Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1579
Views
2
Helpful
19
Replies

configuration of cisco nexus n9k-c9348gc-fxp

Go to solution
rabmou
Level 1
Level 1

‎11-19-2023 07:28 AM

 

Hi all,

I have a home router non configurable from ISP.

I am trying to connect the router to a nexus n9k switch on port eth1/48 and allow internet access to vlan. I have run the below configuration.

 

# Configure VLANs

switch# configure terminal

switch(config)# vlan 10

switch(config-vlan)# name VLAN10

switch(config-vlan)# exit

 

switch(config)# vlan 20

switch(config-vlan)# name VLAN20

switch(config-vlan)# exit

 

# Configure Interfaces

switch(config)# interface ethernet 1/48

switch(config-if)# no switchport

switch(config-if)# ip address 192.168.1.98/24

switch(config-if)# exit

 

switch(config)# interface vlan 10

switch(config-if)# no shutdown

switch(config-if)# ip address 10.0.1.1/24

switch(config-if)# exit

 

switch(config)# interface vlan 20

switch(config-if)# no shutdown

switch(config-if)# ip address 10.0.2.1/24

switch(config-if)# exit

 

# Enable IP Routing

switch(config)# ip routing

 

# Configure Extended ACL for NAT

switch(config)# ip access-list extended NAT_ACL

switch(config-ext-nacl)# permit ip 10.0.1.0 0.0.0.255 any

switch(config-ext-nacl)# permit ip 10.0.2.0 0.0.0.255 any

switch(config-ext-nacl)# exit

 

# Enable NAT and specify inside and outside interfaces

switch(config)# feature nat

switch(config)# ip nat inside source list NAT_ACL interface ethernet 1/48 overload

 

# Save Configuration

switch# copy running-config startup-config

switch(config)# interface vlan 20

switch(config-if)# ip nat inside

switch(config-if)# exit

 

switch(config)# interface ethernet 1/48

switch(config-if)# ip nat outside

switch(config-if)# exit

 

# Configure Default Route

switch(config)# ip route 0.0.0.0/0 192.168.1.1

 

 

I am able to ping internet from the switch but not from clients on nat outside I am having an error

Nat tcam not carved" what I am doing wrong.

Labels:
0 Helpful
19 Replies 19

Go to solution
rabmou
Level 1
Level 1
In response to MHM Cisco World

‎11-20-2023 04:29 AM

if found this error in the log 2023 Nov 20 12:18:56 switch netstack[30739]: NAT: Can't create dynamic translations, maximum limit reached

0 Helpful

Go to solution
M02@rt37
VIP
VIP

‎11-19-2023 08:25 AM - edited ‎11-19-2023 08:26 AM

Hello @rabmou 

The error "Nat tcam not carved" on a Cisco Nexus 9000 series switch typically indicates that there is a limitation on the number of TCAM (Ternary Content Addressable Memory) entries available for NAT (Network Address Translation). The TCAM resources are finite, and if the required resources for NAT entries are not available, you may encounter this error.

Check the TCAM utilization on your Nexus switch to understand how much of the available TCAM resources are being used:

show system internal access-list resource utilization

Ensure that your NAT_ACL access list has the necessary and specific entries for the traffic you intend to NAT.

https://www.cisco.com/c/en/us/support/docs/switches/nexus-9000-series-switches/119032-nexus9k-tcam-00.html

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
rabmou
Level 1
Level 1
In response to M02@rt37

‎11-19-2023 09:20 PM

what should i free to enable nat

 

slot 1
=======


Atomic Update : ENABLED
Default ACL : DENY
Bank Chaining : DISABLED
Fabric path DNL : DISABLED
NS Buffer Profile: Burst optimized
Min Buffer Profile: all
EOQ Class Stats: qos-group-0
NS MCQ3 Alias: qos-group-3
Ing PG Share: ENABLED
IPG in Shape: DISABLED
Classify ns-only : DISABLED
Ing PG Min: NOT-DISABLED
Ing PG Headroom reservation: 100
OQ Drops Type: both
OQ Stats Type: [c1]: q 1 both
[c2]: q 2 both
[c3]: q 3 both
[c4]: q 4 both
[c5]: q 5 both
[c6]: q 6 both
[c7]: q 7 both
[c8]: q 8 both
[c9]: q 9 both
peak count type: port
counter 0 classes: 255
counter 1 classes: 0
OOBST Max records: 1000
DPP Aging Period: 5000
DPP Max Number of Packets: 120
AFD ETRAP Aging Period: 50
AFD ETRAP Byte Count: 1048555
AFD ETRAP Bandwidth Threshold: 500
ACL Inner Header Match : DISABLED
VXLAN OAM Dynamic Entry Move: TRUE
VXLAN XConnect ACL Programmed: FALSE
DOT1X Entry Move: TRUE
DOT1X Entry ACL Programmed: TRUE
DOT1X Multi Auth ACL Entry Programmed: FALSE
Multicast NLB enabled: FALSE
TCAM Template Initialised: TRUE

LOU Threshold Value : 5

--------------------------------------------------------------------------------------
INSTANCE 0 TCAM Region Information:
--------------------------------------------------------------------------------------
Ingress:
--------
Region TID Base Size Width
--------------------------------------------------------------------------------------
NAT 13 0 0 1
Ingress PACL 1 0 512 1
Ingress VACL 2 512 512 1
Ingress RACL 3 1024 1536 1
Ingress RBACL 4 0 0 1
Ingress L2 QOS 5 2560 256 1
Ingress L3/VLAN QOS 6 2816 256 1
Ingress SUP 7 3072 512 1
Ingress L2 SPAN ACL 8 3584 256 1
Ingress L3/VLAN SPAN ACL 9 3840 256 1
Ingress FSTAT 10 0 0 1
SPAN 12 4096 512 1
Ingress REDIRECT 14 0 0 1
Netflow/Analytics Filter TCAM 21 4608 512 1
Ingress NBM 30 0 0 1
Ingress Flow-redirect 39 0 0 1
Ingress RACL Lite 42 0 0 1
41 0 0 1
43 0 0 1
-------------------------------------------------------------------------------------
Total configured size: 5120
Remaining free size: 0
Note: Ingress SUP region includes Redirect region

Egress:
--------
Region TID Base Size Width
--------------------------------------------------------------------------------------
Egress VACL 15 0 256 1
Egress RACL 16 256 1536 1
Egress SUP 18 1792 256 1
Egress L2 QOS 19 0 0 1
Egress L3/VLAN QOS 20 0 0 1
Egress CoPP 37 0 0 1
-------------------------------------------------------------------------------------
Total configured size: 2048
Remaining free size: 0

0 Helpful

Go to solution
M02@rt37
VIP
VIP
In response to rabmou

‎11-19-2023 11:48 PM

Hello @rabmou 

The output you provided indicates the TCAM configuration on your Nexus switch, particularly the configured size and remaining free size for each TCAM region. From the information provided, it seems that the Ingress NAT TCAM region has been configured with a total size of 5120 and there is no remaining free size.

M02rt37_0-1700466100865.png

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
rabmou
Level 1
Level 1
In response to M02@rt37

‎11-20-2023 12:15 AM

i have sorted out the nat resources and below the switch configuration now but still i have no internet access on vlan10

 

ip domain-lookup
ip access-list NAT_ACL
10 permit ip 10.0.1.0 0.0.0.255 any
20 permit ip 10.0.2.0 0.0.0.255 any
copp profile strict
snmp-server user admin network-admin auth md5 0xc340d402f79be327ee57064573451d04 priv 0xc340d402f79be327ee57064573451d04 localizedkey
rmon event 1 description FATAL(1) owner PMON@FATAL
rmon event 2 description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 description ERROR(3) owner PMON@ERROR
rmon event 4 description WARNING(4) owner PMON@WARNING
rmon event 5 description INFORMATION(5) owner PMON@INFO

ip route 0.0.0.0/0 192.168.1.1
vlan 1,10,20
ip nat inside source list NAT_ACL interface Ethernet1/48 overload

vrf context management
hardware access-list tcam region ing-racl 512
hardware access-list tcam region nat 1024


interface Vlan1

interface Vlan10
no shutdown
ip address 10.0.1.1/24
ip nat inside

interface Vlan20
no shutdown
ip address 10.0.2.1/24

interface Ethernet1/1
switchport
switchport access vlan 10
no shutdown

interface Ethernet1/2

interface Ethernet1/3

interface Ethernet1/4

interface Ethernet1/5

interface Ethernet1/6

interface Ethernet1/7

interface Ethernet1/8

interface Ethernet1/9

interface Ethernet1/10

interface Ethernet1/11

interface Ethernet1/12

interface Ethernet1/13

interface Ethernet1/14

interface Ethernet1/15

interface Ethernet1/16

interface Ethernet1/17

interface Ethernet1/18

interface Ethernet1/19

interface Ethernet1/20

interface Ethernet1/21

interface Ethernet1/22

interface Ethernet1/23

interface Ethernet1/24

interface Ethernet1/25

interface Ethernet1/26

interface Ethernet1/27

interface Ethernet1/28

interface Ethernet1/29

interface Ethernet1/30

interface Ethernet1/31

interface Ethernet1/32

interface Ethernet1/33

interface Ethernet1/34

interface Ethernet1/35

interface Ethernet1/36

interface Ethernet1/37

interface Ethernet1/38

interface Ethernet1/39

interface Ethernet1/40

interface Ethernet1/41

interface Ethernet1/42

interface Ethernet1/43

interface Ethernet1/44

interface Ethernet1/45

interface Ethernet1/46

interface Ethernet1/47

interface Ethernet1/48
ip address 192.168.1.98/24
ip nat outside
no shutdown

interface Ethernet1/49

interface Ethernet1/50

interface Ethernet1/51

interface Ethernet1/52

interface Ethernet1/53

interface Ethernet1/54

interface mgmt0
vrf member management
line console
line vty
boot nxos bootflash:/nxos.9.3.2.bin

0 Helpful
Customers Also Viewed These Support Documents