NAT rate limit when using ACL

Unanswered Question
Jun 24th, 2010

/* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin-top:0in; mso-para-margin-right:0in; mso-para-margin-bottom:10.0pt; mso-para-margin-left:0in; line-height:115%; mso-pagination:widow-orphan; font-size:11.0pt; font-family:"Calibri","sans-serif"; mso-ascii-font-family:Calibri; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Calibri; mso-hansi-theme-font:minor-latin; mso-bidi-font-family:"Times New Roman"; mso-bidi-theme-font:minor-bidi;}


I have the following NAT rate limit commands in my 2851 router config:

ip nat translation max-entries all-host 1000
ip nat translation max-entries list 27 10000

I would expect the router applies 10000 entries limit for the packets match ACL 27 and 1000 entries limit for all other hosts. However "show ip nat statistics" shows I am wrong in my assumptions:

#show ip nat statistics
  acl 27: max allowed 10000, used 0, missed 0

host max allowed 1000, used 1000, missed 31519

host max allowed 1000, used 1000, missed 21143

#show ip access-lists 27
Standard IP access list 27
     10 permit (93103 matches)
     20 permit (9951 matches)

I will appreciate if someone can clarify what I am doing wrong. Thanks you in advance.

#show version
Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(24)T, RELEASE SOFTWARE (fc1)

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion

Related Content