I wanted to kick the tires on

dan.letkeman · ‎04-12-2011

Hello,

I'm trying to monitor nat stats using snmp in the newer IOS versions. I had it working pre 12.4(22)T, but now it seems as if the oid has changed.

2811#show ip nat statistics

Total active translations: 29 (0 static, 29 dynamic; 29 extended)

Peak translations: 43, occurred 1d13h ago

Outside interfaces:

FastEthernet0/1

Inside interfaces:

Loopback0, Virtual-Template1

Hits: 82385 Misses: 0

CEF Translated packets: 66829, CEF Punted packets: 3876

Expired translations: 5233

Dynamic mappings:

-- Inside Source

[Id: 1] access-list nat pool inet refcount 30

pool inet: netmask 255.255.255.192

start 111.111.111.110 end 111.111.111.111

type generic, total addresses 1, allocated 1 (100%), misses 0

Total doors: 1

Appl doors: 1

Normal doors: 0

Queued Packets: 0

The number i'm looking for is the Total active translations. If you try it on a router that has 12.4(20)T it will work, seems as if anything newer does not.

Dan.

Gaganjeet Chug · ‎04-13-2011

Hi Dan,

There is currently no MIB that has the "show ip nat statistics" output. An enhancement
request was opened against this, but so far there are no plans to add this to the MIBs.

Here is the enhancement request ID and release notes:

CSCdr25202 no mib variable for ip nat statistics for total active translations

"snmp mib variable for the command: show ip nat statistics for the total active  
translations is not present at the moment. 

This is an enhancement request. The work-around is to issue the command on the device itself (via CLI)."

Thanks,
Gaganjeet

t_hesse · ‎11-24-2011

Hi Gagenjeet,

I also need this feature for IOS 15.0(1)M3. I have an 2901/K9 Router. When will it be available?

Thanks and regardes

Torsten

FNG · ‎06-27-2018

Dear community,

does anyone know if there are any updates regarding bug CSCdr25202? I still have this issue with Cisco ASR1001-HX 16.06.03 which we have here for evaluation. There still seems to be no sufficient OID implemented to get the current number of active NAT translations.

Thanks in advance.

BR, Niels

bhhanson · ‎11-29-2012

okay. is this really still true? really? i'll go dump some MIB's to see. but it sure would be helpful to have this. otherwise we end up troubleshooting things all too much...

thanks for any update/info.. this is a year later than the last post.

2921 on 15.1(4)M3.

thanks!

Rasmus Kiilerich · ‎09-12-2013

Please please Mr. Cisco

Implement this feature.

Ian Underwood · ‎10-09-2013

It looks like the info is defined in CISCO-NAT-EXT-MIB, but there doesn't seem to be any software which supports it:

http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=ciscoNATExtMIB

For shame.

++I;

Ian Underwood · ‎06-07-2017

I wanted to kick the tires on this old thread because somewhere in my travels, I needed to extract some similar information. I ended up writing and using a TCL script to pull some general information, and figured it would be good for the folks looking here.

Here's natstat.tcl, which I put in the main directory on the router (flash: at the time)

::cisco::eem::event_register_timer cron name timer_natstat cron_entry "* * * * *"

namespace import ::cisco::eem::*
namespace import ::cisco::lib::*

## Extract Statistics

# set natStat [ exec "show ip nat statistics" ]

if [catch {cli_open} result] {
	puts stderr $result
	exit 1
} else {
	array set cli1 $result
}

if [catch {cli_exec $cli1(fd) "show ip nat statistics"} result] {
    error $result $errorInfo
} else {
    set natStat $result
}

if [catch {cli_close $cli1(fd) $cli1(tty_id)} result] {
	puts stderr $result
	exit 1
}

## Process Output

set natMsg ""

# Pull out number of active translations, if we have it.

if [ regexp -all {active translations} $natStat ] {
	set natActive [ regexp -inline {active translations: ([0-9]+)} $natStat ]
	set natActive [ regexp -inline {[0-9]+} $natActive ]
	append natMsg "Active: $natActive  "
}

# Pull out number of peak translations, if we have it.

if [ regexp -all {Peak translations} $natStat ] {
	set natPeak [ regexp -inline {Peak translations: ([0-9]+)} $natStat ]
	set natPeak [ regexp -inline {[0-9]+} $natPeak ]
	append natMsg "Peak: $natPeak  "
}

# Pull out the number of expired translations, if we have it.

if [ regexp -all {Expired translations} $natStat ] {
	set natExpired [ regexp -inline {Expired translations: ([0-9]+)} $natStat ]
	set natExpired [ regexp -inline {[0-9]+} $natExpired ]

	# Load context variable natCvar.  Set to 0 if this hasn't been set.
	if { [catch {context_retrieve CONTEXT_NATEXP natCvar} result] } {
    	set natLastExpired 0
	} else {
	    set natLastExpired $result
	}

	# Return the number of translations expired in the last interval.
	# Append an asterisk for an incomplete interval.
	if [ expr $natLastExpired <= $natExpired ] {
		append natMsg "Interval Expired: " [expr $natExpired - $natLastExpired ]
	} else {
		append natMsg "Interval Expired: $natExpired*"
	}

	# Save context variable natCvar.  We'll use this to calculate the difference next time the script is run.
	set natCvar $natExpired
	catch {context_save CONTEXT_NATEXP natCvar}
}

## Send to syslog!

action_syslog priority info msg $natMsg

And enable it as such:

configure terminal
!
event manager directory user policy "flash:/"
event manager directory user library "flash:/"
event manager policy natstat.tcl
!
end

++I;

show ip nat statistics snmp oid