Monitoring NAT

[Contents] [Prev] [Next] [Index] [Report an Error]

Monitoring NAT
This section explains how to view NAT license information, NAT statistics, NAT translation entries, NAT address pool information, and NAT inside or outside rule settings.

Displaying the NAT License Key

The show license nat command displays the NAT license key.

show license nat
Use to display the NAT license key configured on the router.

Example
host1#show license nat
Ipv6 license is nat_licence
Displaying Translation Statistics

The show ip nat statistics command displays statistics that apply to NAT operation.

show ip nat statistics

Use to display internal NAT statistics.

Field descriptions

Last dynamic allocation failure—Completion level of any dynamic allocation failures; the number of times the router attempted dynamic allocation but reached the dynamic allocation entry limit

Current static translation entries

Inside Source Simple—Number of inside source simple static translations

Outside Source Simple—Number of outside source simple static translation entries

Inside Source Extended—Number of inside source extended static translations

Outside Source Extended—Number of outside source extended static translations

Dynamic Translation Type—Type of dynamic translation (inside source simple, outside source simple, inside source extended)

Current—Current number of dynamic translations of the associated translation type

Peak—Peak number of dynamic translations of the associated translation type

Accumulated—Accumulated number of dynamic translations of the associated type; this value reflects the accumulation of dynamic translations since the last router reboot

Failed—Total number of installation attempts that failed for an associated translation type

Forwarding statistics for packets received on inside or outside interfaces

forwarded directly—Number of packets forwarded directly (that is, without the need of translation)

forwarded through translator—Number of packets forwarded through the NAT translator

discarded—Number of packets discarded immediately upon receipt

discarded by translator—Number of packets discarded by the NAT translator when no matching translation could be located
Example
host1#show ip nat statistics
NAT database statistics for virtual router vr1:
--------------------------------------------------------------
Last dynamic allocation failure: normal, successful completion
Dynamic entry limit was reached 10318 times
 
Current static translation entries:
-----------------------------------------
Inside Source Simple:               10
Outside Source Simple:              3
Inside Source Extended:             8
Outside Source Extended:            12
 
       Dynamic
   Translation Type      Current       Peak     Accumulated    Failed
----------------------  ----------  ----------  -----------  ----------
Inside Source Simple         69999       69999        69999       12568
Outside Source Simple         4518        4518         4518          25
Inside Source Extended       70000       70000        70000         568
Fully Extended               26855       26855        26855        2565
 
 
Forwarding statistics for virtual router vr1:
------------------------------------------------------------------------
Packets received on inside interface and
    forwarded directly             8
    forwarded through translator   111763104
    discarded                      2
    discarded by translator        28524565
 
Bytes received on inside interface and
    forwarded directly             544
    forwarded through translator   5141098074
 
Packets received on outside interface and
    forwarded directly             7
    forwarded through translator   1031624
    discarded                      3
    discarded by translator        578961
 
Bytes received on outside interface and
    forwarded directly             476
    forwarded through translator   47454704
Displaying Translation Entries

The show ip nat translations command displays current translations that reside in the translation table.

Simple translation entries appear with inside/outside and local/global address information. Extended entries appear with added protocol and port numbers (or query ID).

Using verbose mode additionally provides the time since creation and time since last use for each translation entry.

show ip nat translations

Use to display current translations that reside in the NAT translation table.

Field descriptions

Prot—Protocol (TCP, UDP, or ICMP) for this translation entry; this field appears only for extended table entries

Inside local—Inside local IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries

Inside global—Inside global IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries

Outside global—Outside global IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries

Outside local—Outside local IP address for this translation entry; this field also provides the port number, separated by a colon ( : ) for extended entries

Time since creation—Amount of time elapsed since the translation entry appeared in the translation table

Time since last use—Amount of time elapsed since the translation entry was used

Example 1
host1#show ip nat translation
Prot    Inside local      Inside global     Outside global     Outside local
---- ------------------ ------------------ ----------------- -----------------
     20.0.0.3           30.0.0.3           ---               ---
     21.0.0.3           30.208.0.3         ---               ---
     21.0.0.4           30.208.0.4         ---               ---
     ---                ---                50.0.0.3          70.0.0.3
     ---                ---                51.0.0.3          70.208.0.3
     ---                ---                51.0.0.4          70.208.0.4
UDP  ---                ---                50.50.0.3:87      70.50.0.3:8108
UDP  22.0.0.4:63        30.224.0.3:4097    ---               ---
UDP  22.0.0.3:63        30.224.0.3:4096    ---               ---
TCP  ---                ---                50.50.0.3:80      70.50.0.3:8008
UDP  20.50.0.3:87       30.50.0.3:8108     ---               ---
Example 2
host1#show ip nat translation verbose
                                                          Time         Time
                    Inside      Outside     Outside      since        since
Prot Inside local   global      global       local      creation     last use
---- ------------ ----------- ----------- ----------- ------------ ------------
     20.0.0.3     30.0.0.3    ---         ---         00:04:50     00:00:01
     21.0.0.3     30.208.0.3  ---         ---         00:02:12     00:00:01
     21.0.0.4     30.208.0.4  ---         ---         00:02:12     00:00:01
     ---          ---         50.0.0.3    70.0.0.3    00:03:24     Never
     ---          ---         51.0.0.3    70.208.0.3  00:01:44     00:00:01
     ---          ---         51.0.0.4    70.208.0.4  00:01:44     00:00:01
UDP  ---          ---         50.50.0.3:8 70.50.0.3:8 00:03:10     Never
                              7           108
UDP  22.0.0.4:63  30.224.0.3: ---         ---         00:02:12     00:00:01
                  4097
UDP  22.0.0.3:63  30.224.0.3: ---         ---         00:02:12     00:00:01
                  4096
TCP  ---          ---         50.50.0.3:8 70.50.0.3:8 00:03:10     Never
                              0           008
UDP  20.50.0.3:87 30.50.0.3:8 ---         ---         00:03:35     Never
                  108
Displaying Address Pool Information

The show ip nat pool command displays NAT address pool information. The command output displays configuration (mask and address ranges) of all address pools, unless you supply a specific pool name.

show ip nat pool

Use to display NAT address pool information.

Field descriptions

Pool—Name of the address pool

netmask—Network prefix associated with the NAT address pool

prefix length—Prefix length associated with the NAT address pool

range—Address ranges used by this NAT address pool
Example 1
host1#sh ip nat pool
 
pool: pool1 netmask: 255.255.255.0  prefix length: 24
   range: 3.3.3.1 to 3.3.3.255
   range: 4.4.4.1 to 4.4.4.32
 
pool: pool2 netmask: 255.255.255.0  prefix length: 24
   range: 1.1.1.1 to 1.1.1.24
   range: 2.2.2.1 to 2.2.2.55
Example 2
host1#sh ip nat pool pool1 
pool: pool1 netmask: 255.255.255.0  prefix length: 24
   range: 3.3.3.1 to 3.3.3.255
   range: 4.4.4.1 to 4.4.4.32
Displaying Inside and Outside Rule Settings

The show ip nat inside rule and show ip nat outside rule commands display access list and pool usage for all dynamic translation rules configured for the virtual router. If you do not specify an access list, the output displays address pool associations for each of the access lists for either inside or outside translation rules in the virtual router. Specifying an access list filters the output to display only the address pool associated with the specified list.

show ip nat inside rule

Use to display NAT access list and pool usage information for inside source translation rules.

Field descriptions

access list name—Name of the access list

pool name—Name of the address pool

rule type—Type of rule assigned
Example
host1#show ip nat inside rule
access list name: list1  pool name: poolA rule type: inside source
access list name: list2  pool name: poolB rule type: inside source
access list name: list3  pool name: poolC rule type: inside source overload
show ip nat outside rule

Use to display NAT access list and pool usage information for outside source translation rules.

Field descriptions

access list name—Name of the access list

pool name—Name of the address pool

rule type—Type of rule assigned
Example
host1#show ip nat outside rule
access list name: list4  pool name: poolD rule type: outside source

[Contents] [Prev] [Next] [Index] [Report an Error]