Re: NAT entries maximum

henokk601 · ‎08-05-2024

Hi All,

On my cisco router I see the log entry: "default maximum entries value 131072 exceeded; frame dropped." What do these entries indicate?

Thanks,

Richard Burts · ‎08-05-2024

We do not have nearly enough information to be able to understand the issue or to give you good advice. As a starting point can you tell us what model of Cisco router you are using, what version of code is it running, and provide the complete log message content? And perhaps the several log messages before this one to help understand the context?

HTH

Rick

MHM Cisco World · ‎08-05-2024

NAT-Router#show ip nat statistics

PAT can up to 65000 NAT done, if you have two public IP then the number near 130000 (what you see)
after that the error start appear
so Q here did you adjust NAT timeout ?

MHM

henokk601 · ‎08-05-2024

Router model 4400 series.

How come for web serves publicly accessible the nat entries became full.

MHM Cisco World · ‎08-05-2024

If you make timeout long then each time host access web will use new port in end the table is full.

So not all case cisco recommend adjust NAT timeout

MHM

Giuseppe Larosa · ‎08-06-2024

Hello @henokk601 ,

it is still unclear.

>> How come for web serves publicly accessible the nat entries became full.

Do you mean you have static NAT for servers in a DMZ ? or you are referring to internet access from internal users ?

I would suggest you to provide your IOS XE version running, the nat configuation and the output of

show ip nat statistics

show ip nat trans

( the last one can expose sensitive info)

Hope to help

Giuseppe

bbb bbb · ‎08-06-2024

Dear,

Based on the log message raised, Experts reply inputs here seems to have answered your post.

Please also see this link that might help you -->

https://community.cisco.com/t5/routing/default-max-entries-default-maximum-entrires-value-16384/td-p/4620875

happy to help : ]

Best regards