PG1X WIKI

My Knowledge Base

User Tools

Site Tools

You are here: PG1X WIKI » Technology » Networking » Cisco Systems » nat-show-commands » NAT show commands
Trace: NAT show commands
tech:network:cisco:nat-show-commands:nat-show-command

Table of Contents

NAT show commands

, , , , , , , ,

Physical Lab 6

Using Cisco IOS 15.1(4)M10, Cisco ISR1841 box.

  1. Static NAT
  2. Dynamic NAT
  3. PAT

Common Configuration

en
conf t
!
! ip configuration
int f0/1
ip addr 192.168.10.210 255.255.255.0
no shut
exit
int f0/0
ip addr 172.16.2.1 255.255.255.0
no shut
exit
!
! default route
ip route 0.0.0.0 0.0.0.0 192.168.10.1
!
end

Static NAT

conf t
!
ip nat inside source static 172.16.2.11 192.168.10.211
!
int f0/1
ip nat outside
exit
int f0/0
ip nat inside
exit
!
end
debug ip nat
u all

No communication. 

R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 192.168.10.211     172.16.2.11        ---                ---
R1#sh ip nat statistics
Total active translations: 1 (1 static, 0 dynamic; 0 extended)
Peak translations: 1, occurred 00:00:32 ago
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#debug ip nat
IP NAT debugging is on
R1#

In communication. 

pi@pi1:~ $ nc 160.16.63.136 80
GET /
pi@pi2:~ $ nc 160.16.63.136 80
GET /
R1#
*Apr 12 20:37:25.631: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53439]
*Apr 12 20:37:25.643: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [0]
*Apr 12 20:37:25.643: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53440]
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:50318 172.16.2.11:50318 160.16.63.136:80  160.16.63.136:80
--- 192.168.10.211     172.16.2.11        ---                ---
R1#
*Apr 12 20:37:47.975: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53441]
*Apr 12 20:37:47.983: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53746]
*Apr 12 20:37:47.987: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53747]
*Apr 12 20:37:47.987: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53748]
*Apr 12 20:37:47.987: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53442]
*Apr 12 20:37:47.987: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [53443]
*Apr 12 20:37:47.999: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [53749]
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:50318 172.16.2.11:50318 160.16.63.136:80  160.16.63.136:80
--- 192.168.10.211     172.16.2.11        ---                ---
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:50318 172.16.2.11:50318 160.16.63.136:80  160.16.63.136:80
--- 192.168.10.211     172.16.2.11        ---                ---
R1#sh ip nat statistics
Total active translations: 2 (1 static, 1 dynamic; 1 extended)
Peak translations: 2, occurred 00:00:47 ago
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 10  Misses: 0
CEF Translated packets: 10, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#undebug all
All possible debugging has been turned off

Dynamic NAT

conf t
!
ip nat pool PG1X-NAT-POOL 192.168.10.211 192.168.10.212 netmask 255.255.255.248
!
access-list 1 permit 172.16.2.11
access-list 1 permit 172.16.2.12
access-list 1 permit 172.16.2.13
!
ip nat inside source list 1 pool PG1X-NAT-POOL
!
int f0/1
ip nat outside
exit
!
int f0/0
ip nat inside
exit
!
end
debug ip nat
u all

No communication. 

R1#sh ip nat translations
R1#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool PG1X-NAT-POOL refcount 0
 pool PG1X-NAT-POOL: netmask 255.255.255.248
        start 192.168.10.211 end 192.168.10.212
        type generic, total addresses 2, allocated 0 (0%), misses 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
R1#debug ip nat
IP NAT debugging is on

In communication. 

pi@pi1:~ $ nc 160.16.63.136 80
GET /
R1#
*Apr 11 23:13:27.663: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55418]
*Apr 11 23:13:27.675: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [0]
*Apr 11 23:13:27.679: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55419]
R1#
*Apr 11 23:13:51.539: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55420]
*Apr 11 23:13:51.551: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64054]
*Apr 11 23:13:51.555: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64055]
*Apr 11 23:13:51.555: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64056]
*Apr 11 23:13:51.555: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55421]
*Apr 11 23:13:51.555: NAT*: s=172.16.2.11->192.168.10.211, d=160.16.63.136 [55422]
*Apr 11 23:13:51.567: NAT*: s=160.16.63.136, d=192.168.10.211->172.16.2.11 [64057]
R1#sh ip nat trans
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.211:50315 172.16.2.11:50315 160.16.63.136:80  160.16.63.136:80
--- 192.168.10.211     172.16.2.11        ---                ---
R1#sh ip nat statistics
Total active translations: 2 (0 static, 2 dynamic; 1 extended)
Peak translations: 2, occurred 00:00:41 ago
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 10  Misses: 0
CEF Translated packets: 10, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool PG1X-NAT-POOL refcount 2
 pool PG1X-NAT-POOL: netmask 255.255.255.248
        start 192.168.10.211 end 192.168.10.212
        type generic, total addresses 2, allocated 1 (50%), misses 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#u all
All possible debugging has been turned off

PAT

conf t
!
access-list 1 permit 172.16.2.0 0.0.0.255
!
ip nat inside source list 1 interface f0/1 overload
!
int f0/0
ip nat inside
exit
int f0/1
ip nat outside
exit
!
end
debug ip nat
u all

No communication. 

R1#sh ip nat translations
R1#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 0
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface FastEthernet0/1 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#debug ip nat
IP NAT debugging is on
R1#

In communication.

step by step input following commands. 

pi@pi1:~ $ nc 160.16.63.136 80
GET /
pi@pi2:~ $ nc 160.16.63.136 80
GET /
pi@pi3:~ $ nc 160.16.63.136 80
GET /
R1#
*Apr 11 23:29:21.503: NAT*: s=172.16.2.11->192.168.10.210, d=160.16.63.136 [26586]
*Apr 11 23:29:21.515: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.11 [0]
*Apr 11 23:29:21.519: NAT*: s=172.16.2.11->192.168.10.210, d=160.16.63.136 [26587]
R1#sh ip nat transl
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80  160.16.63.136:80
R1#
*Apr 11 23:29:47.951: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34543]
*Apr 11 23:29:47.959: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [0]
*Apr 11 23:29:47.963: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34544]
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80  160.16.63.136:80
tcp 192.168.10.210:37995 172.16.2.12:37995 160.16.63.136:80  160.16.63.136:80
R1#
*Apr 11 23:30:01.363: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64992]
*Apr 11 23:30:01.375: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [0]
*Apr 11 23:30:01.379: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64993]
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80  160.16.63.136:80
tcp 192.168.10.210:37995 172.16.2.12:37995 160.16.63.136:80  160.16.63.136:80
tcp 192.168.10.210:51490 172.16.2.13:51490 160.16.63.136:80  160.16.63.136:80
R1#sh ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 3 extended)
Peak translations: 3, occurred 00:00:20 ago
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 12  Misses: 0
CEF Translated packets: 12, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface FastEthernet0/1 refcount 3

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
*Apr 11 23:30:21.535: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.11 [40292]
*Apr 11 23:30:21.535: NAT*: s=172.16.2.11->192.168.10.210, d=160.16.63.136 [26588]
*Apr 11 23:30:21.555: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.11 [40293]
R1#
*Apr 11 23:30:32.971: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34545]
*Apr 11 23:30:32.979: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35017]
*Apr 11 23:30:32.983: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35018]
*Apr 11 23:30:32.983: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35019]
*Apr 11 23:30:32.983: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34546]
*Apr 11 23:30:32.983: NAT*: s=172.16.2.12->192.168.10.210, d=160.16.63.136 [34547]
*Apr 11 23:30:32.991: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.12 [35020]
R1#
*Apr 11 23:30:37.459: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64994]
*Apr 11 23:30:37.467: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10599]
*Apr 11 23:30:37.471: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10600]
*Apr 11 23:30:37.471: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10601]
*Apr 11 23:30:37.471: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64995]
*Apr 11 23:30:37.471: NAT*: s=172.16.2.13->192.168.10.210, d=160.16.63.136 [64996]
*Apr 11 23:30:37.479: NAT*: s=160.16.63.136, d=192.168.10.210->172.16.2.13 [10602]
R1#sh ip nat translati
R1#sh ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
tcp 192.168.10.210:50316 172.16.2.11:50316 160.16.63.136:80  160.16.63.136:80
tcp 192.168.10.210:37995 172.16.2.12:37995 160.16.63.136:80  160.16.63.136:80
tcp 192.168.10.210:51490 172.16.2.13:51490 160.16.63.136:80  160.16.63.136:80
R1#sh ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 3 extended)
Peak translations: 3, occurred 00:01:05 ago
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 26  Misses: 0
CEF Translated packets: 26, CEF Punted packets: 0
Expired translations: 0
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface FastEthernet0/1 refcount 3

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
*Apr 11 23:31:21.599: NAT: expiring 192.168.10.210 (172.16.2.11) tcp 50316 (50316)
R1#sh ip nat translations
*Apr 11 23:31:33.375: NAT: expiring 192.168.10.210 (172.16.2.12) tcp 37995 (37995)
R1#sh ip nat translations
*Apr 11 23:31:37.471: NAT: expiring 192.168.10.210 (172.16.2.13) tcp 51490 (51490)
R1#sh ip nat translations
R1#sh ip nat translations
R1#sh ip nat statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended)
Peak translations: 3, occurred 00:01:43 ago
Outside interfaces:
  FastEthernet0/1
Inside interfaces:
  FastEthernet0/0
Hits: 26  Misses: 0
CEF Translated packets: 26, CEF Punted packets: 0
Expired translations: 3
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 interface FastEthernet0/1 refcount 0

Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0
R1#
R1#u all
All possible debugging has been turned off

References

  1. show ip nat translations の見方
tech/network/cisco/nat-show-commands/nat-show-command.txt · Last modified: 2018/04/13 08:00 by wnoguchi

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki