cisco 2514做NAT后，总是内存不够用！！！！

duxiong

cisco 2514路由器做NAT后，总是内存不够用，每30分钟宕机一次！！！！

请高手指教，怎样检测是什么占用了资源？！！

show mem 运行后总也列不完一条一条的纪录，直到宕机！！！

以前出现过病毒，封掉了1434端口，

User Access Verification

Password:
cisco>;en
Password:
cisco#show run
Building configuration...

Current configuration:
!
version 12.0
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname cisco
!
enable secret .
enable password
!
ip subnet-zero
!
!
!
interface Ethernet0
ip address 10.88.1.1 255.255.0.0
ip access-group 104 in
ip access-group 104 out
no ip unreachables
no ip directed-broadcast
ip nat inside
no ip mroute-cache
!
interface Ethernet1
ip address xxx.25.39.66 255.255.255.224
no ip directed-broadcast
ip nat outside
no ip mroute-cache
!
interface Serial0
no ip address
no ip directed-broadcast
shutdown
no fair-queue
!
interface Serial1
no ip address
no ip directed-broadcast
shutdown
!
ip nat pool head xxx.25.39.94 xxx.25.39.94 netmask 255.255.255.224
ip nat inside source list 5 pool head overload
ip nat inside source static 10.88.0.1 xxx.25.39.81
ip nat inside source static 10.88.7.4 xxx.25.39.74
ip nat inside source static 10.88.0.9 xxx.25.39.89
ip nat inside source static 10.88.7.9 xxx.25.39.79
ip nat inside source static 10.88.7.8 xxx.25.39.78
ip nat inside source static 10.88.7.7 xxx.25.39.77
ip nat inside source static 10.88.7.6 xxx.25.39.76
ip nat inside source static 10.88.7.5 xxx.25.39.75
ip nat inside source static 10.88.7.3 xxx.25.39.73
ip classless
ip route 0.0.0.0 0.0.0.0 Ethernet1
ip route 10.88.0.0 255.255.0.0 Ethernet1
!
access-list 5 permit 10.88.64.0 0.0.0.255
access-list 104 permit ip any any
access-list 104 deny   udp any any eq 1434
!
line con 0
transport input none
line aux 0
transport input all
line vty 0
password
login
line vty 1 4
login
!
end

cisco#

思方尽

抓些包试试，有可能是存在大量的，但非常小的甚至是没有携带用户数据的包。是他们占用了资源。

duxiong

怎么抓？

思方尽

debug ip ? 呵呵，这样可能死的更快。
不如用sniffer吧~~~

wildhorse

2514做NAT，死的几率当然大了。。。。

duxiong

可以说说为什么吗？

    求你了！！！

wildhorse

试着去掉access-list，看死不死先

aiaijj

最好不要再路由器上做NAT，因为非常消耗系统资源，尤其是在察看NAI表的时候，一看一个死。如果非做不可的话，一定要把NAT表的条目数设的低低的，也就是路由器保存在内存中的NAT转换条目，定时更新，Cisco默认好像是1024，这个问题我以前配老4500的时候也
遇到过，已开始是1000，最后改成200，才差不多，祝你好运！！！

sun_yq

你没有看show log 的输出吗？

duxiong

#show log
Syslog logging: enabled (0 messages dropped, 0 flushes, 0 overruns)
    Console logging: level debugging, 12 messages logged
    Monitor logging: level debugging, 0 messages logged
    Buffer logging: level debugging, 12 messages logged
    Trap logging: level informational, 16 message lines logged

Log Buffer (4096 bytes):

00:00:20: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up
00:00:20: %LINK-3-UPDOWN: Interface Ethernet1, changed state to up
00:00:20: %LINK-3-UPDOWN: Interface Serial0, changed state to down
00:00:20: %LINK-3-UPDOWN: Interface Serial1, changed state to down
00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0, changed sta
te to up
00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1, changed sta
te to up
00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state
to down
00:00:21: %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial1, changed state
to down
00:00:25: %LINK-5-CHANGED: Interface Serial0, changed state to administratively
down
00:00:26: %LINK-5-CHANGED: Interface Serial1, changed state to administratively
down
00:00:28: %SYS-5-CONFIG_I: Configured from memory by console
00:00:28: %SYS-5-RESTART: System restarted --
Cisco Internetwork Operating System Software
IOS (tm) 2500 Software (C2500-C-L), Version 12.0(4), RELEASE SOFTWARE (fc1)
Copyright (c) 1986-1999 by cisco Systems, Inc.
Compiled Wed 14-Apr-99 21:53 by ccai
#