Исходное сообщение
"Странность НАТа" Отправлено Andrei_V, 14-Дек-08 14:29
>>Вот дефолтное время транляций, > >Дефолтовые значения знаю. :) >Вобщем, на сколько я понял, надо играться с двумя параметрами: > >ip nat translation timeout 900 >ip nat translation max-entries 25000 Через 2 часа: c3620#sh proc cpu s | e 0.00 CPU utilization for five seconds: 99%/9%; one minute: 99%; five minutes: 98% PID Runtime(ms)   Invoked      uSecs   5Sec   1Min   5Min TTY Process   33    36731948   3697691       9933 87.08% 88.93% 87.99%   0 IP Input 105     1291764   2896761        445  0.92%  0.80%  0.89%   0 IP NAT Ager   52       88436      7216      12255  0.85%  0.10%  0.06%   0 IP Cache Ager    5      287120     47059       6101  0.42%  0.10%  0.06%   0 Check heaps Циска практически в down-е. :( Спасло только clear ip nat tr * :( Конфиг такой: Current configuration : 2705 bytes ! version 12.2 service nagle no service pad service timestamps debug datetime localtime service timestamps log datetime localtime no service password-encryption service compress-config no service dhcp ! hostname "c3620" ! boot system flash:c3620-ik8o3s-mz.122-13.bin logging buffered 4096 debugging no logging console aaa new-model aaa authentication banner ^C^C aaa authentication login default local-case aaa authorization exec default local ! username andrei privilege 15 password 7 ххх username al password 7 ххх memory-size iomem 25 clock timezone CHE 5 clock summer-time CHE recurring last Sun Mar 2:00 last Sun Oct 3:00 ip subnet-zero no ip source-route ip cef ! ! ip name-server 87.226.191.1 ! ip audit notify log ip audit po max-events 100 ! isdn switch-type primary-net5 call rsvp-sync ! ! ! ! ! ! controller E1 1/0 framing NO-CRC4 channel-group 0 timeslots 1-31 description To Rostelecom ! controller E1 1/1 shutdown ! ! ! interface FastEthernet1/0 description To Local ip address 10.1.2.2 255.255.255.252 ip nat inside speed 10 half-duplex hold-queue 4096 in hold-queue 4096 out ! interface Serial1/0:0 description To Rostelecom ip address 94.25.10.94 255.255.255.252 ip access-group 110 out ip verify unicast reverse-path no ip proxy-arp ip nat outside no fair-queue hold-queue 4096 in hold-queue 4096 out ! ip nat translation timeout 600 ip nat translation max-entries 15000 ip nat inside source list 100 interface Serial1/0:0 overload ip classless ip route 0.0.0.0 0.0.0.0 94.25.10.93 100 ip route 10.1.3.0 255.255.255.0 10.1.2.1 no ip http server ! access-list 10 remark ACL for SNMP access-list 10 permit 87.226.191.1 access-list 10 deny   any access-list 100 permit ip 10.1.3.0 0.0.0.255 any access-list 100 deny   ip any any access-list 110 deny   ip 10.1.3.0 0.0.0.255 any access-list 110 permit ip any any no cdp run snmp-server community public RO 10 snmp-server enable traps tty ! dial-peer cor custom ! ! ! ! banner motd ^C ****************************************************************       ACCESS IS RESTRICTED TO AUTHORIZED PERSONNEL ONLY             DISCONNECT IMMEDIATELY IF YOU ARE NOT   - This is a privately owned networking system. Access is     only authorized by employees or agents of the company.   - This system is equipped with a security system intended     to prevent and record all unauthorized access attempts.   - Unauthorized access or use shall render the user liable     *o criminal and/or civil prosecution. **************************************************************** ^C ! line con 0 exec-timeout 0 0 line aux 0 line vty 0 4 exec-timeout 0 0 ! ntp clock-period 17180056 ntp server 87.226.191.5 end Куда еще копать?