08-05-2015 11:53 PM - edited 03-08-2019 01:15 AM
When I tried to telnet from a ASR router, it showed as the following:
router#telnet w.x.y.z
% Out of local ports
The ASR router is able to telnet in the past, but it failed since a reboot recently.
Any suggestion to solve this problem?
Solved! Go to Solution.
08-06-2015 02:47 AM
Hi,
The probable cause is that your router is out of TCP ports to use for the connection. Are you perhaps running NAT on the device? It would be possible that all TCP ports have been exhausted. Can you perhaps post the show ip nat statistics ? Also, can you check the output of the show control-plane host open-ports output if that command is supported on your platform?
Best regards,
Peter
08-06-2015 02:47 AM
Hi,
The probable cause is that your router is out of TCP ports to use for the connection. Are you perhaps running NAT on the device? It would be possible that all TCP ports have been exhausted. Can you perhaps post the show ip nat statistics ? Also, can you check the output of the show control-plane host open-ports output if that command is supported on your platform?
Best regards,
Peter
08-08-2015 07:01 AM
Hi Peter,
The router is running NAT. And sometimes it showed NAT entries are overload. The following is the output of show ip nat statistics. And the command show control-plane host open-ports is not supported on this router.
#sh ip nat stat
Total active translations: 5678 (1 static, 5677 dynamic; 5676 extended)
Outside interfaces:
GigabitEthernet0/0/0
Inside interfaces:
GigabitEthernet0/0/1
Hits: 2935782272 Misses: 18787470
Expired translations: 18868493
Dynamic mappings:
-- Inside Source
[Id: 1] access-list NAT.acl interface GigabitEthernet0/0/0 refcount 5668
nat-limit statistics:
max entry: max allowed 0, used 0, missed 0
In-to-out drops: 243248 Out-to-in drops: 6960068
Pool stats drop: 0 Mapping stats drop: 0
Port block alloc fail: 135837
IP alias add fail: 0
Limit entry add fail: 0
Any solution?
08-12-2015 10:19 AM
Hi,
I am sorry to respond so late. Hopefully, this is still useful.
The NAT your are performing is basically a PAT - hiding the internal network behind the sole IP address assigned to your Gi0/0/0 interface. For NAT/PAT purposes, there is only a limited number of translations supported, and specifically with TCP and UDP, you can translate only about 65000 simultaneous conversations. If your day-to-day experience shows that this number is not sufficient, the best course of action is to request another IP address, or a pool of IP addresses, you can use to perform NAT/PAT into. Each additional IP address will give you additional 65000 simultaneous translations.
Is there an option of requesting another IP address for your NAT purposes? Ideally, that IP address should be from the same subnet as Gi0/0/0.
Best regards,
Peter
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide