[c-nsp] Question about NAT Rate Limiting
Brian Feeny
signal at shreve.net
Mon Nov 15 21:25:47 EST 2004
I have a question regarding the NAT rate limiting in 12.3:
http://www.cisco.com/en/US/products/sw/iosswrel/ps5207/
products_feature_guide09186a00801d09f0.html#1027258
I understand you can globally limit the number of NAT translations:
ip nat translation max-entries 300
or you can limit a single host
ip nat translation max-entries host 127.0.0.1 300
can you use the ACL functionality to set a maximum amount of entries on
a per host level? For example:
ip nat translation max-entries list perHost 100
ip access-list extended perHost
permit ip 192.168.1.0 0.0.0.255 any
would the above make it so that each host in 192.168.1.0 had its own
max-entries of 100, or would that be shared across all hosts in the
ACL? I am trying to look for a way so that each host has its own
"max-entries" without having to set a bunch of lines specifically
setting it for each host.
Brian
---------------------------------------------
Brian Feeny, CCIE #8036, CISSP
Network Engineer
ShreveNet Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
Url : https://puck.nether.net/pipermail/cisco-nsp/attachments/20041115/602d377d/PGP.bin
More information about the cisco-nsp
mailing list