From: Matt Mullen (mullenm@gmail.com)
Date: Fri Dec 03 2004 - 13:14:20 GMT-3
Yes, I do see that:
R2#sh ip nat stat
Total active translations: 1 (0 static, 1 dynamic; 0 extended)
Outside interfaces:
Serial0.24
Inside interfaces:
Loopback88, Loopback99
Hits: 9 Misses: 1
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool natpool refcount 1
pool natpool: netmask 255.255.255.0
start 150.50.24.100 end 150.50.24.100
type generic, total addresses 1, allocated 1 (100%), misses 6
On Fri, 3 Dec 2004 11:05:14 -0500, Dave Meyer <dave.meyer@db.com> wrote:
> Matt,
>
> Does it register as a miss under " sh ip nat stat " ?
>
> Regards,
> Dave
> ______________________________________________
> Architecture & Engineering
> Work: (973) 682-4435
> Cell: (973)907-4963
>
> Matt Mullen <mullenm@gmail.com>
> 12/03/2004 08:59 AM
> Please respond to Matt Mullen
>
>
> To: Dave Meyer/NewYork/DBNA/DeuBa@DBNA
> cc: ccielab-subscribe@groupstudy.com
> Subject: Re: Dynamic NAT
>
>
>
>
> Dave,
>
> Yes I was on the console and logging console debug was turned on.
> Have you seen a message generated when the pool is exhausted? It
> might be IOS dependent.
>
> Thanks,
> Matt
>
> On Fri, 3 Dec 2004 08:53:28 -0500, Dave Meyer <dave.meyer@db.com> wrote:
> > Is logging turned on & are you consoled in ?
> >
> > Regards,
> > Dave
> > ______________________________________________
> > Architecture & Engineering
> > Work: (973) 682-4435
> > Cell: (973)907-4963
> >
> > Matt Mullen <mullenm@gmail.com>
> > Sent by: nobody@groupstudy.com
> > 12/02/2004 04:58 PM
> > Please respond to Matt Mullen
> >
> > To: ccielab@groupstudy.com
> > cc:
> > Subject: Re: Dynamic NAT
> >
> > Hi,
> >
> > I tried it and there was no message generated when the pool was
> > exhausted. I am running 12.2(26)...
> >
> > R2#sh run
> > !
> > interface Loopback88
> > ip address 88.88.88.1 255.255.255.0
> > ip nat inside
> > !
> > interface Loopback99
> > ip address 99.99.99.1 255.255.255.0
> > ip nat inside
> > !
> > interface Serial0
> > no ip address
> > encapsulation frame-relay
> > no frame-relay inverse-arp
> > !
> > interface Serial0.24 point-to-point
> > ip address 150.50.24.2 255.255.255.0
> > ip nat outside
> > frame-relay interface-dlci 104
> > !
> > !
> > ip nat pool natpool 150.50.24.100 150.50.24.100 netmask 255.255.255.0
> > ip nat inside source list 1 pool natpool
> > !
> > access-list 1 permit 88.88.88.0 0.0.0.255
> > access-list 1 permit 99.99.99.0 0.0.0.255
> >
> > R2#ping ip 150.50.24.4 source lo88
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 150.50.24.4, timeout is 2 seconds:
> > Packet sent with a source address of 88.88.88.1
> > !!!!!
> > Success rate is 100 percent (5/5), round-trip min/avg/max = 60/60/60 ms
> > R2#ping ip 150.50.24.4 source lo99
> >
> > Type escape sequence to abort.
> > Sending 5, 100-byte ICMP Echos to 150.50.24.4, timeout is 2 seconds:
> > Packet sent with a source address of 99.99.99.1
> > .....
> > Success rate is 0 percent (0/5)
> > R2#
> >
> > Interesting that it doesn't log anything. Would be nice to know when
> > your nat pool is running out. I guess we should all switch to IPv6 :)
> >
> > -Matt
> >
> > On Thu, 02 Dec 2004 15:49:51 -0500, Larry Roberts
> > <groupstudy@american-hero.com> wrote:
> > > Yep.
> > >
> > > I don't know if an error message is generated or not.
> > >
> > > I guess the best way would be to make a pool of 1 address, and try to
> > > have 2 different devices use it. See if anything gets written to the
> log
> > >
> > > I'm in the midst of a practice lab, or I would do it myself.
> > >
> > >
> > >
> > >
> > > Lee Gillespie wrote:
> > > > When the 29th user complains....
> > > >
> > > >
> > > > --- ccie2be <ccie2be@nyc.rr.com> wrote:
> > > >
> > > >
> > > >>Thanks again,
> > > >>
> > > >>but I forgot to ask:
> > > >>
> > > >>What happens when it fails? Will NAT siliently
> > > >>discard the packet, will a
> > > >>console message appear, or something else
> > > >>altogether?
> > > >>
> > > >>In other words, how would I know when or if this
> > > >>situation occurred?
> > > >>
> > > >>Thanks, Tim
> > > >>----- Original Message -----
> > > >>From: "Larry Roberts" <groupstudy@american-hero.com>
> > > >>To: "Phil" <theccie@gmail.com>
> > > >>Cc: "ccie2be" <ccie2be@nyc.rr.com>; "Group Study"
> > > >><ccielab@groupstudy.com>
> > > >>Sent: Thursday, December 02, 2004 1:59 PM
> > > >>Subject: Re: Dynamic NAT
> > > >>
> > > >>
> > > >>
> > > >>>without the "overload" keyword, the 29th NAT
> > > >>
> > > >>translation will fail.
> > > >>
> > > >>>with "overload" PAT kicks in.
> > > >>>
> > > >>>Larry
> > > >>>
> > > >>>
> > > >>>Phil wrote:
> > > >>>
> > > >>>>That is a good question. Without trying in the
> > > >>
> > > >>lab I would say that if
> > > >>
> > > >>>>your nat command is:
> > > >>>>
> > > >>>>ip nat inside source list 1 pool SMALL overload
> > > >>>>
> > > >>>>It will use PAT on the NATed source addresses,
> > > >>
> > > >>but every source will
> > > >>
> > > >>>>be 204.1.1.3 with different port numbers.
> > > >>
> > > >>Without the "overload"
> > > >>
> > > >>>>keyword my guess is that it will not work after
> > > >>
> > > >>the last address in
> > > >>
> > > >>>>the pool is used.
> > > >>>>
> > > >>>>Phil
> > > >>>>
> > > >>>>On Thu, 2 Dec 2004 13:34:59 -0500, ccie2be
> > > >>
> > > >><ccie2be@nyc.rr.com> wrote:
> > > >>
> > > >>>>>Hi guys,
> > > >>>>>
> > > >>>>>I've seen several examples where the pool of
> > > >>
> > > >>addresses (Inside Global)
> > > >>is
> > > >>
> > > >>>>>smaller than the number of Inside Local that
> > > >>
> > > >>might potentially need to
> > > >>be
> > > >>
> > > >>>>>translated.
> > > >>>>>
> > > >>>>>For example, let's say the inside local address
> > > >>
> > > >>is 10.0.1.0/24 which is
> > > >>254
> > > >>
> > > >>>>>potential addresses to be translated.
> > > >>>>>
> > > >>>>>Also, assume the pool of Inside Global address
> > > >>
> > > >>is define like this:
> > > >>
> > > >>>>>ip nat pool SMALL 204.1.1.3 204.1.1.31 netmask
> > > >>
> > > >>255.255.255.0
> > > >>
> > > >>>>>which is a total of 28 addresses.
> > > >>>>>
> > > >>>>>What happens when the 29th Inside Local address
> > > >>
> > > >>needs to be tranlated?
> > > >>
> > > >>>>>Does it just not work or does NAT "know" to now
> > > >>
> > > >>use extended translation
> > > >>
> > > >>>>>tables?
> > > >>>>>
> > > >>>>>TIA, Tim
> > > >>>>>
> > > >>>
> > >
> >
> >>>_______________________________________________________________________
> > > >>>
> > > >>>>>Subscription information may be found at:
> > > >>>>>http://www.groupstudy.com/list/CCIELab.html
> > > >>>>
> > > >>>>
> > > >>>>
> > > >
> > _______________________________________________________________________
> > > >
> > > >>>>Subscription information may be found at:
> > > >>>>http://www.groupstudy.com/list/CCIELab.html
> > > >>
> > > >>
> > > >
> > _______________________________________________________________________
> > > >
> > > >>Subscription information may be found at:
> > > >>http://www.groupstudy.com/list/CCIELab.html
> > > >>
> > > >
> > > >
> > > >
> > > >
> > > >
> > > > __________________________________
> > > > Do you Yahoo!?
> > > > The all-new My Yahoo! - Get yours free!
> > > > http://my.yahoo.com
> > > >
> > > >
> > _______________________________________________________________________
> > > > Subscription information may be found at:
> > > > http://www.groupstudy.com/list/CCIELab.html
> > >
> > >
> _______________________________________________________________________
> > > Subscription information may be found at:
> > > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jan 03 2005 - 10:31:24 GMT-3