Kevin Dorrell, CCIE #20765

26 Apr 2008

NMC 17.9.3 – NAT related bug?

Filed under: IOS Bugs, NAT — dorreke @ 15:50

I cannot do the NAT part of this lab.  On R6, as soon as I put NAT on either of the Fa subinterfaces, it locks up.  Stone dead.  No ping responses, no adjacencies, nothing.

R6#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R6(config)#int f0/0.30
R6(config-subif)#ip nat out

Strange, because R3 seems to be happy with it.  (Apart from complaining it took too long, but then 12.4(2)T always does that when you introduce NAT.  It only seems to do that first time you introduce ip nat inside or ip nat outside; subsequent interfaces are OK)

R3#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R3(config)#int s0/0
R3(config-if)#ip nat out
*Apr  8 16:20:00.186: %SYS-3-CPUHOG: Task is running for (2003)msecs, more than (2000)msecs
(1/0),process = Exec.
-Traceback= 0x813C6850 0x813C496C 0x813C874C 0x813C8A1C 0x813C8AF8 0x813C48B0 0x813C4954
 0x813C9120 0x813C48B0 0x813C4954 0x813C7384 0x813C48B0 0x813C4954 0x813C49DC 0x813F9A08
*Apr  8 16:20:00.939: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up
R3(config-if)#int s0/0.134
R3(config-subif)#ip nat out
R3(config-subif)#int f0/0
R3(config-if)#ip nat in
R3(config)#ip nat inside source static

I wonder what happens if I introduce ip nat inside on Lo106 first, as a dummy.  No, that locks it up as well.  I wonder whether my problem on R6 is anything to do with the ISL trunking?  Tried shutting down Fa0/0 and then introducing ip nat inside on Fa0/0.20.  Same thing … total lockup.

The nearest I could find in the bug database is CSCse48814.  But that applies specifically to RSP routers, and only when using NBAR, and only mentions ip nat outside.  That one is fixed in 12.4(10.4)T.

It’s just as well they use that special bug-free version of IOS in the real exam!


I tried the same config on another router.  Same model (2611XM), same IOS (12.4(2)T advent), same hardware config (WIC-1T in slot 0).  This one allowed me ip nat inside, although still with the CPUHOG warning.  Maybe I have a faulty router in my stack.  Not good news.  (But then neither would a bug be good news.)  I shall look out for future instances of this problem.


Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at

%d bloggers like this: