  and
  1.3.6.1.4.1.9.9.305.1.1.2
  Enjoy.
  Stephen

• OID for CPU and MEMORY utilization for wrv4400n

  Hi,
  Can any one please tell me the OID for CPU and MEMORY utilization for wrv4400n?
  Thanks
  Vipin

  CISCO-SYSTEM-EXT-MIB.my is a good place to start and you can determine the OID from the MIB.
  Once you feel as though you are on the right track, have a look at:
  http://www.oidview.com/mibs/9/CISCO-SYSTEM-EXT-MIB.html
  I gather that what you need is:
  1.3.6.1.4.1.9.9.305.1.1.1
  and
  1.3.6.1.4.1.9.9.305.1.1.2
  Enjoy.
  Stephen

• High memory utilization after few days - ciscoworks LMS 4.0.1

  Hello,
  I have the problem that our ciscoworks server gets out of memory after few days. The memory utilization is always getting higher an higher (above 95%). Sometimes it is only after 3 days and sometimes it is after 1 week. So it happens not regulary. Has anyone an idea what could be the problem? I have made an screenshot from the services which use a lot of memory. And at this time the memory utilization is getting higher and higher again....I think there is a problem with tomcat or dbsrv10.exe, there are also a lot of cwjava.exe running.
  Kindly regards
  David Mayer

  Hello,
  I have the same problem. First time I've tried to upgrade memory from 8gb to 16gb but I am still experiencing same issues (Memory is running on 98%). I'm not sure exactly what process it is causing this issue, because when I've checked all proccesses from all users running on this server and count them there is no 15 gb at all. My guess is the same for tomcat server which is responsible for RME collector, or correct me if I'm wrong.
  Do you have any idea what can cause this problem.
  I've tried to upgrade then to Cisco works Prime lan management 4.1, but server went with same issues.
  Thanks a lot

• CiscoWorks LMS 4.0.1 High Memory Utilization on Windows 2K8 R2

  Hi,
  What causes LMS 4.1 to have high memory utilization?

  I made a little batch
  https://supportforums.cisco.com/docs/DOC-21031
  It show what process in LMS is eating you RAM / Hogging the CPU.
  I don't think resources are used very effectivly in LMS
  I did have the impression that some virtual machines running LMS 3.2 actually performed better than real machines, as if the VMware saw it load all these java virtual machines and that it was 45 times the same thing only being used for a few % and therefore could be swapped to disk, leaving the resources to what was actually working in LMS.
  What worries me more than the resources used is the gui per.formance.
  Cheers,
  Michel

• ASA High Memory utilization and random lockouts

  We have 2 ASA 5520's running Active/Standby with the cable based failover. At random times perhaps once our twice a week we will get calls that RA VPN users cannot connect, RA users connect with the Cisco VPN client. Also most often during this time we cannot telnet into the "primary" ASA, but we can "usually" access it via the ASDM where we will see that the memory utilization is in the upper 90% range and perhaps as high as 98% consistently. To help temporarily solve the issue we have to telnet to the "secondary" ASA which we can usually access via telnet and perform a "failover active" which will failover the primary and make the secondary become the active and vice versus. Has anyone seen this issue. I have opened up several TAC cases and have not had much help. Thanks in advance!

  Hi Brandon,
  it is important to know what version are running your ASAs [ie 7.0(4)] and to collect some log, you can set it to error level (logging buffered errors), with the logging standby, so all of the message should be replicated on the standby unit.
  even the show crashinfo could give you useful info.
  show crashinfo
  : Saved_Crash
  Thread Name: vpnfo_thread_msg (Old pc 0x00b47b80 ebp 0x01c60634)
  You can check the caveats for you release from the cisco site, This link is for the 7.0(4)
  http://www.cisco.com/en/US/docs/security/pix/pix70/release/notes/pix704rn.html#wp32426
  It could be a known bug solved in newer image.
  Here you can find useful info to perfom a zer o downtime upgrade.
  http://www.cisco.com/en/US/docs/security/asa/asa72/configuration/guide/mswlicfg.html
  Regards,
  Marco.

• Sawserver memory utilization in OBIEE 10g

  We recently merged two of our OBI production environments into a single production environment and as expected we could see significant increase in the memory utilization of the sawserver.
  The Virtual Bytes of Sawserver hits around 2.7GB and the working set hits around 2.55 GB. As 3GB is the maximum limit for the sawserver utilization we are worried if this could lead to a crash though we did not have a crash yet
  The OBIEE version is 10.1.3.4.1 and it is running on Windows 2k3 Enterprise Edition SP2 and 16 GB RAM.
  I would need to know if there is any possibility to decrease the sawserver memory utilization just to avoid any crashes.

  OS level it is showing the following result
  # swapinfo -mat
               Mb      Mb      Mb   PCT  START/      Mb
  TYPE      AVAIL    USED    FREE  USED   LIMIT RESERVE  PRI  NAME
  dev        4096      52    4044    1%       0       -    1  /dev/vg00/lvol2
  reserve       -    4044   -4044
  memory     8172    3458    4714   42%
  total     12268    7554    4714   62%       -       0    -
  SQL> select * from v$sga_target_advice;
    SGA_SIZE SGA_SIZE_FACTOR ESTD_DB_TIME ESTD_DB_TIME_FACTOR ESTD_PHYSICAL_READS
        3552               1       103504                   1             3296335
         888             .25       111463              1.0769             4525868
        1776              .5       107178              1.0355             3873853
        7104               2        95907               .9266             2099436
        4440            1.25       100668               .9726             2765295
        5328             1.5        98401               .9507             2442914
        6216            1.75        96166               .9291             2099436
        2664             .75       105284              1.0172             3587072
  8 rows selected.
  We have currently 3550 MB sga allocated...
  using the above query, we can say that if SGA size is 7104 MB, we will be getting more peformance as per my current load.
  Please suggest...

• Historical CPU/Memory utilization data and xm top interpretation

  Hi All,
  Can we get historical CPU/Memory utilization data on domU server. xm top command give real-time data.
  secondly, how to interpret xm top command output.
  xentop - 02:28:25 Xen 3.0-unstable
  3 domains: 3 running, 0 blocked, 0 paused, 0 crashed, 0 dying, 0 shutdown
  Mem: 16772032k total, 13863520k used, 2908512k free CPUs: 4 @ 2327MHz
  NAME STATE CPU(sec) CPU(%) MEM(k) MEM(%) MAXMEM(k) MAXMEM(%) VCPUS NETS NETTX(k) NETRX(k) VBDS VBD_OO VBD_RD VBD_WR SSID
  domain1 -----r 18153551 98.7 6299520 37.6 6307840 37.6 2 2 14008639723 134647867139 2 0 7405453 7224743 0
  domain2 -----r 13574751 31.2 6299520 37.6 6307840 37.6 2 2 815959711 780254006 2 0 2732 2658 0
  Domain-0 -----r 3807938 9.6 819200 4.9 no limit n/a 4 8 0 0 0 0 0 0 0
  Does it implies that there are 2 virtual CPUs configured for guest(domain1), which at this moment 98.7% utilized. Doesn't it shows there is capacity problem?
  In virtualization, are virtual CPUs dedicated to guests, or CPU cycles are available on demand. If this is the case, then one guest high utilization can slow down other guests as well.
  Thanks,
  Neeraj

  Hi All,
  Can we get historical CPU/Memory utilization data on domU server. xm top command give real-time data.
  secondly, how to interpret xm top command output.
  xentop - 02:28:25 Xen 3.0-unstable
  3 domains: 3 running, 0 blocked, 0 paused, 0 crashed, 0 dying, 0 shutdown
  Mem: 16772032k total, 13863520k used, 2908512k free CPUs: 4 @ 2327MHz
  NAME STATE CPU(sec) CPU(%) MEM(k) MEM(%) MAXMEM(k) MAXMEM(%) VCPUS NETS NETTX(k) NETRX(k) VBDS VBD_OO VBD_RD VBD_WR SSID
  domain1 -----r 18153551 98.7 6299520 37.6 6307840 37.6 2 2 14008639723 134647867139 2 0 7405453 7224743 0
  domain2 -----r 13574751 31.2 6299520 37.6 6307840 37.6 2 2 815959711 780254006 2 0 2732 2658 0
  Domain-0 -----r 3807938 9.6 819200 4.9 no limit n/a 4 8 0 0 0 0 0 0 0
  Does it implies that there are 2 virtual CPUs configured for guest(domain1), which at this moment 98.7% utilized. Doesn't it shows there is capacity problem?
  In virtualization, are virtual CPUs dedicated to guests, or CPU cycles are available on demand. If this is the case, then one guest high utilization can slow down other guests as well.
  Thanks,
  Neeraj

• Unable to generate reports in Cisco ACS 4.2

  Hi All,
  I have configured AAA on Firewall & i am successfully able to login into it using ACS username & password but unable to generate Accounting & Administration logs. Whenever i check either of these logs it shows me blank page. Below is the AAA config on Firewall.
  I have installed Cisco ACS 4.2 on windows 2003 server.
        aaa-server test protocol tacacs+
        aaa-server test (inside) host X.X.X.X
          key **********
        no aaa authentication http console AAA LOCAL
        aaa authentication http console test LOCAL
        no aaa authentication ssh console AAA LOCAL
        aaa authentication ssh console test LOCAL
        aaa authentication telnet console test LOCAL
        aaa authentication enable console test LOCAL
        aaa accounting enable console test
        aaa accounting ssh console test
        aaa accounting telnet console test   
        aaa accounting command test
  Awaiting for soln.
  Thanks in advance.
  Regards,
  Amit.

  I had the same experience. I even reinstalled Remote Desktop on Leopard, which caused all the passwords and machines I had registered were hosed and I could build up the user/password database again.
  Look in your console log. If you see something like:
  Feb 12 10:55:22 dhcp46 [0x0-0x1a01a].com.apple.RemoteDesktopAgent[660]: IpcMemoryCreate: shmget(key=5433001, size=1466368, 03600) failed: Cannot allocate memory
  It means that the postgresql database that is started for collection this information can startup. It will try several times, and then fail. The way to fix this
  -Apple supplies their postgresql with some sensible memory settings for the trivial task they are asking postgresql to do
  -increase the memory settings from the complete system. In Leopard you do that by creating a file called /etc/sysctl.conf
  and add something like this:
  kern.sysv.shmmax=167772160
  kern.sysv.shmmin=1
  kern.sysv.shmmni=32
  kern.sysv.shmseg=8
  kern.sysv.shmall=65536
  See also:
  http://forum.servoy.com/viewtopic.php?p=47461

• Switch Memory Utilization

  Hi
  what is the standard range for memory utilization on 35xx switches.
  I know under minimal load they can be around 50% but what would be classed as a problem?
  Most of mine are between 60% - 90% is this normal?
  thanks

  Hi,
  With 3500xl's, the load minimum with 50% is OK.If I were you, I would have tried setting up the SPAN on switch and tried capture the traffic passing over the switch.
  Link for SPAN config: http://www.cisco.com/univercd/cc/td/doc/product/lan/c2900xl/29_35wc5/scg/swports.htm#xtocid25
  If the CPU utilization is more than 50% and there is no unusal traffic on the LAN, you might be hitting CSCdv21552.
  Please refer the link below:
  http://www.cisco.com/en/US/products/hw/switches/ps607/products_tech_note09186a0080094e78.shtml
  HTH,
  -amit singh

• Memory utilization alway at 100%

  I frequently receive alerts via EM 12c that I have reached near 100% of my memory for my host servers. My servers have lots of RAM and have been running fine for a long time. I have tried to increase the metrics so it does not warn me until it hits 99.5% but it still sends me alerts. I am not sure what I have to configure differently for EM to not think this is a problem.
  Thanks
  Andy

  Just to clarify a few things. My oracle databases instances are running on an 2 HPUX server. Enterprise Manger consistently shows that the Memory uitilization is near 100%, it never really drops it just stays flat lined at near 100% and every once and a while their will be a spike where it will drop to 90 or 95%. I am letting AMM auto tune the memory between PGA and SGA. I only have agents running on HPUX for Enterprise Manager.
  I have Enterprise Manager 12.1.0.1 setup on a Windows 2008 R2 server. I have only had EM setup for a few months but I beleive the issue of memory showing near 100% is an old issue. Again the environment and the servers are working fine.
  After doing a bit more research to me the real problem is how enterprise manager looks at the memory. If I use an utility such as a tool that comes with HPUX called "Glance" it shows the following. I have 32 GB or Physical memory, System is using 7.5 GB of this memory and User is using 10.7GB and their is 15.1 GB of free memory. So the "Glance" utility shows my memory utilization is just fine.
  FYI memory is also showed to be healthy when looking at it with the below command.
  # swapinfo -m
  Mb Mb Mb PCT START/ Mb
  TYPE AVAIL USED FREE USED LIMIT RESERVE PRI NAME
  dev 34816 0 34816 0% 0 - 1 /dev/vg00/lvol2
  dev 34816 35 34781 0% 0 - 0 /dev/vg02/lvolsw1
  reserve - 6626 -6626
  memory 31147 14588 16559 47%
  To me it seems to me that Enterprise Manager is adding up the System Memory + User Memory + Free Memory and comparing it to the Physical Memory. When it should be taking only System Memory + User Memory and comparing it to Physcial memory. So the metrics it is looking at need to be modified somehow.