[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
Monitoring NAT
This section explains
how to view NAT license information, NAT statistics, NAT translation
entries, NAT address pool information, and NAT inside and outside
rule settings.
Displaying the NAT License Key
The show license nat command displays the NAT license key.
show
license nat
Displaying Translation Statistics
The show ip nat statistics command displays internal statistics that apply to NAT operation.
show
ip nat statistics
- Use to display internal NAT statistics.
- Field descriptions
- Last dynamic allocation failure—Completion level
of any dynamic allocation failures; the number of times the router
attempted dynamic allocation but reached the dynamic allocation entry
limit
- Current static translation entries
- Inside Source Simple—Number of inside source simple
static translations
- Outside Source Simple—Number of outside source simple
static translations
- Inside Source Extended—Number of inside source extended
static translations
- Outside Source Extended—Number of outside source
extended static translations
- Dynamic Translation Type—Type of dynamic translation
(inside source simple, outside source simple, inside source extended )
- Current—Current number of dynamic translations of
the associated translation type
- Peak—Peak number of dynamic translations of the
associated translation type
- Accumulated—Accumulated number of dynamic translations
of the associated type; this value reflects the accumulation of dynamic
translations since the last router reboot operation
- Failed—Total number of installation attempts that
failed for an associated translation type
- Forwarding statistics for packets received on inside or
outside interfaces
- forwarded directly—Number of packets forwarded directly
(that is, without the need of translation)
- forwarded through translator—Number of packets forwarded
through the NAT translator
- discarded—Number of packets discarded immediately
upon receipt
- discarded by translator—Number of packets discarded
by the NAT translator when no matching translation could be located
- Example
host1#show ip nat statistics
NAT database statistics for virtual router vr1:
--------------------------------------------------------------
Last dynamic allocation failure: normal, successful completion
Dynamic entry limit was reached 10318 times
Current static translation entries:
-----------------------------------------
Inside Source Simple: 10
Outside Source Simple: 3
Inside Source Extended: 8
Outside Source Extended: 12
Dynamic
Translation Type Current Peak Accumulated Failed
---------------------- ---------- ---------- ----------- ----------
Inside Source Simple 69999 69999 69999 12568
Outside Source Simple 4518 4518 4518 25
Inside Source Extended 70000 70000 70000 568
Fully Extended 26855 26855 26855 2565
Forwarding statistics for virtual router vr1:
------------------------------------------------------------------------
Packets received on inside interface and
forwarded directly 8
forwarded through translator 111763104
discarded 2
discarded by translator 28524565
Bytes received on inside interface and
forwarded directly 544
forwarded through translator 5141098074
Packets received on outside interface and
forwarded directly 7
forwarded through translator 1031624
discarded 3
discarded by translator 578961
Bytes received on outside interface and
forwarded directly 476
forwarded through translator 47454704
- See show ip nat statistics.
Displaying Translation Entries
The show ip nat translations command displays current translations that reside in the translation
table.
Simple translation entries appear with inside/outside
and local/global address information. Extended entries appear with
added protocol and port numbers (or query IDs).
Using verbose mode additionally provides the time
since creation and time since last use for each translation entry.
show
ip nat translations
- Use to display current translations that reside in the
NAT translation table.
- Field descriptions
- Prot—Protocol (TCP, UDP, ICMP, or GRE) for this
translation entry; this field appears only for extended table entries
- Inside local—Inside local IP address for this translation
entry; this field also provides the port number, separated by a colon
( : ) for extended entries
- Inside global—Inside global IP address for this
translation entry; this field also provides the port number, separated
by a colon ( : ) for extended entries
- Outside global—Outside global IP address for this
translation entry; this field also provides the port number, separated
by a colon ( : ) for extended entries
- Outside local—Outside local IP address for this
translation entry; this field also provides the port number, separated
by a colon ( : ) for extended entries
- Time since creation—Amount of time elapsed since
the translation entry appeared in the translation table
- Time since last use—Amount of time elapsed since
the translation entry was used
- Example 1
host1# show ip nat translations
show ip nat translations
Prot Inside local Inside global Outside global Outside local
---- ------------- -------------- -------------- ---------------
GRE 13.1.2.1:* 20.0.0.1:* --- ---
ICMP 13.1.2.2:4 20.0.0.2:4 --- ---
TCP 13.1.2.3:20 20.0.0.3:50 --- ---
 |
Note:
Because they are not NAPT translations, port numbers for GRE
translations appear as asterisks (*).
|
- Example 2
host1# show ip nat translations verbose
Time Time
Inside Inside Outside Outside since since
Prot local global global local creation last use
---- ----------- ---------- ----------- ----------- ---------- --------
20.0.0.3 30.0.0.3 --- --- 00:04:50 00:00:01
21.0.0.3 30.208.0.3 --- --- 00:02:12 00:00:01
21.0.0.4 30.208.0.4 --- --- 00:02:12 00:00:01
--- --- 50.0.0.3 70.0.0.3 00:03:24 Never
--- --- 51.0.0.3 70.208.0.3 00:01:44 00:00:01
--- --- 51.0.0.4 70.208.0.4 00:01:44 00:00:01
UDP --- --- 50.50.0.3:8 70.50.0.3:8 00:03:10 Never
7 108
UDP 22.0.0.4:63 30.224.0.3: --- --- 00:02:12 00:00:01
4097
UDP 22.0.0.3:63 30.224.0.3: --- --- 00:02:12 00:00:01
4096
TCP --- --- 50.50.0.3:8 70.50.0.3:8 00:03:10 Never
0 008
UDP 20.50.0.3:87 30.50.0.3:8 --- --- 00:03:35 Never
108
- See show ip nat translations.
Displaying Address Pool Information
The show ip nat pool command displays NAT address pool information. The command output
displays configuration (mask and address ranges) of all address pools,
unless you supply a specific pool name.
show
ip nat pool
- Use to display NAT address pool information.
- Field descriptions
- pool—Name of the address pool
- netmask—Network prefix associated with the NAT address
pool
- prefix length—Prefix length associated with the
NAT address pool
- range—Address ranges used by this NAT address pool
- Example 1
host1#show ip nat pool
pool: pool1 netmask: 255.255.255.0 prefix length: 24
range: 3.3.3.1 to 3.3.3.255
range: 4.4.4.1 to 4.4.4.32
pool: pool2 netmask: 255.255.255.0 prefix length: 24
range: 1.1.1.1 to 1.1.1.24
range: 2.2.2.1 to 2.2.2.55
- Example 2
host1#show ip nat pool pool1
pool: pool1 netmask: 255.255.255.0 prefix length: 24
range: 3.3.3.1 to 3.3.3.255
range: 4.4.4.1 to 4.4.4.32
- See show ip nat pool.
Displaying Inside and Outside Rule Settings
The show ip nat inside rule and show ip nat outside rule commands
display access list and pool usage for all dynamic translation rules
configured for the virtual router. If you do not specify an access
list, the output displays address pool associations for each of the
access lists for either inside or outside translation rules in the
virtual router. Specifying an access list filters the output to display
only the address pool associated with the specified list.
show
ip nat inside rule
show
ip nat outside rule
[Contents]
[Prev]
[Next]
[Index]
[Report an Error]
