Dynamic NAT pool doesn't report full when pool contains interface IP

Discussion in 'Cisco' started by tom, Oct 9, 2009.

  1. tom

    tom Guest

    I am studying for my CCNA and I noticed an odd situation that I was
    hoping someone could explain. I have configured a Dynamic NAT pool (no
    PAT, despite the fact that any conceivable application w/o PAT seems
    contrived at best) that contains 5 IP addresses on my outside subnet.

    I wrote a script to generate traffic from 8 inside host IPs, which
    should overrun the NAT pool and cause traffic from hosts 6-8 to fail.
    This works as expected. However, when I look at the 'show ip nat
    translations' output on the NAT router the pool doesn't appear to be
    full. The translation table below shows 5 entries, as configured in
    the pool. The apparent discrepancy is in the 'show ip nat statistics'
    output, where the dynamic pool 'vodka' only shows 80% utilization.

    After a little more thinking (while finishing up the previous
    paragraph), it occurred to me that the first IP in pool
    'vodka' (10.32.128.2) is also the interface IP address. I created a
    new pool 'gin' that shifted the pool boundaries up by one to avoid the
    interface IP. Repeating my test, the gin pool reports 100%
    utilization, as I originally expected.

    So it appears that including the interface address in the pool was the
    cause of the unexpected output (or my 2620 doesn't care for Vodka). Is
    this just strange behavior on the part of the IOS, or is there some
    logical reason?

    Thanks!

    r1#show ip nat translations
    Pro Inside global Inside local Outside local Outside
    global
    --- 10.32.128.2 172.17.130.101 --- ---
    --- 10.32.128.3 172.17.130.100 --- ---
    --- 10.32.128.4 172.17.130.102 --- ---
    --- 10.32.128.5 172.17.130.103 --- ---
    --- 10.32.128.6 172.17.135.100 --- ---
    r1#show ip nat statistics
    Total active translations: 5 (0 static, 5 dynamic; 0 extended)
    Outside interfaces:
    Serial0/1.163
    Inside interfaces:
    FastEthernet0/0, Serial0/0
    Hits: 882 Misses: 4
    Expired translations: 0
    Dynamic mappings:
    -- Inside Source
    [Id: 1] access-list 101 pool vodka refcount 5
    pool vodka: netmask 255.255.255.240
    start 10.32.128.2 end 10.32.128.6
    type generic, total addresses 5, allocated 4 (80%), misses 120


    r1#show ip nat stat
    Total active translations: 5 (0 static, 5 dynamic; 0 extended)
    Outside interfaces:
    Serial0/1.163
    Inside interfaces:
    FastEthernet0/0, Serial0/0
    Hits: 2495 Misses: 9
    Expired translations: 0
    Dynamic mappings:
    -- Inside Source
    [Id: 2] access-list 101 pool gin refcount 5
    pool gin: netmask 255.255.255.240
    start 10.32.128.3 end 10.32.128.7
    type generic, total addresses 5, allocated 5 (100%), misses 12
     
    tom, Oct 9, 2009
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. c
    Replies:
    2
    Views:
    823
  2. JCVD
    Replies:
    1
    Views:
    464
    Martin Gallagher
    Feb 13, 2004
  3. Andrea
    Replies:
    0
    Views:
    875
    Andrea
    Apr 19, 2004
  4. yadap

    acl+Static nat+Dynamic Nat

    yadap, Aug 31, 2006, in forum: Cisco
    Replies:
    0
    Views:
    671
    yadap
    Aug 31, 2006
  5. eostrike
    Replies:
    3
    Views:
    2,076
    eostrike
    Oct 24, 2008
Loading...

Share This Page