11-19-2023 07:28 AM
Hi all,
I have a home router non configurable from ISP.
I am trying to connect the router to a nexus n9k switch on port eth1/48 and allow internet access to vlan. I have run the below configuration.
# Configure VLANs
switch# configure terminal
switch(config)# vlan 10
switch(config-vlan)# name VLAN10
switch(config-vlan)# exit
switch(config)# vlan 20
switch(config-vlan)# name VLAN20
switch(config-vlan)# exit
# Configure Interfaces
switch(config)# interface ethernet 1/48
switch(config-if)# no switchport
switch(config-if)# ip address 192.168.1.98/24
switch(config-if)# exit
switch(config)# interface vlan 10
switch(config-if)# no shutdown
switch(config-if)# ip address 10.0.1.1/24
switch(config-if)# exit
switch(config)# interface vlan 20
switch(config-if)# no shutdown
switch(config-if)# ip address 10.0.2.1/24
switch(config-if)# exit
# Enable IP Routing
switch(config)# ip routing
# Configure Extended ACL for NAT
switch(config)# ip access-list extended NAT_ACL
switch(config-ext-nacl)# permit ip 10.0.1.0 0.0.0.255 any
switch(config-ext-nacl)# permit ip 10.0.2.0 0.0.0.255 any
switch(config-ext-nacl)# exit
# Enable NAT and specify inside and outside interfaces
switch(config)# feature nat
switch(config)# ip nat inside source list NAT_ACL interface ethernet 1/48 overload
# Save Configuration
switch# copy running-config startup-config
switch(config)# interface vlan 20
switch(config-if)# ip nat inside
switch(config-if)# exit
switch(config)# interface ethernet 1/48
switch(config-if)# ip nat outside
switch(config-if)# exit
# Configure Default Route
switch(config)# ip route 0.0.0.0/0 192.168.1.1
I am able to ping internet from the switch but not from clients on nat outside I am having an error
Nat tcam not carved" what I am doing wrong.
Solved! Go to Solution.
11-20-2023 04:29 AM
if found this error in the log 2023 Nov 20 12:18:56 switch netstack[30739]: NAT: Can't create dynamic translations, maximum limit reached
11-19-2023 08:25 AM - edited 11-19-2023 08:26 AM
Hello @rabmou
The error "Nat tcam not carved" on a Cisco Nexus 9000 series switch typically indicates that there is a limitation on the number of TCAM (Ternary Content Addressable Memory) entries available for NAT (Network Address Translation). The TCAM resources are finite, and if the required resources for NAT entries are not available, you may encounter this error.
Check the TCAM utilization on your Nexus switch to understand how much of the available TCAM resources are being used:
show system internal access-list resource utilization
Ensure that your NAT_ACL access list has the necessary and specific entries for the traffic you intend to NAT.
11-19-2023 09:20 PM
what should i free to enable nat
slot 1
=======
Atomic Update : ENABLED
Default ACL : DENY
Bank Chaining : DISABLED
Fabric path DNL : DISABLED
NS Buffer Profile: Burst optimized
Min Buffer Profile: all
EOQ Class Stats: qos-group-0
NS MCQ3 Alias: qos-group-3
Ing PG Share: ENABLED
IPG in Shape: DISABLED
Classify ns-only : DISABLED
Ing PG Min: NOT-DISABLED
Ing PG Headroom reservation: 100
OQ Drops Type: both
OQ Stats Type: [c1]: q 1 both
[c2]: q 2 both
[c3]: q 3 both
[c4]: q 4 both
[c5]: q 5 both
[c6]: q 6 both
[c7]: q 7 both
[c8]: q 8 both
[c9]: q 9 both
peak count type: port
counter 0 classes: 255
counter 1 classes: 0
OOBST Max records: 1000
DPP Aging Period: 5000
DPP Max Number of Packets: 120
AFD ETRAP Aging Period: 50
AFD ETRAP Byte Count: 1048555
AFD ETRAP Bandwidth Threshold: 500
ACL Inner Header Match : DISABLED
VXLAN OAM Dynamic Entry Move: TRUE
VXLAN XConnect ACL Programmed: FALSE
DOT1X Entry Move: TRUE
DOT1X Entry ACL Programmed: TRUE
DOT1X Multi Auth ACL Entry Programmed: FALSE
Multicast NLB enabled: FALSE
TCAM Template Initialised: TRUE
LOU Threshold Value : 5
--------------------------------------------------------------------------------------
INSTANCE 0 TCAM Region Information:
--------------------------------------------------------------------------------------
Ingress:
--------
Region TID Base Size Width
--------------------------------------------------------------------------------------
NAT 13 0 0 1
Ingress PACL 1 0 512 1
Ingress VACL 2 512 512 1
Ingress RACL 3 1024 1536 1
Ingress RBACL 4 0 0 1
Ingress L2 QOS 5 2560 256 1
Ingress L3/VLAN QOS 6 2816 256 1
Ingress SUP 7 3072 512 1
Ingress L2 SPAN ACL 8 3584 256 1
Ingress L3/VLAN SPAN ACL 9 3840 256 1
Ingress FSTAT 10 0 0 1
SPAN 12 4096 512 1
Ingress REDIRECT 14 0 0 1
Netflow/Analytics Filter TCAM 21 4608 512 1
Ingress NBM 30 0 0 1
Ingress Flow-redirect 39 0 0 1
Ingress RACL Lite 42 0 0 1
41 0 0 1
43 0 0 1
-------------------------------------------------------------------------------------
Total configured size: 5120
Remaining free size: 0
Note: Ingress SUP region includes Redirect region
Egress:
--------
Region TID Base Size Width
--------------------------------------------------------------------------------------
Egress VACL 15 0 256 1
Egress RACL 16 256 1536 1
Egress SUP 18 1792 256 1
Egress L2 QOS 19 0 0 1
Egress L3/VLAN QOS 20 0 0 1
Egress CoPP 37 0 0 1
-------------------------------------------------------------------------------------
Total configured size: 2048
Remaining free size: 0
11-19-2023 11:48 PM
Hello @rabmou
The output you provided indicates the TCAM configuration on your Nexus switch, particularly the configured size and remaining free size for each TCAM region. From the information provided, it seems that the Ingress NAT TCAM region has been configured with a total size of 5120 and there is no remaining free size.
11-20-2023 12:15 AM
i have sorted out the nat resources and below the switch configuration now but still i have no internet access on vlan10
ip domain-lookup
ip access-list NAT_ACL
10 permit ip 10.0.1.0 0.0.0.255 any
20 permit ip 10.0.2.0 0.0.0.255 any
copp profile strict
snmp-server user admin network-admin auth md5 0xc340d402f79be327ee57064573451d04 priv 0xc340d402f79be327ee57064573451d04 localizedkey
rmon event 1 description FATAL(1) owner PMON@FATAL
rmon event 2 description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 description ERROR(3) owner PMON@ERROR
rmon event 4 description WARNING(4) owner PMON@WARNING
rmon event 5 description INFORMATION(5) owner PMON@INFO
ip route 0.0.0.0/0 192.168.1.1
vlan 1,10,20
ip nat inside source list NAT_ACL interface Ethernet1/48 overload
vrf context management
hardware access-list tcam region ing-racl 512
hardware access-list tcam region nat 1024
interface Vlan1
interface Vlan10
no shutdown
ip address 10.0.1.1/24
ip nat inside
interface Vlan20
no shutdown
ip address 10.0.2.1/24
interface Ethernet1/1
switchport
switchport access vlan 10
no shutdown
interface Ethernet1/2
interface Ethernet1/3
interface Ethernet1/4
interface Ethernet1/5
interface Ethernet1/6
interface Ethernet1/7
interface Ethernet1/8
interface Ethernet1/9
interface Ethernet1/10
interface Ethernet1/11
interface Ethernet1/12
interface Ethernet1/13
interface Ethernet1/14
interface Ethernet1/15
interface Ethernet1/16
interface Ethernet1/17
interface Ethernet1/18
interface Ethernet1/19
interface Ethernet1/20
interface Ethernet1/21
interface Ethernet1/22
interface Ethernet1/23
interface Ethernet1/24
interface Ethernet1/25
interface Ethernet1/26
interface Ethernet1/27
interface Ethernet1/28
interface Ethernet1/29
interface Ethernet1/30
interface Ethernet1/31
interface Ethernet1/32
interface Ethernet1/33
interface Ethernet1/34
interface Ethernet1/35
interface Ethernet1/36
interface Ethernet1/37
interface Ethernet1/38
interface Ethernet1/39
interface Ethernet1/40
interface Ethernet1/41
interface Ethernet1/42
interface Ethernet1/43
interface Ethernet1/44
interface Ethernet1/45
interface Ethernet1/46
interface Ethernet1/47
interface Ethernet1/48
ip address 192.168.1.98/24
ip nat outside
no shutdown
interface Ethernet1/49
interface Ethernet1/50
interface Ethernet1/51
interface Ethernet1/52
interface Ethernet1/53
interface Ethernet1/54
interface mgmt0
vrf member management
line console
line vty
boot nxos bootflash:/nxos.9.3.2.bin
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide