NXC2500 high CPU usage / Sessions
Freshman Member
Hey there,
i have a NXC2500 and 5 NWA5123-AC for 5 years and it works great. But since a few weeks the CPU Usage from the NXC2500 goes up to 100%. I can see that the Session count is between 2k and 10k and then the CPU usage is very high.
But i cant find a solution and hope you can help me. The Firmware from the NXC2500 is V6.10(AAIG.2) and for the five APs NWA5123-AC it is 6.10(AAZY.10).
I heard, for the NXC2500 are inofficial Hotfixes available at request?
I attached the System rapport from yesterday. If you need more Information about the config so please tell me.
Big THX for helping me!!!
CPU Usage:
Memory Usage
Session Usage
Traffics:
Best Answers
-
Problem solved!
As a workaround I set the Firewall→Session Control option "Default Session per Host" to "200". Now it works and the CPU always stays below 50%!
The support, especially Zyxel_Kay, helped me very well to analyze the problem. Apparently a few stations are being attacked and are causing a lot of sessions, causing the NXC's CPU load to go up to 100%.
However, since it is a hotspot in a hotel, we have no access to the individual stations/computers of the users/guests and could therefore only block them completely, which we don't want to do. So a session limit is the best compromise for us.
Best regards and thank you again for helping me,
JNet
0 -
Hi @JNet
We're pleased to be of assistance in identifying the underlying cause of this issue.
Besides, if you ever consider setting up multiple SSIDs with different VLANs on the AP controller NXC2500, we have a helpful guide for you to refer to:
Feel free to reach out if you have any further questions or require additional support.
Kay
0
Zyxel Employee
All Replies
-
Hi @JNet
In order to better analyze and diagnose the situation, could you kindly provide us with the diagnostic files from your NXC2500 and the NWA5123-AC Access Points?
For guidance in collecting controller/AP diagnostic files from the AP Controller, you may refer to this article:
Once you have collected these diagnostic files, please compress them into a zip file and share them with us via private message. This will greatly assist us in identifying the root cause of the issue and providing you with an appropriate solution.
Kay
0 -
Hello Kay and thank you for helping me!
Is there a way to collect and get the diagnostic files without USB Storage connected? I only have remote access to the NXC2500 Webinterface so i can't attach a USB storage to the Device.
If i deactivate the checkbox "Copy the diagnostic file to USB storage (if ready), then there are nothing i can found on the "Files" Tab (and yes i wait until collecting data is successful).
0 -
Hi @JNet
The diagnostic file can be collected even if the USB isn’t connected to the AP controller. When you press the “Collect Now” button on MAINTENANCE > Diagnostics > Controller/AP, the Diagnostic Collect Status will change from “Standby” to “Busy on Controller/AP,” indicating that the diagnostic file is being generated. Please be patient, as this process may take around 8 minutes or longer. Once the status returns to "Standby," the diagnostic file is ready.
You may find and download the file from the Files tab.
Please help collect the diagnostics file again and share them with us via private msg. Thank you!
Kay
0 -
Hi Kay,
thank you for the tutorial but that's exactly what I did. I wait until the Status changed from “Busy on Controller/AP" to “Standby” but there are no files to download on the "Files"-Site. I restarted the NXC2500 and tried it again - but same Problem. Memory and Flash an the Controller are under 10% so there are enough free space I think. Is there another way to get the diagnostic files or how can i solve the issue?
Thank you very much for helping me!!!
0 -
Hi @JNet
You may review your devices for an excess of diagnostic, packet capture, or configuration files, and remove any unused files to free up space.
- Diagnostic files can be found at MAINTENANCE > Diagnostics > Files.
- Packet capture files can be found at MAINTENANCE > Diagnostics > Packet Capture > Files
- Configuration files are located at Maintenance > File Manager > Configuration File.
(Note: Do not delete system-default.conf, startup-config.conf, and lastgood.conf files.)
If the diagnostic files still couldn’t be collected after this, kindly share your availability for remote access. Let us know when you are available between 9 am and 6 pm (UTC+8 on weekdays) so that we can schedule a convenient time for remote assistance.
Kay
0 - Diagnostic files can be found at MAINTENANCE > Diagnostics > Files.
-
Hi Kay,
good News - collecting diagnostic Data from Controller works now! I didn't do anything differently than before so I don't know why it works now. I send you the compressed Data via PM and hope you can help me.
However, it still doesn't work to collect diagnostic Data from the five Access Points. I tried it several times but after a few minutes I got the Result: "AP-1-1 : Failed on transmission". I checked it and there is enough free space on the NXC2500 Controller.
If it helps, you can access the device via remote support. I'm always available between 4 pm and 6 pm.
Thanks in advance and best regards!
0 -
Hi @JNet
Based on the diaginfo, it appears that you are utilizing VLAN 0 and VLAN 20. The NXC2500 functions as the DHCP server for VLAN 0, with the default gateway pointing to the NXC2500.
To gain a more comprehensive understanding of your overall network architecture, we would appreciate more details regarding your IP settings, including the default gateway configuration for stations.
Moreover, we kindly request remote access to the NXC2500 for real-time data retrieval when the issue occurs. Please share your Teamviewer/Anydesk details via private message, and we'll remotely access your NXC2500 for further assistance.
Kay
0 -
Hi Kay,
my overall network architecture is: Zxyel Router (Gateway) →NXC2500 → 5 Access Points
The Users must Login via Captive Portal. I only use VLAN 0 because VLAN 20 does not work for me. I wanted to set up VLAN 0 as the admin network and VLAN 20 for the users WLAN with captive portal but that didn't work. So I ran everything over VLAN 0 because that worked.
We can do remote support via Anydesk or you can also have direct access to the NXC2500 web interface. I send you am PM.
0 -
Problem solved!
As a workaround I set the Firewall→Session Control option "Default Session per Host" to "200". Now it works and the CPU always stays below 50%!
The support, especially Zyxel_Kay, helped me very well to analyze the problem. Apparently a few stations are being attacked and are causing a lot of sessions, causing the NXC's CPU load to go up to 100%.
However, since it is a hotspot in a hotel, we have no access to the individual stations/computers of the users/guests and could therefore only block them completely, which we don't want to do. So a session limit is the best compromise for us.
Best regards and thank you again for helping me,
JNet
0 -
Hi @JNet
We're pleased to be of assistance in identifying the underlying cause of this issue.
Besides, if you ever consider setting up multiple SSIDs with different VLANs on the AP controller NXC2500, we have a helpful guide for you to refer to:
Feel free to reach out if you have any further questions or require additional support.
Kay
0
Categories
- All Categories
- 431 Beta Program
- 2.6K Nebula
- 164 Nebula Ideas
- 112 Nebula Status and Incidents
- 6K Security
- 364 USG FLEX H Series
- 292 Security Ideas
- 1.5K Switch
- 78 Switch Ideas
- 1.2K Wireless
- 42 Wireless Ideas
- 6.6K Consumer Product
- 262 Service & License
- 407 News and Release
- 87 Security Advisories
- 31 Education Center
- 10 [Campaign] Zyxel Network Detective
- 3.9K FAQ
- 34 Documents
- 34 Nebula Monthly Express
- 85 About Community
- 83 Security Highlight
