Cisco 4006 worm

they dont have worms, worms are in your network, please check CPU and utilization. Disconect every cable from your network and put one for one again OR try to deny some networks and try to figure out wich network is making so slow the 4006

It is quite unlikely that a worm or virus has infected your 4006 itself. I have a vague memory that some group was able to drop code into a couple of kinds of IOS devices, but that would have been at least 6 years ago, probably longer, and only applied to a few devices (different models use different processors), was relatively easily defended against, and would have been patched long ago.

It is, though, entirely possible that something in your network has been infected and your network is being flooded with outgoing attempts to infect other things. You can track that sort of activity by setting up a syslog server and adding "log" modifiers to your ACL entries (use permit ip any any log if you want to permit all traffic through.) Alternately, try enabling "ip accounting"; then "show ip accounting" can show you summaries of where the traffic is going.

(I'm presuming here that your 4006 has a routing card in it, not just acting as a true layer 2 switch.)

For really detailed accounting, you -might- be able to enable "netflow", but you probably don't have a netflow analyzer available, and I suspect your 4006 doesn't support netflow.

On a Catalyst 4006 switch on which you have installed one or more WS-X4148-RJ45V modules, the typical utilization is higher:

Brad Reese Cisco Repair

"show proc cpu" is probably a good start. I don't know if the 4006 runs IOS but if yours is then try "show proc cpu sort".

Sam