Guides
All guides
VPN & Firewall
FortiGate IPsec VPNPalo Alto VPNCisco ASA VPNJuniper SRX VPNSonicWall VPN
Switching & Routing
Catalyst high CPUNexus vPCOSPF ExStartBGP Active/Idle
Load Balancing
F5 pool member down
Servers & Virtualization
Linux high loadWindows high memoryESXi disconnectedProxmox node offline
Containers
K8s CrashLoopDocker exit 137
Databases
MySQL replication lagPostgreSQL connsOracle ORA-12541
Cloud
AWS no internetAzure VPN gateway
Backup
Veeam job failed
Web & App
Nginx 502
Compare
Marvis alternativeChatGPT vs TM
Home / Troubleshoot / Cisco Catalyst High CPU
Cisco Catalyst · High CPU

Cisco Catalyst Switch High CPU: How to Troubleshoot It

By the Tech Matrix engineering team · Updated June 2026

High CPU on a Catalyst switch is a symptom, not the cause. The job is to find which process — or which punted traffic — is burning cycles, then fix the root. Here are the exact commands and how to read them.

Step 1 — See how busy the CPU is

Start with a live snapshot and the history:

show processes cpu sorted 5sec
show processes cpu history

The first line of show processes cpu reads like "CPU utilization for five seconds: 85%/60%". The first number is total CPU; the second is the share spent in interrupt (fast-path / punted packets). The gap between them is process load. Which number is high tells you where to look.

Step 2 — High process CPU

If process load is high, show processes cpu sorted 5sec names the culprit at the top. Common offenders and what they mean:

  • ARP Input — an ARP storm or scanning host; track it with show ip arp and show mac address-table.
  • IP Input — traffic being process-switched instead of hardware-switched (often TTL=1, options, or unsupported features).
  • Spanning-Tree (STP) — topology churn or an L2 loop; check show spanning-tree detail for frequent TCNs.
  • SISF / IP Device Tracking — on Catalyst 9000, aggressive device-tracking probes; tune the policy.

Step 3 — High interrupt CPU (punted traffic)

High interrupt means packets are being punted to the CPU instead of switched in hardware. On IOS-XE, inspect the punt path:

show platform health
show platform punt-statistics port-asic 0 cpuq -1 direction rx

Look for a queue taking a flood of packets — that points at the traffic type (e.g. broadcast, for-us, or features forcing software handling).

Step 4 — Fix the root

Once you know the process or punted traffic, fix the cause, not the symptom: stop the L2 loop, rate-limit or filter the offending host, correct the routing/feature that forces process-switching, or apply control-plane policing (CoPP) to protect the CPU.

How Tech Matrix solves this in ~60 seconds

The grind here is reading show processes cpu output and knowing whether a process or punted traffic is to blame — on your exact IOS-XE version. Tech Matrix connects to the switch through a secure agent, pulls the CPU history and platform stats itself, and tells you the offending process and root cause, grounded in your platform and config. You approve every command before it runs.

Create free account →See how it works

Frequently asked questions

How do I check CPU usage on a Cisco Catalyst switch?

Run 'show processes cpu sorted 5sec' for a live view and 'show processes cpu history' for a 72-hour graph. The first line shows total and interrupt CPU.

What does high interrupt CPU mean on a Catalyst?

It means traffic is being punted to the CPU instead of switched in hardware. Use 'show platform punt-statistics' to find which queue and traffic type is responsible.

Which process causes high CPU on Catalyst 9000?

Frequently SISF/IP device tracking, ARP Input, or Spanning-Tree. 'show processes cpu sorted' names the top process.