1. Home
  2. Cisco Systems
  3. Dynamic NAT pool doesn't report full when pool contains interface IP

Dynamic NAT pool doesn't report full when pool contains interface IP

I am studying for my CCNA and I noticed an odd situation that I was hoping someone could explain. I have configured a Dynamic NAT pool (no PAT, despite the fact that any conceivable application w/o PAT seems contrived at best) that contains 5 IP addresses on my outside subnet.

I wrote a script to generate traffic from 8 inside host IPs, which should overrun the NAT pool and cause traffic from hosts 6-8 to fail. This works as expected. However, when I look at the 'show ip nat translations' output on the NAT router the pool doesn't appear to be full. The translation table below shows 5 entries, as configured in the pool. The apparent discrepancy is in the 'show ip nat statistics' output, where the dynamic pool 'vodka' only shows 80% utilization.

After a little more thinking (while finishing up the previous paragraph), it occurred to me that the first IP in pool 'vodka' (10.32.128.2) is also the interface IP address. I created a new pool 'gin' that shifted the pool boundaries up by one to avoid the interface IP. Repeating my test, the gin pool reports 100% utilization, as I originally expected.

So it appears that including the interface address in the pool was the cause of the unexpected output (or my 2620 doesn't care for Vodka). Is this just strange behavior on the part of the IOS, or is there some logical reason?

Thanks!

r1#show ip nat translations Pro Inside global Inside local Outside local Outside global

--- 10.32.128.2 172.17.130.101 --- ---

--- 10.32.128.3 172.17.130.100 --- ---

--- 10.32.128.4 172.17.130.102 --- ---

--- 10.32.128.5 172.17.130.103 --- ---

--- 10.32.128.6 172.17.135.100 --- --- r1#show ip nat statistics Total active translations: 5 (0 static, 5 dynamic; 0 extended) Outside interfaces: Serial0/1.163 Inside interfaces: FastEthernet0/0, Serial0/0 Hits: 882 Misses: 4 Expired translations: 0 Dynamic mappings:

-- Inside Source [Id: 1] access-list 101 pool vodka refcount 5 pool vodka: netmask 255.255.255.240 start 10.32.128.2 end 10.32.128.6 type generic, total addresses 5, allocated 4 (80%), misses 120

r1#show ip nat stat Total active translations: 5 (0 static, 5 dynamic; 0 extended) Outside interfaces: Serial0/1.163 Inside interfaces: FastEthernet0/0, Serial0/0 Hits: 2495 Misses: 9 Expired translations: 0 Dynamic mappings:

-- Inside Source [Id: 2] access-list 101 pool gin refcount 5 pool gin: netmask 255.255.255.240 start 10.32.128.3 end 10.32.128.7 type generic, total addresses 5, allocated 5 (100%), misses 12

Reply to
tom
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.