Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2071
Views
0
Helpful
3
Replies

ASR 1001 can't telnet

Go to solution
c1szhibin
Level 1
Level 1

‎08-05-2015 11:53 PM - edited ‎03-08-2019 01:15 AM

When I tried to telnet from a ASR router, it showed as the following:

router#telnet w.x.y.z
% Out of local ports

The ASR router is able to telnet in the past, but it failed since a reboot recently.

Any suggestion to solve this problem?

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎08-06-2015 02:47 AM

Hi,

The probable cause is that your router is out of TCP ports to use for the connection. Are you perhaps running NAT on the device? It would be possible that all TCP ports have been exhausted. Can you perhaps post the show ip nat statistics ? Also, can you check the output of the show control-plane host open-ports output if that command is supported on your platform?

Best regards,
Peter

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee

‎08-06-2015 02:47 AM

Hi,

The probable cause is that your router is out of TCP ports to use for the connection. Are you perhaps running NAT on the device? It would be possible that all TCP ports have been exhausted. Can you perhaps post the show ip nat statistics ? Also, can you check the output of the show control-plane host open-ports output if that command is supported on your platform?

Best regards,
Peter

0 Helpful

Go to solution
c1szhibin
Level 1
Level 1
In response to Peter Paluch

‎08-08-2015 07:01 AM

Hi Peter,

  The router is running NAT. And sometimes it showed NAT entries are overload. The following is the output of show ip nat statistics. And the command show control-plane host open-ports is not supported on this router.

#sh ip nat stat
Total active translations: 5678 (1 static, 5677 dynamic; 5676 extended)
Outside interfaces:
  GigabitEthernet0/0/0
Inside interfaces: 
  GigabitEthernet0/0/1
Hits: 2935782272  Misses: 18787470
Expired translations: 18868493
Dynamic mappings:
-- Inside Source
[Id: 1] access-list NAT.acl interface GigabitEthernet0/0/0 refcount 5668
nat-limit statistics:
 max entry: max allowed 0, used 0, missed 0
In-to-out drops: 243248  Out-to-in drops: 6960068
Pool stats drop: 0  Mapping stats drop: 0
Port block alloc fail: 135837
IP alias add fail: 0
Limit entry add fail: 0

 

Any solution?

 

0 Helpful

Go to solution
Peter Paluch
Cisco Employee
Cisco Employee
In response to c1szhibin

‎08-12-2015 10:19 AM

Hi,

I am sorry to respond so late. Hopefully, this is still useful.

The NAT your are performing is basically a PAT - hiding the internal network behind the sole IP address assigned to your Gi0/0/0 interface. For NAT/PAT purposes, there is only a limited number of translations supported, and specifically with TCP and UDP, you can translate only about 65000 simultaneous conversations. If your day-to-day experience shows that this number is not sufficient, the best course of action is to request another IP address, or a pool of IP addresses, you can use to perform NAT/PAT into. Each additional IP address will give you additional 65000 simultaneous translations.

Is there an option of requesting another IP address for your NAT purposes? Ideally, that IP address should be from the same subnet as Gi0/0/0.

Best regards,
Peter

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card