To display statistics of NAT pool usage, use the
show nat pool
command.
show nat pool
[
interface
if-name
[
ip
address
] |
ip
address
|
detail
]
show nat pool cluster
[
summary
|
interface
if-name
[
ip
address
] |
ip
address
]
Syntax Description
cluster
|
(Optional) When clustering is enabled, shows the current
assignment of a PAT address to the owner unit and backup unit.
(6.7+) Include the
summary keyword to see the
distribution of port blocks among the units in the cluster.
|
interface if_name
|
Limit the display to pools for the named interface. You can
optionally include the ip keyword to
further limit the view.
|
ip address
|
Limit the display to the specified IP address from the PAT pool.
|
detail
|
Show information related to the usage and distribution of port blocks
within a cluster. This keyword appears only if the unit is a cluster
member. You cannot use it with the cluster keyword.
|
Command History
Release
|
Modification
|
6.1
|
This command was introduced.
|
6.7
|
The following keywords were added:
interface ,
ip , detail ,
summary .
|
Usage Guidelines
(Pre-6.7) A NAT pool is created for
each mapped protocol/IP address/port range, where the port ranges are 1-511,
512-1023, and 1024-65535 by default. If you configure the PAT pool to use a flat
range of ports, you will see fewer, larger ranges.
(6.7+) Starting with 6.7, the port range is flat by default,
and you can optionally include the reserved ports, 1-1023, in the pool. For
clustered systems, the PAT pool is distributed among the cluster members in blocks
of 512 ports.
Each NAT pool exists for at least 10 minutes after the last
usage. The 10 minute hold-down timer is canceled if you clear the translations
with
clear xlate .
Examples
The following is sample output for the NAT pools created by a
dynamic PAT rule shown by the
show running-config object
network command.
> show running-config object network
object network myhost
host 10.10.10.10
nat (pppoe2,inside) dynamic 10.76.11.25
> show nat pool
TCP inside, address 10.76.11.25, range 1-511, allocated 0
TCP inside, address 10.76.11.25, range 512-1023, allocated 0
TCP inside, address 10.76.11.25, range 1024-65535, allocated 1
The following is sample output from the show nat pool command showing use of the PAT pool flat option. Without the include-reserve keyword, two ranges are
shown; the lower range is used when a source port below 1024 is mapped to the same
port.
> show nat pool
ICMP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1-1024, allocated 0
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1024-65535, allocated 2
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1-1024, allocated 0
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1024-65535, allocated 2
The following is sample output from the show nat pool command showing use of the PAT pool flat
include-reserve options.
> show nat pool
ICMP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 2
(Pre-6.7) The following is sample
output from the show nat pool
command showing use of the PAT pool extended flat
include-reserve options. The important items are the
parenthetical addresses. These are the destination addresses used to extend PAT.
ICMP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0
ICMP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.99), range 1-65535,
allocated 2
TCP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535,
allocated 1
UDP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535,
allocated 1
TCP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0
ICMP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.100), range 1-65535,
allocated 1
TCP PAT pool dynamic-pat, address 172.16.2.200(172.16.2.99), range 1-65535,
allocated 2
UDP PAT pool dynamic-pat, address 172.16.2.200, range 1-65535, allocated 0
Examples
(6.7+) The following example shows the distribution of port blocks (showing the port
range), and their usage, in a cluster, including the unit that owns the block and
the backup unit for the block.
> show nat pool cluster
IP outside_a:src_map_a 174.0.1.20
[1536 – 2047], owner A, backup B
[8192 – 8703], owner A, backup B
[4089 – 4600], owner B, backup A
[11243 – 11754], owner B, backup A
IP outside_a:src_map_a 174.0.1.21
[1536 – 2047], owner A, backup B
[8192 – 8703], owner A, backup B
[4089 – 4600], owner B, backup A
[11243 – 11754], owner B, backup A
IP outside_b:src_map_b 174.0.1.22
[6656 - 7167], owner A, backup B
[13312 - 13823], owner A, backup B
[20480 - 20991], owner B, backup A
[58368 - 58879], owner B, backup A
IP outside_b:src_map_b 174.0.1.23
[46592 - 47103], owner A, backup B
[52224 - 52735], owner A, backup B
[62976 - 63487], owner B, backup A
(6.7+) The following example shows a summary of pool assignments in a cluster.
> show nat pool cluster summary
port-blocks count display order: total, unit-A, unit-B, unit-C, unit-D
IP outside_a:src_map_a, 174.0.1.20 (128 - 32/32/32/32)
IP outside_a:src_map_a, 174.0.1.21 (128 - 36/32/32/28)
IP outside_b:src_map_b, 174.0.1.22 (128 - 31/32/32/33)
(7.0+) The following example shows a summary of pool assignments in a cluster. Starting with 7.0, the information includes
the number of reserved ports and reclaimed ports.
> show nat pool cluster summary
port-blocks count display order: total, unit-A, unit-B
Codes: ^ - reserve, # - reclaimable
IP Outside:Mapped-IPGroup 10.10.10.100 (126 - 63 / 63) ^ 0 # 0
IP Outside:Mapped-IPGroup 10.10.10.101 (126 - 63 / 63) ^ 0 # 0
(6.7+) The following example shows detailed PAT pool usage for the pools in a cluster. When viewing detailed output, backup
port ranges are indicated with an asterisk. For example: range 62464-62975, allocated 27 *
> show nat pool detail
TCP PAT pool outside_a, address 174.0.1.1
range 1536-2047, allocated 56
range 8192-8703, allocated 16
UDP PAT pool outside_a, address 174.0.1.1
range 1536-2047, allocated 12
range 8192-8703, allocated 25
TCP PAT pool outside_b, address 174.0.2.1
range 47104-47615, allocated 39
range 62464-62975, allocated 9
UDP PAT pool outside_b, address 174.0.2.1
range 47104-47615, allocated 35
range 62464-62975, allocated 27*
(6.7+) The following example shows how to limit the view to a specific interface on a specific
device.
> show nat pool interface outside_b ip 174.0.2.1
TCP PAT pool outside_b, address 174.0.2.1, range 1-511, allocated 0
TCP PAT pool outside_b, address 174.0.2.1, range 512-1023, allocated 12
TCP PAT pool outside_b, address 174.0.2.1, range 1024-65535, allocated 48
UDP PAT pool outside_b, address 174.0.2.1, range 1-511, allocated 6
UDP PAT pool outside_b, address 174.0.2.1, range 512-1023, allocated 8
UDP PAT pool outside_b, address 174.0.2.1, range 1024-65535, allocated 62