User Tools
tech:network:cisco:nat-show-commands:nat-show-command
Table of Contents
NAT show commands
Common Configuration
en conf t ! ! ip configuration int f0/1 ip addr 192.168.10.210 255.255.255.0 no shut exit int f0/0 ip addr 172.16.2.1 255.255.255.0 no shut exit ! ! default route ip route 0.0.0.0 0.0.0.0 192.168.10.1 ! end
Static NAT
conf t ! ip nat inside source static 172.16.2.11 192.168.10.211 ! int f0/1 ip nat outside exit int f0/0 ip nat inside exit ! end
debug ip nat u all
No communication.
R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global --- 192.168.10.211 172.16.2.11 --- --- R1#sh ip nat statistics Total active translations: 1 (1 static, 0 dynamic; 0 extended) Peak translations: 1, occurred 00:00:32 ago Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 R1#debug ip nat IP NAT debugging is on R1#
In communication.
pi@pi1:~ $ nc 160.16.63.136 80 GET / pi@pi2:~ $ nc 160.16.63.136 80 GET /
R1# *Apr 12 20:37:25.631: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53439] *Apr 12 20:37:25.643: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [0] *Apr 12 20:37:25.643: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53440] R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.10.211:50318 172.16.2.11:50318 160.16.63.136:80 160.16.63.136:80 --- 192.168.10.211 172.16.2.11 --- --- R1# *Apr 12 20:37:47.975: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53441] *Apr 12 20:37:47.983: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53746] *Apr 12 20:37:47.987: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53747] *Apr 12 20:37:47.987: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53748] *Apr 12 20:37:47.987: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53442] *Apr 12 20:37:47.987: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53443] *Apr 12 20:37:47.999: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53749] R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.10.211:50318 172.16.2.11:50318 160.16.63.136:80 160.16.63.136:80 --- 192.168.10.211 172.16.2.11 --- --- R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.10.211:50318 172.16.2.11:50318 160.16.63.136:80 160.16.63.136:80 --- 192.168.10.211 172.16.2.11 --- --- R1#sh ip nat statistics Total active translations: 2 (1 static, 1 dynamic; 1 extended) Peak translations: 2, occurred 00:00:47 ago Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 10 Misses: 0 CEF Translated packets: 10, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 R1#undebug all All possible debugging has been turned off
Dynamic NAT
conf t ! ip nat pool PG1X-NAT-POOL 192.168.10.211 192.168.10.212 netmask 255.255.255.248 ! access-list 1 permit 172.16.2.11 access-list 1 permit 172.16.2.12 access-list 1 permit 172.16.2.13 ! ip nat inside source list 1 pool PG1X-NAT-POOL ! int f0/1 ip nat outside exit ! int f0/0 ip nat inside exit ! end
debug ip nat u all
No communication.
R1#sh ip nat translations
R1#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
FastEthernet0/1
Inside interfaces:
FastEthernet0/0
Hits: 0 Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool PG1X-NAT-POOL refcount 0
pool PG1X-NAT-POOL: netmask 255.255.255.248
start 192.168.10.211 end 192.168.10.212
type generic, total addresses 2, allocated 0 (0%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
R1#debug ip nat
IP NAT debugging is on
In communication.
pi@pi1:~ $ nc 160.16.63.136 80 GET /
R1#
*Apr 11 23:13:27.663: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55418]
*Apr 11 23:13:27.675: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [0]
*Apr 11 23:13:27.679: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55419]
R1#
*Apr 11 23:13:51.539: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55420]
*Apr 11 23:13:51.551: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64054]
*Apr 11 23:13:51.555: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64055]
*Apr 11 23:13:51.555: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64056]
*Apr 11 23:13:51.555: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55421]
*Apr 11 23:13:51.555: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55422]
*Apr 11 23:13:51.567: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64057]
R1#sh ip nat trans
R1#sh ip nat translations
Pro Inside global Inside local Outside local Outside global
tcp 192.168.10.211:50315 172.16.2.11:50315 160.16.63.136:80 160.16.63.136:80
--- 192.168.10.211 172.16.2.11 --- ---
R1#sh ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 1 extended)
Peak translations: 2, occurred 00:00:41 ago
Outside interfaces:
FastEthernet0/1
Inside interfaces:
FastEthernet0/0
Hits: 10 Misses: 0
CEF Translated packets: 10, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool PG1X-NAT-POOL refcount 2
pool PG1X-NAT-POOL: netmask 255.255.255.248
start 192.168.10.211 end 192.168.10.212
type generic, total addresses 2, allocated 1 (50%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#u all
All possible debugging has been turned off
PAT
conf t ! access-list 1 permit 172.16.2.0 0.0.0.255 ! ip nat inside source list 1 interface f0/1 overload ! int f0/0 ip nat inside exit int f0/1 ip nat outside exit ! end
debug ip nat u all
No communication.
R1#sh ip nat translations R1#sh ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Peak translations: 0 Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 0 Misses: 0 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface FastEthernet0/1 refcount 0 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 R1#debug ip nat IP NAT debugging is on R1#
In communication.
step by step input following commands.
pi@pi1:~ $ nc 160.16.63.136 80 GET / pi@pi2:~ $ nc 160.16.63.136 80 GET / pi@pi3:~ $ nc 160.16.63.136 80 GET /
R1# *Apr 11 23:29:21.503: NAT*: s=172.16.2.11->192.168.10.210, d=160.16.63.136 [26586] *Apr 11 23:29:21.515: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.11 [0] *Apr 11 23:29:21.519: NAT*: s=172.16.2.11->192.168.10.210, d=160.16.63.136 [26587] R1#sh ip nat transl R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80 160.16.63.136:80 R1# *Apr 11 23:29:47.951: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34543] *Apr 11 23:29:47.959: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [0] *Apr 11 23:29:47.963: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34544] R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80 160.16.63.136:80 tcp 192.168.10.210:37995 172.16.2.12:37995 160.16.63.136:80 160.16.63.136:80 R1# *Apr 11 23:30:01.363: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64992] *Apr 11 23:30:01.375: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [0] *Apr 11 23:30:01.379: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64993] R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80 160.16.63.136:80 tcp 192.168.10.210:37995 172.16.2.12:37995 160.16.63.136:80 160.16.63.136:80 tcp 192.168.10.210:51490 172.16.2.13:51490 160.16.63.136:80 160.16.63.136:80 R1#sh ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Peak translations: 3, occurred 00:00:20 ago Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 12 Misses: 0 CEF Translated packets: 12, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface FastEthernet0/1 refcount 3 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 R1# *Apr 11 23:30:21.535: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.11 [40292] *Apr 11 23:30:21.535: NAT*: s=172.16.2.11->192.168.10.210, d=160.16.63.136 [26588] *Apr 11 23:30:21.555: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.11 [40293] R1# *Apr 11 23:30:32.971: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34545] *Apr 11 23:30:32.979: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35017] *Apr 11 23:30:32.983: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35018] *Apr 11 23:30:32.983: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35019] *Apr 11 23:30:32.983: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34546] *Apr 11 23:30:32.983: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34547] *Apr 11 23:30:32.991: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35020] R1# *Apr 11 23:30:37.459: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64994] *Apr 11 23:30:37.467: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10599] *Apr 11 23:30:37.471: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10600] *Apr 11 23:30:37.471: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10601] *Apr 11 23:30:37.471: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64995] *Apr 11 23:30:37.471: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64996] *Apr 11 23:30:37.479: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10602] R1#sh ip nat translati R1#sh ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80 160.16.63.136:80 tcp 192.168.10.210:37995 172.16.2.12:37995 160.16.63.136:80 160.16.63.136:80 tcp 192.168.10.210:51490 172.16.2.13:51490 160.16.63.136:80 160.16.63.136:80 R1#sh ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Peak translations: 3, occurred 00:01:05 ago Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 26 Misses: 0 CEF Translated packets: 26, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface FastEthernet0/1 refcount 3 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 R1# *Apr 11 23:31:21.599: NAT: expiring 192.168.10.210 (172.16.2.11) tcp 50316 (50316) R1#sh ip nat translations *Apr 11 23:31:33.375: NAT: expiring 192.168.10.210 (172.16.2.12) tcp 37995 (37995) R1#sh ip nat translations *Apr 11 23:31:37.471: NAT: expiring 192.168.10.210 (172.16.2.13) tcp 51490 (51490) R1#sh ip nat translations R1#sh ip nat translations R1#sh ip nat statistics Total active translations: 0 (0 static, 0 dynamic; 0 extended) Peak translations: 3, occurred 00:01:43 ago Outside interfaces: FastEthernet0/1 Inside interfaces: FastEthernet0/0 Hits: 26 Misses: 0 CEF Translated packets: 26, CEF Punted packets: 0 Expired translations: 3 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 interface FastEthernet0/1 refcount 0 Total doors: 0 Appl doors: 0 Normal doors: 0 Queued Packets: 0 R1# R1#u all All possible debugging has been turned off
References
tech/network/cisco/nat-show-commands/nat-show-command.txt · Last modified: 2018/04/13 08:00 by wnoguchi
Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International
