>>Вот дефолтное время транляций,
>
>Дефолтовые значения знаю. :)
>Вобщем, на сколько я понял, надо играться с двумя параметрами:
>
>ip nat translation timeout 900
>ip nat translation max-entries 25000 Через 2 часа:
c3620#sh proc cpu s | e 0.00
CPU utilization for five seconds: 99%/9%; one minute: 99%; five minutes: 98%
PID Runtime(ms) Invoked uSecs 5Sec 1Min 5Min TTY Process
33 36731948 3697691 9933 87.08% 88.93% 87.99% 0 IP Input
105 1291764 2896761 445 0.92% 0.80% 0.89% 0 IP NAT Ager
52 88436 7216 12255 0.85% 0.10% 0.06% 0 IP Cache Ager
5 287120 47059 6101 0.42% 0.10% 0.06% 0 Check heaps
Циска практически в down-е. :(
Спасло только clear ip nat tr * :(
Конфиг такой:
Current configuration : 2705 bytes
!
version 12.2
service nagle
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
no service password-encryption
service compress-config
no service dhcp
!
hostname "c3620"
!
boot system flash:c3620-ik8o3s-mz.122-13.bin
logging buffered 4096 debugging
no logging console
aaa new-model
aaa authentication banner ^C^C
aaa authentication login default local-case
aaa authorization exec default local
!
username andrei privilege 15 password 7 ххх
username al password 7 ххх
memory-size iomem 25
clock timezone CHE 5
clock summer-time CHE recurring last Sun Mar 2:00 last Sun Oct 3:00
ip subnet-zero
no ip source-route
ip cef
!
!
ip name-server 87.226.191.1
!
ip audit notify log
ip audit po max-events 100
!
isdn switch-type primary-net5
call rsvp-sync
!
!
!
!
!
!
controller E1 1/0
framing NO-CRC4
channel-group 0 timeslots 1-31
description To Rostelecom
!
controller E1 1/1
shutdown
!
!
!
interface FastEthernet1/0
description To Local
ip address 10.1.2.2 255.255.255.252
ip nat inside
speed 10
half-duplex
hold-queue 4096 in
hold-queue 4096 out
!
interface Serial1/0:0
description To Rostelecom
ip address 94.25.10.94 255.255.255.252
ip access-group 110 out
ip verify unicast reverse-path
no ip proxy-arp
ip nat outside
no fair-queue
hold-queue 4096 in
hold-queue 4096 out
!
ip nat translation timeout 600
ip nat translation max-entries 15000
ip nat inside source list 100 interface Serial1/0:0 overload
ip classless
ip route 0.0.0.0 0.0.0.0 94.25.10.93 100
ip route 10.1.3.0 255.255.255.0 10.1.2.1
no ip http server
!
access-list 10 remark ACL for SNMP
access-list 10 permit 87.226.191.1
access-list 10 deny any
access-list 100 permit ip 10.1.3.0 0.0.0.255 any
access-list 100 deny ip any any
access-list 110 deny ip 10.1.3.0 0.0.0.255 any
access-list 110 permit ip any any
no cdp run
snmp-server community public RO 10
snmp-server enable traps tty
!
dial-peer cor custom
!
!
!
!
banner motd ^C
****************************************************************
ACCESS IS RESTRICTED TO AUTHORIZED PERSONNEL ONLY
DISCONNECT IMMEDIATELY IF YOU ARE NOT
- This is a privately owned networking system. Access is
only authorized by employees or agents of the company.
- This system is equipped with a security system intended
to prevent and record all unauthorized access attempts.
- Unauthorized access or use shall render the user liable
*o criminal and/or civil prosecution.
****************************************************************
^C
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
exec-timeout 0 0
!
ntp clock-period 17180056
ntp server 87.226.191.5
end
Куда еще копать?