show nat

show nat

Syntax Description

Usage Guidelines

show nat map Display

show nat sessions Display

show nat statistics Display

show nat address_db Display

Examples

show nat config Example

show nat map Example

show nat statistics Example

show nat address_db Example

Related Commands

show nat

The show nat commands provide information on the configured and operating state of a router's NAT (Network Address Translation) variables.

show nat {config | map | sessions | statistics | address_db}

config

This command shows the current configuration of the NAT variables, including the NAT mapping translation pairs and the NAT map database.

map

This command shows the one-to-one address translation pairs currently entered in the router, or displays a message that no one-to-one address pairs are presently entered in the NAT map database.

sessions

This command displays the translation sessions currently active in the router's NAT software.

statistics

This command displays the total number of sessions the router has created since it was lasted booted, how many are currently active and the status of those sessions which are no longer active.

address_db

This command displays all of the IP addresses being used by the router for Network Address Translation.

config	This command shows the current configuration of the NAT variables, including the NAT mapping translation pairs and the NAT map database.
map	This command shows the one-to-one address translation pairs currently entered in the router, or displays a message that no one-to-one address pairs are presently entered in the NAT map database.
sessions	This command displays the translation sessions currently active in the router's NAT software.
statistics	This command displays the total number of sessions the router has created since it was lasted booted, how many are currently active and the status of those sessions which are no longer active.
address_db	This command displays all of the IP addresses being used by the router for Network Address Translation.

Usage Guidelines

The following sections describe the display contents for each command.

show nat map Display

The show nat map display is read as the internal address (10.5.3.20) which is translated to/from the external address (198.41.9.194). Packets addressed to 198.41.9.194 from the Internet will be accepted by the router, translated to the destination address 10.5.3.20 and sent to the internal NAT network by the router.

show nat sessions Display

The show nat sessions display includes:

Active Map

This is the IP address:port internal-to-external address translation. If the translation is not to or from a specific port, then the port value will be 0.

Remote

This is the location on the external Internet communicating with the workstation or router in the internal NAT network.

Proto

This is the protocol the session is translating. Current values for this column are ICMP, UDP, and TCP, or the actual number of the other IP protocols.

Hashes

This is the information used by the software to store and locate the translation sessions in the NAT internal database.

Time Since:Created

This is the time, in seconds, since the session was created.

Time Since:Last Activity

This is the time, in seconds, since the session was last used to translate an IP packet.

Active Map	This is the IP address:port internal-to-external address translation. If the translation is not to or from a specific port, then the port value will be 0.
Remote	This is the location on the external Internet communicating with the workstation or router in the internal NAT network.
Proto	This is the protocol the session is translating. Current values for this column are ICMP, UDP, and TCP, or the actual number of the other IP protocols.
Hashes	This is the information used by the software to store and locate the translation sessions in the NAT internal database.
Time Since:Created	This is the time, in seconds, since the session was created.
Time Since:Last Activity	This is the time, in seconds, since the session was last used to translate an IP packet.

show nat statistics Display

The show nat statistics display includes:

Total Sessions

This is the total number of NAT sessions created to translate IP packets since the router was last booted.

Filtered

Filtered currently has no values defined.

Currently Active

This is the number of sessions presently being used by the router to translate packets.

Properly Removed

This is the number of sessions removed from the NAT session database as a result of FIN and ACK packets being exchanged between the workstation/router on the NAT network and the workstation/router on the Internet. The IP session is terminated and the NAT session doing the address translation is likewise removed from the NAT hash database.

Note The sum of the values for Currently Active, Properly Removed, and Sessions Timed Out should be equal to the value for Total Sessions.

Sessions Timed Out

This is the number of NAT sessions removed from the NAT hash database as a result of a time limit being exceeded. There are three types of time outs:

SYN Timeouts. This occurs when a SYN packet in a session does not receive a response within the time limit defined by the TCP SYN timeout period.

FIN Timeouts. This occurs when a FIN packet in a session does not receive a response within the time limit defined by the variable TCP FIN timeout period.

Inactivity. This occurs when a session has not been used for any IP address translations in the time limit defined by either the UDP timeout period or the TCP timeout period.

Note Currently, all non-TCP NAT sessions use the UDP timeout period for their inactivity timeout limits.

Sessions Reset

This is the tally of the NAT session for which an RST packet was sent. Invalid Cache, No Resources, and Stale ACK currently have no values defined.

show nat address_db Display

The show nat address_db display includes:

Address Tree Level

This is the search depth of the IP addresses in the database. Each plus sign (+) indicates a deeper level within the address tree.

IP Address

This is either an internal or external IP address which is being used by the router for NAT. The Flags indicate which type of address it is.

IP Mask

This is the hexadecimal representation of the mask associated with each address.

Flags

This shows all flags which apply to each IP address in the NAT Address Database. The flags are defined briefly in the "Flag Legend" at the end of the display.

Address Tree Level	This is the search depth of the IP addresses in the database. Each plus sign (+) indicates a deeper level within the address tree.
IP Address	This is either an internal or external IP address which is being used by the router for NAT. The Flags indicate which type of address it is.
IP Mask	This is the hexadecimal representation of the mask associated with each address.
Flags	This shows all flags which apply to each IP address in the NAT Address Database. The flags are defined briefly in the "Flag Legend" at the end of the display.

Examples

The following sections show an example for each command.

show nat config Example

The following is the output from the show nat config command:

NAT functionality enabled (On/Off):                  On  
NAT Response to external ICMPs (On/Off):             On  
Communicate w/ Router through IP Ports (On/Off):     On  
Configured Ports:                Ether0
UDP timeout period (sec.):       300   
TCP timeout period (sec.):       86400 
TCP SYN timeout period (sec.):   180   
TCP FIN timeout period (sec.):   180   
Entered Internal range(s):      
                                 10.5.3.0/27                         
Entered External range(s):      
                                 198.41.9.219                        
                                 198.41.9.195                        
                                 198.41.9.194                        
Entered Pass Thru range(s):
                                 198.41.9.{205-210}
 
[ NAT Map Database ]
 Total Number of Entries in NAT Map Database: 2
--------------------------------------------------
                Internal                       External
LineNo. <IPaddress[/Mask or :Port]> -> <IPaddress[/Mask or :Port]>
   1    <10.5.3.11:80>              -> <198.41.9.195:80>          
   2    <10.5.3.20/32>              -> <198.41.9.194/32>

show nat map Example

The following is the output from the show nat map command:

Nat_2220> show nat map
[ NAT Map Database ]
 Total Number of Entries in NAT Map Database: 1
--------------------------------------------------
                Internal                       External
LineNo. <IPaddress[/Mask or:Port]> -> <IPaddress[/Mask or:Port]>
   1    <10.5.3.20/32>              -> <198.41.9.194/32>

The following is the output from the show nat sessions command:

         Active Map                          Remote        Proto   Hashes
------------------------------------ -------------------- ------ --------
                                          Time Since: Created        Last Activity
                                           -----------------    ----------------
10.5.3.20:0         ->198.41.9.194:0       198.41.9.200:0       ICMP  221/907
                                              124.33               114.33
10.5.3.20:0         ->198.41.9.194:0       198.41.9.215:0       ICMP  236/922
                                              105.00               104.00
10.5.3.10:29841     ->198.41.9.219:29841   198.41.9.30:53       UDP   255/976
                                              33.93                33.50
10.5.3.10:1899      ->198.41.9.219:1899    198.41.9.12:80       TCP   983/680
                                              25.67                0.16
10.5.3.10:1900      ->198.41.9.219:1900    198.41.9.12:80       TCP   984/681
                                              30.24                15.83

show nat statistics Example

The following is the output from the show nat statistics command:

Total Sessions:                     38
  Filtered:                          0
 
 Currently Active:                   0
 
 Properly Removed:                  33
 
 Sessions Timed Out:                 5
  SYN Timeouts:                      0
  FIN Timeouts:                      0
  Inactivity:                        5
 
 
 Sessions Reset:                     2
  Invalid Cache:                     0
  No Resources:                      0
  Stale ACK:                         0

show nat address_db Example

The following is the output from the show nat address_db command:

Network Address Translation Address Database
Address Tree Level  IP Address         IP Mask    Flags 
------------------- ------------------ ---------- ----------
+                   10.5.3.0           0xffffffe0 0x00000001
++                  10.5.3.11          0xffffffff 0x00000019
++                  10.5.3.20          0xffffffff 0x00000009
+                   198.41.9.192       0xffffffe0 0x00001000
++                  198.41.9.194       0xffffffff 0x0000000a
++                  198.41.9.195       0xffffffff 0x0000001a
++                  198.41.9.205       0xffffffff 0x00000004
++                  198.41.9.206       0xffffffff 0x00000004
++                  198.41.9.207       0xffffffff 0x00000004
++                  198.41.9.208       0xffffffff 0x00000004
++                  198.41.9.209       0xffffffff 0x00000004
++                  198.41.9.210       0xffffffff 0x00000004
++                  198.41.9.219       0xffffffff 0x00000002
Flag Legend:  INTERNAL: 0x0001, MAPPED: 0x0002, PassThru: 0x0004
              1 to 1: 0x0008, PORT in MAP_DB: 0x0010, PLACEHOLDER: 0x1000

Related Commands

Command Description

configure NAT Global

Configures NAT parameters for the device

edit config NAT Mapping

Creates NAT mappings

Command	Description
configure NAT Global	Configures NAT parameters for the device
edit config NAT Mapping	Creates NAT mappings

Table of Contents