How do I reset "show xlate count"?

Unanswered Question
Nov 4th, 2008


We recently had a surge in outside xlates and the counter for xlate most used shot up to 65700. Out average xlate count is 1500 and this makes the xlate monitoring graph hard to interpret.

Is it possible to reset this "most used" counter?



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
hoffa2000 Wed, 11/05/2008 - 22:34

clear xlate did not do the trick. 65700 is still the "most used" xlate count.

I use a context based FWSM version 3.1(10) if that makes any difference.


Jon Marshall Tue, 11/04/2008 - 02:10


I'm sure you know this but just in case please do not use "clear xlate" as suggested in previous post as this will remove all active translations.


francisco_1 Tue, 11/04/2008 - 02:15

i agree with jon.

If you must clear the xlate table, do so at a time of low usage or during a downtime window.


francisco_1 Tue, 11/04/2008 - 02:17

You can also adjust various idle timers that affect address translations and connections maintained by the firewall. Use the following commands if you feel a timeout adjustment is needed:

Xlate entry timer:

Firewall(config)# timeout xlate hh[:mm[:ss]]

By default, xlate entries involving TCP connections are be deleted after they have been idle (no data passed) for 3 hours. The minimum idle time is 1 minute, but the xlate idle timer can't be set to a value that is less than the uauth timer (the default is 5 minutes).

Xlate portmap (PAT) entries created for UDP always idle out after 30 seconds. This idle timer cannot be configured.



This Discussion