show ip masks through vrf DHCP pool

show ip masks

To display the masks used for network addresses and the number of subnets using each mask, use the show ip masks command in EXEC mode.

show ip masks address

Syntax Description

address

Network address for which a mask is required.

Command Modes

EXEC

Command History

Release

Modification

10.0

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

The show ip masks command is useful for debugging when a variable-length subnet mask (VLSM) is used. It shows the number of masks associated with the network and the number of routes for each mask.

Examples

The following is sample output from the show ip masks command:


Router# show ip masks 172.16.0.0
Mask            Reference count
255.255.255.255 2
255.255.255.0   3
255.255.0.0     1

show ip nat limits all-host

To display the current Network Address Translation (NAT) limit entries of all configured hosts, use the show ip nat limits all-host command in user EXEC or privileged EXEC mode.

show ip nat limits all-host [host-address host-address [end-host-address] | number-of-sessions {greater-than | less-than} number] [total]

Syntax Description

host-address

(Optional) Displays statistics for a given address or range of addresses.

host-address

Address of the host or the starting address in a range.

end-host-address

(Optional) Ending address in a range.

number-of-sessions

(Optional) Displays statistics for limit entries with the given number of sessions.

greater-than

(Optional) Displays statistics for limit entries with more than the given number of sessions.

less-than

(Optional) Displays statistics for limit entries with less than the given number of sessions.

number

(Optional) Number of sessions for comparison. The range is from 0 to 2147483647.

total

(Optional) Displays only the total number of entries for a given query.

Command Modes

User EXEC (>)      

Privileged EXEC (#)      

Command History

Release

Modification

Cisco IOS XE Release 3.4S

This command was introduced.

Usage Guidelines

You can use the ip nat translation max-entries all-host command to limit the all-host NAT entries.

When you specify the total keyword with the show ip nat limits all-host command, the output displays only the total entries for a given query.

Examples

The following is sample output from the show ip nat limits all-host command:

Router# show ip nat limits all-host

Host            Max Entries  Use Count   Miss Count
-------------------------------------------------

10.1.1.2         100000       1           0

Total number of limit entries: 1

The table below describes the significant fields shown in the display.

Table 1. show ip nat limits all-host Field Descriptions

Field

Description

Host

The inside local or the outside global IP address of the host. The host is the inside local IP address for inside source translations and the outside global IP address for outside source translations.

Max Entries

The configured maximum number of limit entries.

Use Count

The current number of translations for the limit entry.

Miss Count

Number of times a translation entry was not created because of the use count exceeding the configured maximum for the limit entry.

show ip nat limits all-vrf

To display the current Network Address Translation (NAT) limit entries for all configured VPN routing and forwarding (VRF) instances, use the show ip nat limits all-vrf command in user EXEC or privileged EXEC mode.

show ip nat limits all-vrf [vrf-name name | number-of-sessions {greater-than | less-than} number] [total]

Syntax Description

vrf-name

(Optional) Displays statistics for a specified VRF.

name

VRF name.

number-of-sessions

(Optional) Displays statistics for limit entries with the given number of sessions.

greater-than

(Optional) Displays statistics for limit entries with more than the given number of sessions.

less-than

(Optional) Displays statistics for limit entries with less than the given number of sessions.

number

(Optional) Number of sessions for comparison. The range is from 0 to 2147483647.

total

(Optional) Displays only the total number of entries for a given query.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release

Modification

Cisco IOS XE Release 3.4S

This command was introduced.

Usage Guidelines

You can use the ip nat translation all-vrf command to limit the all-VRF NAT entries.

When you specify the total keyword with the show ip nat limits all-vrf command, the output displays only the total entries for a given query.

Examples

The following is sample output from the show ip nat limits all-vrf command:

Router# show ip nat limits all-vrf

VRF Name        Max Entries  Use Count   Miss Count
-------------------------------------------------

VRF1             100000       1           0

Total number of limit entries: 1

The table below describes the significant fields shown in the display.

Table 2. show ip nat limits all-vrf Field Descriptions

Field

Description

VRF Name

Name of the VRF instance.

Max Entries

The configured maximum number of limit entries.

Use Count

The current number of translations for the limit entry.

Miss Count

Number of times a translation entry was not created because of the use count exceeding the configured maximum for the limit entry.

show ip nat nvi statistics

To display NAT virtual interface (NVI) statistics, use the show ip nat nvi statistics command in user EXEC or privileged EXEC mode.

show ip nat nvi statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.3(14)T

This command was introduced.

Examples

The following is sample output from the show ip nat nvi statistics command:


Router# show ip nat nvi statistics
Total active translations: 0 (0 static, 0 dynamic; 0 extended) NAT Enabled interfaces:
Hits: 0  Misses: 0
CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings:
-- Inside Source
[Id: 1] access-list 1 pool pool1 refcount 1213 pool pool1: netmask 255.255.255.0
         start 192.168.1.10 end 192.168.1.253
         start 192.168.2.10 end 192.168.2.253
         start 192.168.3.10 end 192.168.3.253
         start 192.168.4.10 end 192.168.4.253
         type generic, total addresses 976, allocated 222 (22%), misses 0
[Id: 2] access-list 5 pool pool2 refcount 0 pool pool2: netmask 255.255.255.0
         start 192.168.5.2 end 192.168.5.254
         type generic, total addresses 253, allocated 0 (0%), misses 0
[Id: 3] access-list 6 pool pool3 refcount 3 pool pool3: netmask 255.255.255.0
         start 192.168.6.2 end 192.168.6.254
         type generic, total addresses 253, allocated 2 (0%), misses 0
[Id: 4] access-list 7 pool pool4 refcount 0 pool pool4 netmask 255.255.255.0
         start 192.168.7.30 end 192.168.7.200
         type generic, total addresses 171, allocated 0 (0%), misses 0
[Id: 5] access-list 8 pool pool5 refcount 109195 pool pool5: netmask 255.255.255.0
         start 192.168.10.1 end 192.168.10.253
         start 192.168.11.1 end 192.168.11.253
         start 192.168.12.1 end 192.168.12.253
         start 192.168.13.1 end 192.168.13.253
         start 192.168.14.1 end 192.168.14.253
         start 192.168.15.1 end 192.168.15.253
         start 192.168.16.1 end 192.168.16.253
         start 192.168.17.1 end 192.168.17.253
         start 192.168.18.1 end 192.168.18.253
         start 192.168.19.1 end 192.168.19.253
         start 192.168.20.1 end 192.168.20.253
         start 192.168.21.1 end 192.168.21.253
         start 192.168.22.1 end 192.168.22.253
         start 192.168.23.1 end 192.168.23.253
         start 192.168.24.1 end 192.168.24.253
         start 192.168.25.1 end 192.168.25.253
         start 192.168.26.1 end 192.168.26.253
         type generic, total addresses 4301, allocated 3707 (86%),misses 0 Queued Packets:0

The table below describes the fields shown in the display.

Table 3. show ip nat nvi statistics Field Descriptions

Field

Description

Total active translations

Number of translations active in the system. This number is incremented each time a translation is created and is decremented each time a translation is cleared or timed out.

NAT enabled interfaces

List of interfaces marked as NAT enabled with the ip nat enable command.

Hits

Number of times the software does a translations table lookup and finds an entry.

Misses

Number of times the software does a translations table lookup, fails to find an entry, and must try to create one.

CEF Translated packets

Number of packets switched via Cisco Express Forwarding (CEF).

CEF Punted packets

Number of packets punted to the process switched level.

Expired translations

Cumulative count of translations that have expired since the router was booted.

Dynamic mappings

Indicates that the information that follows is about dynamic mappings.

Inside Source

The information that follows is about an inside source translation.

access-list

Access list number being used for the translation.

pool

Name of the pool.

refcount

Number of translations using this pool.

netmask

IP network mask being used in the pool.

start

Starting IP address in the pool range.

end

Ending IP address in the pool range.

type

Type of pool. Possible types are generic or rotary.

total addresses

Number of addresses in the pool available for translation.

allocated

Number of addresses being used.

misses

Number of failed allocations from the pool.

Queued Packets

Number of packets in the queue.

show ip nat nvi translations

To display active NAT virtual interface (NVI) translations, use the show ip nat nvi translations command in user EXEC or privileged EXEC mode.

show ip nat nvi translations [protocol [global | vrf vrf-name] | vrf vrf-name | global] [verbose]

Syntax Description

protocol

(Optional) Displays protocol entries. The protocol argument must be replaced with one of the following keywords:

  • esp --Encapsulating Security Payload (ESP) protocol entries.

  • icmp --Internet Control Message Protocol (ICMP) entries.

  • pptp --Point-to-Point Tunneling Protocol (PPTP) entries.

  • tcp --TCP protocol entries.

  • udp --User Datagram Protocol (UDP) entries.

global

(Optional) Displays entries in the global destination table.

vrf vrf-name

(Optional) Displays VPN routing and forwarding (VRF) traffic-related information.

verbose

(Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used.

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.3(14)T

This command was introduced.

Examples

The following is sample output from the show ip nat nvi translations command:


Router# show ip nat nvi translations
Pro    Source global        Source local        Destin  local      Destin  global
icmp   172.20.0.254:25    172.20.0.130:25      172.20.1.1:25      10.199.199.100:25
icmp   172.20.0.254:26    172.20.0.130:26      172.20.1.1:26      10.199.199.100:26
icmp   172.20.0.254:27    172.20.0.130:27      172.20.1.1:27      10.199.199.100:27
icmp   172.20.0.254:28    172.20.0.130:28      172.20.1.1:28      10.199.199.100:28

The table below describes the fields shown in the display.

Table 4. show ip nat nvi translations Field Descriptions

Field

Description

Pro

Protocol of the port identifying the address.

Source global

Source global address.

Source local

Source local address.

Destin local

Destination local address.

Destin global

Destination global address.

show ip nat redundancy

To display the Network Address Translation (NAT) high-availability information, use the show ip nat redundancy command in privileged EXEC mode.

show ip nat redundancy rg-id

Syntax Description

rg-id

Redundancy group (rg) ID. Valid values are 1 and 2.

Command Modes

Privileged EXEC (#)

Command History

Release Modification
15.3(2)T

This command was introduced.

Usage Guidelines

Use the show ip nat redundancy command to display information about the NAT high-availability Finite State Machine (FSM) and RG statistics.

Examples

The following is sample output from the show ip nat redundancy command. The output fields are self-explanatory.

Device1# show ip nat redundancy 1

        RG ID: 1        RG Name: RG1
        Current State: IPNAT_HA_RG_ST_ACT_BULK_DONE
        Previous State: IPNAT_HA_RG_ST_ACTIVE
        Recent Events: Curr: IPNAT_HA_RG_EVT_RF_ACT_STBY_HOT
                        Prev: IPNAT_HA_RG_EVT_RF_ACT_STBY_BULK_START

        Statistics :
                Static Mappings: 1,     Dynamic Mappings: 0
                Sync-ed Entries :
                        NAT Entries: 0, Door Entries: 0
                Mapping ID Mismatches: 0
                Forwarded Packets: 0,   Dropped Packets : 0
                Redirected Packets: 0


Device2# show ip nat redundancy 1

        RG ID: 1        RG Name: RG1
        Current State: IPNAT_HA_RG_ST_STBY_HOT
        Previous State: IPNAT_HA_RG_ST_STBY_COLD
        Recent Events: Curr: IPNAT_HA_RG_EVT_RF_STBY_COLD
                        Prev: IPNAT_HA_RG_EVT_NAT_CFG_REF

        Statistics :
                Static Mappings: 1,     Dynamic Mappings: 0
                Sync-ed Entries :
                        NAT Entries: 0, Door Entries: 0
                Mapping ID Mismatches: 0
                Forwarded Packets: 0,   Dropped Packets : 0
                Redirected Packets: 0

show ip nat statistics

To display Network Address Translation (NAT) statistics, use the show ip nat statistics command in user EXEC or privileged EXEC mode.

show ip nat statistics

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release

Modification

11.2

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Cisco IOS XE Release 3.4S

This command was modified. The NAT limit statistics for all hosts and for all VPN routing and forwarding (VRF) instances were removed from the output of this command.

Examples

The following is sample output from the show ip nat statistics command:


Router# show ip nat statistics

Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135  Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool net-208 refcount 2
 pool net-208: netmask 255.255.255.240
        start 172.16.233.208 end 172.16.233.221
        type generic, total addresses 14, allocated 2 (14%), misses 0

The table below describes the significant fields shown in the display.

Table 5. show ip nat statistics Field Descriptions

Field

Description

Total translations

Number of translations active in the system. This number is incremented each time a translation is created and is decremented each time a translation is cleared or times out.

Outside interfaces

List of interfaces marked as outside with the ip nat outside command.

Inside interfaces

List of interfaces marked as inside with the ip nat inside command.

Hits

Number of times the software does a translations table lookup and finds an entry.

Misses

Number of times the software does a translations table lookup, fails to find an entry, and must try to create one.

Expired translations

Cumulative count of translations that have expired since the router was booted.

Dynamic mappings

Indicates that the information that follows is about dynamic mappings.

Inside Source

Indicates that the information that follows is about an inside source translation.

access-list

Access list number being used for the translation.

pool

Name of the pool (in this case, net-208).

refcount

Number of translations using this pool.

netmask

IP network mask being used in the pool.

start

Starting IP address in the pool range.

end

Ending IP address in the pool range.

type

Type of pool. Possible types are generic or rotary.

total addresses

Number of addresses in the pool available for translation.

allocated

Number of addresses being used.

misses

Number of failed allocations from the pool.

show ip nat statistics platform

The show ip nat statistics platform command, displays combined results of the following commands:
  • show platform hardware qfp active feature nat datapath stats

  • show platform software nat fp active qfp-stats

  • show platfor software Nat fp active msg-stats

  • show platform hardware qfp active feature nat datapath esp

  • show platform hardware qfp active feature nat datapath door

show ip nat statistics platform

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following is sample output from the show ip nat statistics platform command :

Examples

Device# show ip nat statistics platform
non_extended 0 entry_timeouts 0 statics 0 static net 0 hits 1752915 flowdb_hits 0 misses 0
non_natted_in2out 0 nat_bypass 0 non_natted_out2in 17805
Proxy stats:
ipc_retry_fail 0 cfg_rcvd 2 cfg_rsp 2
Number of sess 10 udp 10 tcp 0 icmp 0
Dump NAT QFP client stats
interface add: 6, upd: 0, del: 0, ack: 6, err: 0
timeout set: 12, ack: 12, err: 0
service set: 28, ack: 28, err: 0
modify-in-progress set: 0, ack: 0, err: 0
esp set: 0, ack: 0, err: 0
dnsv6 set: 1, ack: 1, err: 0
settings set: 0, ack: 0, err: 0
PAP settings set: 0, ack: 0, err: 0
Flow entries set: 1, ack: 1, err: 0
pool add: 1, del: 0, ack: 1, err: 0
addr range add: 1, upd: 0, del: 0, ack: 1, err: 0
static mapping add: 0, upd: 0, del: 0, ack: 0, err: 0
dyn mapping add: 1, upd: 0, del: 0, ack: 1, err: 0
dyn pat mapping add: 0, del: 0, ack: 0, err: 0
porlist add: 0, del: 0, ack: 0, err: 0
Logging add: 0, upd: 0, del: 0, ack: 0, err: 0
Per-VRF logging add: 0, upd: 0, del: 0, ack: 0, err: 0
Sess replicate add: 0, upd: 0, del: 0, ack: 0, err: 0
max entry set: 1, clr: 0, ack: 1, err: 0
ifaddr change notify: 0, ack: 0, err: 0
debug set: 0, clr: 0, ack: 0, err: 0
dp static-rt add: 0, del: 0, err: 0
dp ipalias add: 1, del: 0, err: 0
dp portlist req: 0, ret: 0, err: 0
dp wlan sess est: 0, term: 0, err: 0
mib setup enable: 0, disable: 0, ack: 0, err: 0
mib addr-bind query: 0, reply: 0, err: 0
MISC settings set: 0, ack: 0, err: 0
Gatekeeper settings set: 0, ack: 0, err: 0
Dump NAT RP-FP message stats
interface cfg: 4, add: 4, del: 0, upd: 0
timeout cfg: 12, add: 12, del: 0
service cfg: 28, add: 28, del: 0, upd: 0
modify-in-progress cfg: 0, add: 0, del: 0, upd: 0
esp cfg: 0, add: 0, del: 0, upd: 0
dnsv6 cfg: 1, add: 1, del: 0, upd: 0
settings cfg: 0, add: 0, del: 0, upd: 0
PAP settings cfg: 0, add: 0, del: 0, upd: 0
non-CLI clear translations exec: 0
pool cfg: 1, add: 1, del: 0, upd: 0
addr range cfg: 1, add: 1, upd: 0, del: 0
static mapping cfg: 0, add: 0, del: 0, upd: 0
dyn mapping cfg: 1, add: 1, del: 0, upd: 0
porlist event: 0, add: 0, del: 0
logging cfg: 0, add: 0, del: 0, upd: 0
per-VRF logging cfg: 0, add: 0, del: 0, upd: 0
replicate cfg: 0, add: 0, del: 0, upd: 0
max entry cfg: 0, add: 0, del: 0, upd: 0
Flow entries cfg: 1, add: 0, del: 0, upd: 0
ifaddr change event: 0
MIB query: 0
MISC settings cfg: 0
Gatekeeper settings cfg: 0, add: 0, del: 0, upd: 0
dp static-rt add: 0, del: 0
dp ipalias add: 1, del: 0
dp portlist req: 0, ret: 0
Stale event start: 0, end: 0
static translation cfg: 0, add: 0, del: 0, upd: 0
ESP global stats: esp_count 0 esp_limit_fail_count 0
DOOR global stats: door_count 0

show ip nat translations

To display active Network Address Translation ( NAT) translations, use the show ip nat translations command in EXEC mode.

show ip nat translations [inside global-ip] [outside local-ip] [esp] [icmp] [pptp] [tcp] [udp] [verbose] [vrf vrf-name]

Syntax Description

esp

(Optional) Displays Encapsulating Security Payload (ESP) entries.

icmp

(Optional) Displays Internet Control Message Protocol (ICMP) entries.

inside global-ip

(Optional) Displays entries for only a specific inside global IP address.

outside local-ip

(Optional) Displays entries for only a specific outside local IP address.

pptp

(Optional) Displays Point-to-Point Tunneling Protocol (PPTP) entries.

tcp

(Optional) Displays TCP protocol entries.

udp

(Optional) Displays User Datagram Protocol (UDP) entries.

verbose

(Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used.

vrf vrf-name

(Optional) Displays VPN routing and forwarding (VRF) traffic-related information.

Command Modes

EXEC

Command History

Release

Modification

11.2

This command was introduced.

12.2(13)T

The vrf vrf-name keyword and argument combination was added.

12.2(15)T

The esp keyword was added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

XE 2.4.2

The inside and outside keywords were added.

15.4(2)S

This command was implemented on the Cisco ASR 901 Series Aggregation Services Router.

Cisco IOS XE Everest 16.5.1

This command was modified. The output of this command was updated to display details about NAT port parity and conservation.

Examples

The following is sample output from the show ip nat translations command. Without overloading, two inside hosts are exchanging packets with some number of outside hosts.


Router# show ip nat translations
Pro Inside global      Inside local       Outside local      Outside global
--- 10.69.233.209     192.168.1.95       ---                ---
--- 10.69.233.210     192.168.1.89       ---                --

With overloading, a translation for a Domain Name Server (DNS) transaction is still active, and translations for two Telnet sessions (from two different hosts) are also active. Note that two different inside hosts appear on the outside with a single IP address.


Router# show ip nat translations
Pro Inside global        Inside local       Outside local      Outside global
udp 10.69.233.209:1220  192.168.1.95:1220  172.16.2.132:53    172.16.2.132:53
tcp 10.69.233.209:11012 192.168.1.89:11012 172.16.1.220:23    172.16.1.220:23
tcp 10.69.233.209:1067  192.168.1.95:1067  172.16.1.161:23    172.16.1.161:23

The following is sample output that includes the verbose keyword:


Router# show ip nat translations verbose
Pro Inside global        Inside local       Outside local      Outside global
udp 172.16.233.209:1220  192.168.1.95:1220  172.16.2.132:53    172.16.2.132:53
        create 00:00:02, use 00:00:00, flags: extended
tcp 172.16.233.209:11012 192.168.1.89:11012 172.16.1.220:23    172.16.1.220:23
        create 00:01:13, use 00:00:50, flags: extended
tcp 172.16.233.209:1067  192.168.1.95:1067  172.16.1.161:23    172.16.1.161:23
        create 00:00:02, use 00:00:00, flags: extended

The following is sample output that includes the vrf keyword:


Router# show ip nat translations vrf 
abc
Pro Inside global      Inside local       Outside local      Outside global
--- 10.2.2.1            192.168.121.113    ---                ---
--- 10.2.2.2            192.168.122.49     ---                ---
--- 10.2.2.11           192.168.11.1       ---                ---
--- 10.2.2.12           192.168.11.3       ---                ---
--- 10.2.2.13           172.16.5.20        ---                ---
Pro Inside global      Inside local       Outside local      Outside global
--- 10.2.2.3            192.168.121.113    ---                ---
--- 10.2.2.4            192.168.22.49      ---                ---

The following is sample output that includes the esp keyword:


Router# show ip nat translations esp
 
Pro Inside global         Inside local          Outside local         Outside global 
esp 192.168.22.40:0       192.168.122.20:0      192.168.22.20:0       192.168.22.20:28726CD9 
esp 192.168.22.40:0       192.168.122.20:2E59EEF5 192.168.22.20:0     192.168.22.20:0 

The following is sample output that includes the esp and verbose keywords:


Router# show ip nat translation esp verbose
 
Pro Inside global         Inside local          Outside local         Outside global 
esp 192.168.22.40:0       192.168.122.20:0      192.168.22.20:0       192.168.22.20:28726CD9 
    create 00:00:00, use 00:00:00, 
    flags:
extended, 0x100000, use_count:1, entry-id:192, lc_entries:0 
esp 192.168.22.40:0       192.168.122.20:2E59EEF5 192.168.22.20:0     192.168.22.20:0 
    create 00:00:00, use 00:00:00, left 00:04:59, Map-Id(In):20, 
    flags:
extended, use_count:0, entry-id:191, lc_entries:0 

The following is sample output that includes the inside keyword:


Router# show ip nat translations inside 10.69.233.209
Pro Inside global        Inside local       Outside local      Outside global
udp 10.69.233.209:1220  192.168.1.95:1220  172.16.2.132:53    172.16.2.132:53

The following is sample output when NAT that includes the inside keyword:


Router# show ip nat translations inside 10.69.233.209
Pro Inside global        Inside local       Outside local      Outside global
udp 10.69.233.209:1220  192.168.1.95:1220  172.16.2.132:53    172.16.2.132:53

The following is a sample output that displays information about NAT port parity and conservation:


Router# show ip nat translations 
Pro  Inside global         Inside local          Outside local         Outside global
udp  200.200.0.100:5066    100.100.0.56:5066     200.200.0.56:5060     200.200.0.56:5060
udp  200.200.0.100:1025    100.100.0.57:10001    200.200.0.57:10001    200.200.0.57:10001
udp  200.200.0.100:10000   100.100.0.56:10000    200.200.0.56:10000    200.200.0.56:10000
udp  200.200.0.100:1024    100.100.0.57:10000    200.200.0.57:10000    200.200.0.57:10000
udp  200.200.0.100:10001   100.100.0.56:10001    200.200.0.56:10001    200.200.0.56:10001
udp  200.200.0.100:9985    100.100.0.57:5066     200.200.0.57:5060     200.200.0.57:5060
Total number of translations: 6

The table below describes the significant fields shown in the display.

Table 6. show ip nat translations Field Descriptions

Field

Description

Pro

Protocol of the port identifying the address.

Inside global

The legitimate IP address that represents one or more inside local IP addresses to the outside world.

Inside local

The IP address assigned to a host on the inside network; probably not a legitimate address assigned by the Network Interface Card (NIC) or service provider.

Outside local

IP address of an outside host as it appears to the inside network; probably not a legitimate address assigned by the NIC or service provider.

Outside global

The IP address assigned to a host on the outside network by its owner.

create

How long ago the entry was created (in hours:minutes:seconds).

use

How long ago the entry was last used (in hours:minutes:seconds).

flags

Indication of the type of translation. Possible flags are:

  • extended--Extended translation

  • static--Static translation

  • destination--Rotary translation

  • outside--Outside translation

  • timing out--Translation will no longer be used, due to a TCP finish (FIN) or reset (RST) flag.

show ip nat translation entry-id platform

To display results of show platform hardware qfp active feature nat datapath sess-key command, use the show ip nat translation entry-id platform command in user EXEC or privileged EXEC mode.

show ip nat translation entry-idplatform

Syntax Description

entry-id

The hexadecimal value that can ne retrieved from the show ip nat translation verbose command.

For example:

show ip nat translations verbose
Pro Inside global Inside local Outside local Outside global
udp 59.59.1.1:1024 5.0.0.2:1024 6.0.0.2:63 6.0.0.2:63
create: 02/28/18 05:57:47, use: 02/28/18 20:55:46, timeout: 00:05:00
Map-Id(In): 1
Flags: unknown
Appl type: none
WLAN-Flags: unknown
Mac-Address: 0000.0000.0000 Input-IDB: GigabitEthernet0/0/0
entry-id: 0xe8f7e230.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following is sample output from the show ip nat translation entry-id platform command :

Examples

Device# show ip nat translation entry-id 0xe8f7e230 platform

ioaddr 5.0.0.2 ooaddr 6.0.0.2 ioport 1024 ooport 63 vrf 0 proto 17 limit type 1
itaddr 59.59.1.1 otaddr 6.0.0.2 itport 1024 otport 63 tableid 0
inmap 0xe9e455c0 outmap 0x0 nak_retry 0inmapid 1
inbindpar 0x0 outbindpar 0x0
insesspar 0x0 outsesspar 0x0
ipsec cookie or spi 0x0 timeout 300 last use ts 0xd2d9 0
appl data 0x0 flags 0x0 ifhandle 8 appl_type 43 rg 0
create time 26 refcnt 1

show ip nat translations redundancy

To display active Network Address Translations (NAT) redundancy information, use the show ip nat translations redundancy command in privileged EXEC mode.

show ip nat translations redundancy rg-id [verbose]

Syntax Description

rg-id

Redundancy group (RG) ID. Valid values are 1 and 2.

verbose

(Optional) Displays additional information for each translation table entry, including the time period when the entry was created and the duration for which it was used.

Command Modes

Privileged EXEC (#)

Command History

Release Modification

15.3(2)T

This command was introduced.

Usage Guidelines

Use the show ip nat translations redundancy command to display information about the NAT translations that belong to a specified RG.

Examples

The following is sample output from the show ip nat translations redundancy command for RG ID 1. The output fields are self-explanatory.

Device# show ip nat translations redundancy 1 verbose
--- 10.1.1.2            192.0.2.3            ---                ---
    create 00:00:10, use 00:00:10 timeout:0,
    flags:
static, created-by-local, use_count: 0, router/rg id: 0/1 ha_entry_num: 0 mapp_id[in/out]: 120/0, entry-id: 1, lc_entries: 0



show ip nhrp

To display Next Hop Resolution Protocol (NHRP) mapping information, use the show ip nhrp command in user EXEC or privileged EXEC mode.

show ip nhrp [ dynamic | incomplete | static ] [ address | interface ] [ brief | detail ] [purge] [shortcut] [remote] [local]

Syntax Description

dynamic

(Optional) Displays dynamic (learned) IP-to-nonbroadcast multiaccess address (NBMA) mapping entries. Dynamic NHRP mapping entries are obtained from NHRP resolution/registration exchanges. See the table below for types, number ranges, and descriptions.

incomplete

(Optional) Displays information about NHRP mapping entries for which the IP-to-NBMA is not resolved. See the table below for types, number ranges, and descriptions.

static

(Optional) Displays static IP-to-NBMA address mapping entries. Static NHRP mapping entries are configured using the ip nhrp map command. See the table below for types, number ranges, and descriptions.

address

(Optional) Displays NHRP mapping entries for specified protocol addresses.

interface

(Optional) Displays NHRP mapping entries for the specified interface. See the table below for types, number ranges, and descriptions.

brief

(Optional) Displays a short output of the NHRP mapping.

detail

(Optional) Displays detailed information about NHRP mapping.

purge

(Optional) Displays NHRP purge information.

shortcut

(Optional) Displays NHRP shortcut information.

remote

Displays the NHRP cache entries for remote networks.

Note

 
By default, cache entries for both local and remote networks are displayed.

local

Displays the NHRP cache entries for local networks.

Note

 
By default, cache entries for both local and remote networks are displayed.

self

(Optional) Displays the NHRP fake cache information

summary

(Optional) Displays the summary of NHRP cache

Command Modes

User EXEC (>) Privileged EXEC (#)

Command Default

Information is displayed for all NHRP mappings.

Command History

Release

Modification

10.3

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

12.4(22)T

The output of this command was extended to display the NHRP group received from the spoke.

Cisco IOS XE Release 2.5

This command was modified. Support was added for the shortcut keyword.

Cisco IOS XE Release 17.7.1.a

The remote and local keywords were integrated in this release.

Usage Guidelines

The table below lists the valid types, number ranges, and descriptions for the optional interface argument.


Note


The valid types can vary according to the platform and interfaces on the platform.


Table 7. Valid Types, Number Ranges, and Interface Description

Valid Types

Number Ranges

Interface Descriptions

async

1

Async

atm

0 to 6

ATM

bvi

1 to 255

Bridge-Group Virtual Interface

cdma-ix

1

CDMA Ix

ctunnel

0 to 2147483647

C-Tunnel

dialer

0 to 20049

Dialer

ethernet

0 to 4294967295

Ethernet

fastethernet

0 to 6

FastEthernet IEEE 802.3

lex

0 to 2147483647

Lex

loopback

0 to 2147483647

Loopback

mfr

0 to 2147483647

Multilink Frame Relay bundle

multilink

0 to 2147483647

Multilink-group

null

0

Null

port-channel

1 to 64

Port channel

tunnel

0 to 2147483647

Tunnel

vif

1

PGM multicast host

virtual-ppp

0 to 2147483647

Virtual PPP

virtual-template

1 to 1000

Virtual template

virtual-tokenring

0 to 2147483647

Virtual Token Ring

xtagatm

0 to 2147483647

Extended tag ATM

Examples

The following is sample output from the show ip nhrp command. This output shows the NHRP group received from the spoke:


Router# show ip nhrp
10.0.0.2/32 via 10.0.0.2, Tunnel0 created 00:17:49, expire 00:01:30
  Type: dynamic, Flags: unique registered used 
  NBMA address: 172.17.0.2 
  Group: test-group-0
10.0.0.3/32 via 10.0.0.3, Tunnel0 created 00:00:11, expire 01:59:48
  Type: dynamic, Flags: unique registered used 
  NBMA address: 172.17.0.3 
  Group: test-group-0
11.0.0.2/32 via 11.0.0.2, Tunnel1 created 00:17:49, expire 00:02:10
  Type: dynamic, Flags: unique registered used 
  NBMA address: 172.17.0.2 
  Group: test-group-1

The following is sample output from the show ip nhrp shortcut command:


Router#show ip nhrp shortcut
10.1.1.1/24 via 1.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24
   Type: dynamic, Flags: router rib 
   NBMA address: 10.12.1.1
10.1.1.2/24 via 1.1.1.22 Tunnel0 created 00:00:05, expire 00:02:24
   Type: dynamic, Flags: router rib nho 
   NBMA address: 10.12.1.2

The following is sample output from the show ip nhrp detail command:


Router# show ip nhrp detail
10.1.1.1/8 via 10.2.1.1, Tunnel1 created 00:46:29, never expire
  Type: static, Flags: used
  NBMA address: 10.12.1.1
10.1.1.2/8 via 10.2.1.2, Tunnel1 created 00:00:12, expire 01:59:47
  Type: dynamic, Flags: authoritative unique nat registered used
  NBMA address: 10.12.1.2
10.1.1.4, Tunnel1 created 00:00:07, expire 00:02:57
  Type: incomplete, Flags: negative
  Cache hits: 4

The following is sample output from the show ip nhrp local command:


Router# show ip nhrp local
Load for five secs: 100%/36%; one minute: 99%; five minutes: 99%
No time source, *12:44:19.808 UTC Tue Dec 7 2021
 
192.168.0.0/16 via 10.0.0.1
   Tunnel0 created 00:00:08, never expire 
   Type: static, Flags: local 
   NBMA address: 1.1.1.1 
    (no-socket)

The following is sample output from the show ip nhrp local detail command:


Router# show ip nhrp local detail
Load for five secs: 100%/48%; one minute: 99%; five minutes: 99%
No time source, *12:44:52.971 UTC Tue Dec 7 2021
 
192.168.0.0/16 via 10.0.0.1
   Tunnel0 created 00:00:41, never expire 
   Type: static, Flags: local 
   NBMA address: 1.1.1.1 
   Preference: 255
    (no-socket)

The following is sample output from the show ip nhrp local dynamic command:


Router# show ip nhrp local dynamic
Load for five secs: 99%/29%; one minute: 99%; five minutes: 99%
No time source, *12:45:15.567 UTC Tue Dec 7 2021

The following is sample output from the show ip nhrp remote command:


Router# show ip nhrp remote
Load for five secs: 99%/16%; one minute: 99%; five minutes: 99%
No time source, *12:45:36.789 UTC Tue Dec 7 2021
 
10.1.0.1/32 via 10.1.0.1
   Tunnel0 created 00:08:41, expire 00:12:55
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.1.1 
10.1.0.3/32 via 10.1.0.3
   Tunnel0 created 00:17:30, expire 00:12:36
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.3.1 
10.1.0.4/32 via 10.1.0.4
   Tunnel0 created 00:13:01, expire 00:14:31
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.4.1 
10.1.0.5/32 via 10.1.0.5
   Tunnel0 created 00:02:08, expire 00:12:51
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.5.1 
10.1.0.6/32 via 10.1.0.6
   Tunnel0 created 00:07:19, expire 00:07:41
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.6.1 
10.1.0.7/32 via 10.1.0.7
   Tunnel0 created 00:07:27, expire 00:14:57
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.7.1 
10.1.0.8/32 via 10.1.0.8
   Tunnel0 created 00:08:30, expire 00:06:31
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.8.1 
10.1.0.9/32 via 10.1.0.9
   Tunnel0 created 00:06:22, expire 00:12:34
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.9.1 
10.1.0.10/32 via 10.1.0.10
   Tunnel0 created 00:13:05, expire 00:11:14
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.10.1 
10.1.0.11/32 via 10.1.0.11
   Tunnel0 created 00:12:41, expire 00:06:29
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.11.1 
10.1.0.12/32 via 10.1.0.12
   Tunnel0 created 00:07:07, expire 00:07:52
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.12.1 
10.1.0.13/32 via 10.1.0.13
   Tunnel0 created 00:13:01, expire 00:14:14
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.13.1 
10.1.0.14/32 via 10.1.0.14
   Tunnel0 created 00:14:01, expire 00:00:58
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.14.1 
10.1.0.15/32 via 10.1.0.15
   Tunnel0 created 00:00:56, expire 00:14:03
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.15.1 
10.1.0.16/32 via 10.1.0.16
   Tunnel0 created 00:13:01, expire 00:11:07

The following is sample output from the show ip nhrp remote detail command:


Router# show ip nhrp remote detail
Load for five secs: 99%/27%; one minute: 99%; five minutes: 99%
No time source, *12:45:49.796 UTC Tue Dec 7 2021
 
10.1.0.1/32 via 10.1.0.1
   Tunnel0 created 00:08:54, expire 00:12:42
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.1.1 
   Preference: 192
10.1.0.3/32 via 10.1.0.3
   Tunnel0 created 00:17:43, expire 00:12:23
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.3.1 
   Preference: 192
10.1.0.4/32 via 10.1.0.4
   Tunnel0 created 00:13:14, expire 00:14:18
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.4.1 
   Preference: 192
10.1.0.5/32 via 10.1.0.5
   Tunnel0 created 00:02:21, expire 00:12:38
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.5.1 
   Preference: 192
10.1.0.6/32 via 10.1.0.6
   Tunnel0 created 00:07:32, expire 00:07:28
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.6.1 
   Preference: 192
10.1.0.7/32 via 10.1.0.7
  Tunnel0 created 00:07:40, expire 00:14:44
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.7.1 
   Preference: 192
10.1.0.8/32 via 10.1.0.8
   Tunnel0 created 00:08:43, expire 00:14:47
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.8.1 
   Preference: 192
10.1.0.9/32 via 10.1.0.9
   Tunnel0 created 00:06:35, expire 00:12:21
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.9.1 
   Preference: 192
10.1.0.10/32 via 10.1.0.10
   Tunnel0 created 00:13:18, expire 00:11:01
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.10.1 
   Preference: 192
10.1.0.11/32 via 10.1.0.11
   Tunnel0 created 00:12:54, expire 00:06:16
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.11.1 
   Preference: 192
10.1.0.12/32 via 10.1.0.12
   Tunnel0 created 00:07:20, expire 00:07:39
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.12.1 
   Preference: 192
10.1.0.13/32 via 10.1.0.13
   Tunnel0 created 00:13:14, expire 00:14:01
   Type: dynamic, Flags: registered nhop bfd

The following is sample output from the show ip nhrp remote dynamic command:


Router# show ip nhrp remote dynamic
Load for five secs: 100%/12%; one minute: 99%; five minutes: 99%
No time source, *12:48:52.151 UTC Tue Dec 7 2021
 
10.1.0.1/32 via 10.1.0.1
   Tunnel0 created 00:11:56, expire 00:12:31
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.1.1 
10.1.0.2/32 via 10.1.0.2
   Tunnel0 created 00:02:46, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.2.1 
10.1.0.3/32 via 10.1.0.3
   Tunnel0 created 00:20:45, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.3.1 
10.1.0.4/32 via 10.1.0.4
   Tunnel0 created 00:16:16, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.4.1 
10.1.0.5/32 via 10.1.0.5
   Tunnel0 created 00:05:23, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.5.1 
10.1.0.6/32 via 10.1.0.6
   Tunnel0 created 00:10:34, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.6.1 
10.1.0.7/32 via 10.1.0.7
   Tunnel0 created 00:10:42, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.7.1 
10.1.0.8/32 via 10.1.0.8
   Tunnel0 created 00:11:45, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.8.1 
10.1.0.9/32 via 10.1.0.9
   Tunnel0 created 00:09:38, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.9.1 
10.1.0.10/32 via 10.1.0.10
   Tunnel0 created 00:16:20, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.10.1 
10.1.0.11/32 via 10.1.0.11
   Tunnel0 created 00:15:56, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.11.1 
10.1.0.12/32 via 10.1.0.12
   Tunnel0 created 00:10:23, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.12.1 
10.1.0.13/32 via 10.1.0.13
   Tunnel0 created 00:16:16, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.13.1 
10.1.0.14/32 via 10.1.0.14
   Tunnel0 created 00:17:16, expire 00:12:32
   Type: dynamic, Flags: registered nhop bfd 
   NBMA address: 11.0.14.1 
10.1.0.15/32 via 10.1.0.15
   Tunnel0 created 00:04:11, expire 00:12:32

The following is sample output from the show ip nhrp remote self command:


Router# show ip nhrp remote dynamic
Load for five secs: 55%/3%; one minute: 62%; five minutes: 87%
No time source, *12:50:24.793 UTC Tue Dec 7 2021
 
10.0.0.1/32 via 10.0.0.1
   Tunnel0 created 06:46:47, never expire 
   Type: static, Flags: router unique local 
   NBMA address: 1.1.1.1 
    (no-socket) 
Metadata Exchange Framework:
Type State
1   Reset
MEF ext data:0x0
2   Reset
MEF ext data:0x0
3   Reset
MEF ext data:0x0

The following is sample output from the show ip nhrp remote summary command:


Router# show ip nhrp remote summary
Load for five secs: 20%/0%; one minute: 50%; five minutes: 79%
No time source, *12:51:38.026 UTC Tue Dec 7 2021
 
IP NHRP cache 10000 entries, 7680000 bytes
    1 static   9999 dynamic    0 incomplete
9999 Remote
    0 static   9999 dynamic    0 incomplete
    9999 nhop     9999 bfd
    0 default  0 temporary
    0 route
        0 rib (0 H    0 nho)
        0 bgp
    0 lfib
1 Local
    1 static   0 dynamic    0 incomplete
    0 lfib

The following is sample output from the show ip nhrp remote static tu1 command:


Router# show ip nhrp remote static tu1
10.0.0.1/32 (VPN1) via 10.0.0.1
   Tunnel1 created 1d06h, never expire 
   Type: static, Flags: bfd 
   NBMA address: 1.1.1.1 
spoke1#sh ip nhrp remote static tu11
10.0.0.1/32 (VPN11) via 10.0.0.1
   Tunnel11 created 1d06h, never expire 
   Type: static, Flags: bfd 
   NBMA address: 1.1.1.1

The table below describes the significant fields shown in the displays.

Table 8. show ip nhrp Field Descriptions

Field

Description

10.1.1.1/8

Target network.

via 10.2.1.1

Next Hop to reach the target network.

Tunnel1

Interface through which the target network is reached.

created 00:00:12

Length of time since the entry was created (hours:minutes:seconds).

expire 01:59:47

Time remaining until the entry expires (hours:minutes:seconds).

never expire

Indicates that static entries never expire.

Type

  • dynamic--NHRP mapping is obtained dynamically. The mapping entry is created using information from the NHRP resolution and registrations.

  • static--NHRP mapping is configured statically. Entries configured by the ip nhrp map command are marked static.

  • incomplete--The NBMA address is not known for the target network.

NBMA address

Nonbroadcast multiaccess address of the next hop. The address format is appropriate for the type of network being used: ATM, Ethernet, Switched Multimegabit Data Service (SMDS), or multipoint tunnel.

Flags

  • authoritative--Indicates that the NHRP information was obtained directly from the Next Hop Server or router that maintains and is authoritative for the NBMA-to-IP address mapping for a particular destination.

  • implicit--Indicates that the local node learned about the NHRP mapping entries from the source mapping information of an NHRP resolution request received by the local router, or from an NHRP resolution packet being forwarded through the local router.

  • local--Indicates NHRP mapping entries that are for networks local to this router (that is, serviced by this router). These flag entries are created when this router answers an NHRP resolution request that has this information and is used to store the transport (tunnel) IP address of all the other NHRP nodes to which it has sent this information. If for some reason this router loses access to this local network (that is, it can no longer service this network), it sends an NHRP purge message to all remote NHRP nodes that are listed in the “local” entry (in show ip nhrp detail command output) to tell the remote nodes to clear this information from their NHRP mapping tables. This local mapping entry times out of the local NHRP mapping database at the same time that this information (from the NHRP resolution reply) would time out of the NHRP mapping database on the remote NHRP nodes.

  • nat--Indicates that the remote node (NHS client) supports the new NHRP NAT extension type for dynamic spoke-spoke tunnels to/from spokes behind a NAT router. This marking does not indicate that the spoke (NHS client) is behind a NAT router.

Flags (continued)

  • negative--For negative caching, indicates that the requested NBMA mapping has not yet been or could not be obtained. When NHRP sends an NHRP resolution request, an incomplete (negative) NHRP mapping entry for the address is inserted in the resolution request. This insertion suppresses any more triggering of NHRP resolution requests while the resolution request is being resolved. If configured, any encryption parameters (IKE/IPsec) for the tunnel are negotiated.

  • (no socket)--Indicates that the NHRP mapping entries will not trigger IPsec to set up encryption because data traffic does not need to use this tunnel. Later, if data traffic needs to use this tunnel, the flag will change from a “(no socket)” to a “(socket)” entry and IPsec will be triggered to set up the encryption for this tunnel. Local and implicit NHRP mapping entries are always initially marked as “(no socket).” By default, NHRP caches source information from NHRP resolution request or replies as they go through the system. To allow this caching to continue, but not have the entry create an IPsec socket, they are marked as (no socket). If this was not done there would be extra IPsec sockets from the hubs to the various spokes that either were not used or were used for only one or two packets while a direct spoke-to-spoke tunnel was being built. Data packets and NHRP packets that arrive on the tunnel interface and are forwarded back out the tunnel interface are not allowed to use the (no socket) NHRP mappings for forwarding. Because, in this case, the router is an intermediate node in the path between the two endpoints and we only want to create short-cut tunnels between the initial entrance and final exit point of the DMVPN (NBMA) network and not between any intermediate nodes. If at some point the router receives a data packet that has a source interface that is not the tunnel interface and it would use the (no socket) mapping entry, the router converts the (no socket) entry to a (socket) entry. In this case, this router is the entrance (or exit) point of the NBMA (for this traffic stream).

Flags (continued)

  • (no socket) (continued)--These (no socket) mapping entries are marked (non-authoritative); only mappings from NHRP registrations are marked (authoritative). The NHRP resolution requests are also marked (authoritative), which means that the NHRP resolution request can be answered only from an (authoritative) NHRP mapping entry. A (no socket) mapping entry will not be used to answer an NHRP resolution request and the NHRP resolution request will be forwarded to the NHS of the nodes .

  • registered--Indicates that the mapping entry was created in response to an NHRP registration request. Although registered mapping entries are dynamic entries, they may not be refreshed through the “used” mechanism. Instead, these entries are refreshed by another NHRP registration request with the same transport (tunnel) IP to NBMA address mapping. The Next Hop Client (NHC) periodically sends NHRP registration requests to keep these mappings from expiring.

  • router--Indicates that NHRP mapping entries for a remote router (that is accessing a network or host behind the remote router) are marked with the router flag.

  • unique--NHRP registration requests have the unique flag set on by default. This flag indicates that an NHRP mapping entry cannot be overwritten by a mapping entry that has the same IP address and a different NBMA address. When a spoke has a statically configured outside IP (NBMA) address, this is used to keep another spoke that is mis-configured with the same transport (tunnel) IP address from overwriting this entry. If a spoke has a dynamic outside IP (NBMA) address, you can configure the ip nhrp registration no-unique command on the spoke to clear this flag. This configuration allows the registered NHRP mapping entry for that spoke on the hub to be overwritten with a new NBMA address. This is necessary in this case because the spoke's outside IP (NBMA) address can change at any time. If the “unique” flag was set, the spoke would have to wait for the mapping entry on the hub to time out before it could register its new (NBMA) mapping.

Flags (continued)

  • used--When data packets are process-switched and this mapping entry was used, the mapping entry is marked as used. The mapping database is checked every 60 seconds. If the used flag is set and more than 120 seconds remain until expire time, the used flag is cleared. If fewer than 120 seconds are left, this mapping entry is “refreshed” by the transmission of another NHRP resolution request.

Note

 
When using DMVPN Phase 3 in 12.4(6)T, CEF switched packets will also set the “used” flag, and these entries will be timed out and refreshed as described in the “used” flag description above.

show ip nhrp group-map

To display the details of NHRP group mappings, use the show ip nhrp group-map command in user EXEC or privileged EXEC mode.

show ip nhrp group-map [group-name]

Syntax Description

group-name

(Optional) Name of an NHRP group mapping for which information will be displayed.

Command Default

Information is displayed for all NHRP group mappings.

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.4(22)T

This command was introduced.

Usage Guidelines

This command displays the details on NHRP group mappings on the hub along with the list of tunnels using each of the NHRP groups defined in the mappings. In combination with the show ip nhrp command, this command lets you easily determine which QoS policy map is applied to a specific tunnel endpoint.

This command displays the details of the specified NHRP group mapping. The details include the associated QoS policy name and the list of tunnel endpoints using the QoS policy. If no option is specified, it displays the details of all NHRP group mappings.

Examples

The following is sample output from the show ip nhrp group-map command:


Router# show ip nhrp group-map
Interface: Tunnel0
 NHRP group: test-group-0
  QoS policy: queueing
  Tunnels using the QoS policy:
  Tunnel destination overlay/transport address
  10.0.0.2/172.17.0.2
  10.0.0.3/172.17.0.3
Interface: Tunnel1
 NHRP group: test-group-1
  QoS policy: queueing
  Tunnels using the QoS policy:
  Tunnel destination overlay/transport address
  11.0.0.2/172.17.0.2
 NHRP group: test-group-2
  QoS policy: p1
  Tunnels using the QoS policy: None

The following is sample output from the show ip nhrp group-map command for an NHRP group named test-group-0:


Router# show ip nhrp group-map test-group-0
Interface: Tunnel0
 NHRP group: test-group-0
  QoS policy: queueing
  Tunnels using the QoS policy:
  Tunnel destination overlay/transport address
  10.0.0.2/172.17.0.2
  10.0.0.3/172.17.0.3

The table below describes the significant fields shown in the displays.

Table 9. show ip nhrp group-map Field Descriptions

Field

Description

Interface

Interface on which the policy is configured.

NHRP group

NHRP group associated with the QoS policy on the interface.

QoS policy

QoS policy configured on the interface.

Tunnels using the QoS Policy

List of tunnel endpoints using the QoS policy.

Tunnel destination overlay/transport address

Tunnel destination overlay address (such as the tunnel endpoint address).

show ip nhrp multicast

To display Next Hop Resolution Protocol (NHRP) multicast mapping information, use the show ip nhrp multicast command in user EXEC or privileged EXEC mode.

show ip nhrp multicast [nbma-address | interface]

Syntax Description

nbma-address

(Optional) Displays multicast mapping information for the specified NBMA address.

interface

(Optional) Displays all multicast mapping entries of the NHRP network for the interface. See the table below for types, number ranges, and descriptions.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release

Modification

12.4(7)

This command was introduced.

Usage Guidelines

The table below lists the valid types, number ranges, and descriptions for the optional interface argument.


Note


The valid types can vary according to the platform and interfaces on the platform.
Table 10. Interface Types, Valid Numbers, and Interface Descriptions

Interface Types

Valid Numbers

Interface Descriptions

async

1

Async

atm

0 to 6

ATM

bvi

1 to 255

Bridge-Group Virtual Interface

cdma-ix

1

CDMA Ix

ctunnel

0 to 2147483647

C-Tunnel

dialer

0 to 20049

Dialer

ethernet

0 to 4294967295

Ethernet

fastethernet

0 to 6

FastEthernet IEEE 802.3

lex

0 to 2147483647

Lex

loopback

0 to 2147483647

Loopback

mfr

0 to 2147483647

Multilink Frame Relay bundle

multilink

0 to 2147483647

Multilink-group

null

0

Null

port-channel

1 to 64

Port channel

tunnel

0 to 2147483647

Tunnel

vif

1

PGM multicast host

virtual-ppp

0 to 2147483647

Virtual PPP

virtual-template

1 to 1000

Virtual template

virtual-tokenring

0 to 2147483647

Virtual Token Ring

xtagatm

0 to 2147483647

Extended tag ATM

Examples

The following is sample output from the show ip nhrp multicast command:


Router# show ip nhrp multicast
  I/F     NBMA address
Tunnel1    1.1.1.1         Flags: static

The table below describes the fields shown in the display.

Table 11. show ip nhrp Field Descriptions

Field

Description

I/F

Interface associated with the multicast mapping entry.

NBMA address

Nonbroadcast Multiaccess Address to which multicast packets will be sent. The address format is appropriate for the type of network used: ATM, Ethernet, SMDS, or multipoint tunnel.

Flags

  • static—Indicates that the multicast mapping entry is configured statically by the ip nhrp map multicast command.

  • dynamic—Indicates that the multicast mapping entry is obtained dynamically. A multicast mapping entry is created for each registered Next Hop Client (NHC) when the ip nhrp map multicast dynamic command is configured.

show ip nhrp multicast stats

To display multicast mapping statistics for one or all interfaces, use the show ip nhrp multicast stats command in privileged EXEC mode. The command displays statistics such as the count of enqueued, dequeued, and dropped packets.

show ip nhrp multicast [interface-name] stats

Syntax Description

interface-name

Displays multicast mapping statistics for the specified interface.

Example: show ip nhrp multicast tunnel0 stats

Command Modes

Privileged EXEC

Command History

Release Modification
Cisco IOS XE Release 16.8.1

Command introduced.

Examples

Router#show ip nhrp multicast stats
Legend: (m/n) - (m packets/n milliseconds)
============================================================================================

Global stats 
Total multicast pkts enqueued    102 
Total multicast failed to enqueue 0 
Total multicast pkts dequeued     102 
Invalid multicast pkts dequeued   0 
Total multicast pkts dropped      0 

Interface stats
                                  Enqueued/Failed             Dequeued/Rep fail       Dropped
                           --------------------------  --------------------------  ----------
 Tu0     (250    /     10)               51/0                         51/0                  0

show ip nhrp nhs

To display Next Hop Resolution Protocol (NHRP) next hop server (NHS) information, use the show ip nhrp nhs command in user EXEC or privileged EXEC mode.

show ip nhrp nhs [interface] [detail]

Syntax Description

interface

(Optional) Displays NHS information currently configured on the interface. See the table below for types, number ranges, and descriptions.

detail

(Optional) Displays detailed NHS information.

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

10.3

This command was introduced.

12.2(33)SRB

This command was integrated into Cisco IOS release 12.2(33)SRB.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

The table below lists the valid types, number ranges, and descriptions for the optional interface argument.


Note


The valid types can vary according to the platform and interfaces on the platform.


Table 12. Valid Types, Number Ranges, and Interface Descriptions

Valid Types

Number Ranges

Interface Descriptions

async

1

Async

atm

0 to 6

ATM

bvi

1 to 255

Bridge-Group Virtual Interface

cdma-ix

1

CDMA Ix

ctunnel

0 to 2147483647

C-Tunnel

dialer

0 to 20049

Dialer

ethernet

0 to 4294967295

Ethernet

fastethernet

0 to 6

FastEthernet IEEE 802.3

lex

0 to 2147483647

Lex

loopback

0 to 2147483647

Loopback

mfr

0 to 2147483647

Multilink Frame Relay bundle

multilink

0 to 2147483647

Multilink-group

null

0

Null

port-channel

1 to 64

Port channel

tunnel

0 to 2147483647

Tunnel

vif

1

PGM multicast host

virtual-ppp

0 to 2147483647

Virtual PPP

virtual-template

1 to 1000

Virtual template

virtual-tokenring

0 to 2147483647

Virtual Token Ring

xtagatm

0 to 2147483647

Extended tag ATM

Examples

The following is sample output from the show ip nhrp nhs detail command:


Router# show ip nhrp nhs detail
Legend:
  E=Expecting replies
  R=Responding
Tunnel1:
  5.1.1.1           E  req-sent 128  req-failed 1  repl-recv 0
Pending Registration Requests:
Registration Request: Reqid 1, Ret 64  NHS 5.1.1.1

The table below describes the significant field shown in the display.

Table 13. show ip nhrp nhs Field Descriptions

Field

Description

Tunnel1

Interface through which the target network is reached.

show ip nhrp redirect

To display Next Hop Resolution Protocol (NHRP) redirect table information, use the show ip nhrp redirect command in user EXEC or privileged EXEC mode.

show ip nhrp redirect statistics

Command Modes

User EXEC (>) Privileged EXEC (#)

Command History

Release

Modification

12.2SX

This command was introduced.

Examples

The following is sample output from the show ip nhrp redirect command:


Router# show ip nhrp redirect

I/F      NBMA address          Destination           Drop Count    Expiry
 
Tunnel43   10.232.195.197         10.138.140.33          2     00:00:05
Tunnel43   10.232.195.193         10.138.140.33         54     00:00:05
Tunnel43   10.232.195.185         10.138.140.33          1     00:00:06
Tunnel43   10.232.195.189         10.138.140.33          0     00:00:07
Tunnel43   10.232.195.205         10.138.153.66         52     00:00:07


This output shows the content of the NHRP redirect table on the node. An entry in output indicates that further redirect messages to the NBMA address for the destination will be suppressed as long as the corresponding entry doesn't expire

The table below describes the fields shown in the command output.

Table 14. show ip nhrp redirect command- Field Descriptions

Field Output

Description

NBMA Address

Displays the address where the redirect message is sent to. This is the NBMA address of the source spoke.

Destination

Displays the destination IP address from the data packet that triggered the NHRP redirect. This is the LAN address that is behind the destination spoke.

Drop Count

Displays the number of redirect messages throttled due to presence of this entry in the redirect table .

Expiry

Displays the lifetime of the redirect entry. The default max lifetime is 8 seconds. At expiry of the lifetime, the entry is deleted and new redirect messages with these details can be sent by this node if there are further data packets matching these entries .

Examples

The following is sample output from the show ip nhrp redirect statistics command:


Router# show ip nhrp redirect statistics

DMVPN Redirect Indications throttled: 7


show ip nhrp summary

To display Next Hop Resolution Protocol (NHRP) mapping summary information, use the show ip nhrp summary command in user EXEC or privileged EXEC mode.

show ip nhrp summary

Command Modes

User EXEC Privileged EXEC

Command History

Release

Modification

10.3

This command was introduced.

12.2(33)SRB

This command was integrated into Cisco IOS release 12.2(33)SRB.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following is sample output from the show ip nhrp summary command:


Router# show ip nhrp summary
IP NHRP cache 1 entry, 256 bytes
    1 static  0 dynamic  0 incomplete

The table below describes the significant field shown in the display.

Table 15. show ip nhrp summary Field Descriptions

Field Output

Description

dynamic

NHRP mapping is obtained dynamically. The mapping entry is created using information from the NHRP resolution and registrations

static

NHRP mapping is configured statically. Entries configured by the ip nhrp map command are marked static.

incomplete

NBMA address is not known for the target network.

show ip nhrp traffic

To display Next Hop Resolution Protocol (NHRP) traffic statistics, use the show ip nhrp traffic command in privileged EXEC mode.

show ip nhrp traffic [throttled | interface {tunnel number | Virtual-Access number}]

Syntax Description

throttled

(Optional) Displays information about NHRP traffic that is throttled.

interface

(Optional) Displays NHRP traffic information for a given interface.

tunnel number

Specifies the tunnel interface number.

Virtual-Access number

Specifies the virtual access interface number.

Command Modes

Privileged EXEC (#)

Command History

Release

Modification

10.3

This command was introduced.

12.4(6)T

This command was modified. The show output was enhanced to display information about traffic indication (redirects).

12.4(9)T

This command was modified. The interface and tunnel keywords and the number argument were added.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Cisco IOS XE Release 2.5

This command was integrated into Cisco IOS XE Release 2.5.

15.3(2)T

This command was modified. The Virtual-Access number keyword-argument pair was added.

Cisco IOS XE 16.3.2

This command was modified. The throttled keyword was added.

Usage Guidelines

Replacing ip in the command name with ipv6 shows IPv6-specific traffic.

Examples

The following example shows sample output for NHRP traffic statistics for tunnel interface 0:


Device# show ip nhrp traffic interface tunnel0
Tunnel0: Max-send limit:100Pkts/10Sec, Usage:0%
   Sent: Total 79
         18 Resolution Request  10 Resolution Reply  42 Registration Request  
         0 Registration Reply  3 Purge Request  6 Purge Reply  
         0 Error Indication  0 Traffic Indication  
   Rcvd: Total 69
         10 Resolution Request  15 Resolution Reply  0 Registration Request  
         36 Registration Reply  6 Purge Request  2 Purge Reply  
         0 Error Indication  0 Traffic Indication

The table below describes the significant fields shown in the display.

Table 16. show ip nhrp traffic Field Descriptions

Field

Description

Tunnel0

Interface type and number.

Max-send limit

Maximum number of NHRP messages that can be sent by this station in the given interval.

Resolution Request

Number of NHRP resolution request packets originated from or received by this station.

Resolution Reply

Number of NHRP resolution reply packets originated from or received by this station.

Registration Request

Number of NHRP registration request packets originated from or received by this station.

Registration Reply

Number of NHRP registration reply packets originated from or received by this station.

Purge Request

Number of NHRP purge request packets originated from or received by this station.

Purge Reply

Number of NHRP purge reply packets originated from or received by this station.

Error Indication

Number of NHRP error packets originated from or received by this station.

Traffic Indication

Number of NHRP traffic indication packets (redirects) originated from or received by this station.

The following example shows sample output for the show ip nhrp traffic command with the throttled keyword applied:

SPOKE1#show ip nhrp traffic throttled 
Tunnel1: Max-send limit:10000Pkts/10Sec, Usage:0%
   Sent: Total 0
         0 Resolution Request  0 Resolution Reply  0 Registration Request  
         0 Registration Reply  0 Purge Request  0 Purge Reply  
         0 Error Indication  0 Traffic Indication  0 Redirect Suppress  
   Rcvd: Total 0
         0 Resolution Request  0 Resolution Reply  0 Registration Request  
         0 Registration Reply  0 Purge Request  0 Purge Reply  
         0 Error Indication  0 Traffic Indication  0 Redirect Suppress

show ip route dhcp

To display the routes added to the routing table by the Dynamic Host Configuration Protocol (DHCP) server and relay agent, use the show ip route dhcp command in privileged EXEC configuration mode.

show ip route [vrf vrf-name] dhcp [ip-address]

Syntax Description

vrf

(Optional) Specifies VPN routing and forwarding (VRF) instance.

vrf-name

(Optional) Name of the VRF.

ip-address

(Optional) Address about which routing information should be displayed.

Command Default

No default behavior or values

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2

This command was introduced.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

12.2SX

This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

To display information about global routes, use the show ip route dhcp command. To display routes in the VRF routing table, use the show ip route vrf vrf-name dhcp command.

Examples

The following is sample output from the show ip route dhcp command when entered without an address. This command lists all routes added by the DHCP server and relay agent.


Router# show ip route dhcp 
  10.5.5.56/32 is directly connected, ATM0.2
  10.5.5.217/32 is directly connected, ATM0.2

The following is sample output from the show ip route dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.


Router# show ip route dhcp 10.5.5.217
 
  10.5.5.217 is directly connected, ATM0.2
    DHCP Server: 10.9.9.10   Lease expires at Nov 08 2001 01:19 PM

The following is sample output from the show ip route vrf vrf-name dhcp command when entered without an address:


Router# show ip route vrf abc dhcp
  10.5.5.218/32 is directly connected, ATM0.2

The following is sample output from the show ip route vrf vrf-name dhcp command when an address is specified. The output shows the details of the address with the server address (who assigned it) and the lease expiration time.


Router# show ip route vrf red dhcp 10.5.5.218
  10.5.5.218/32 is directly connected, ATM0.2
    DHCP Server: 10.9.9.10   Lease expires at Nov 08 2001 03:15PM

show ip snat

To display active Stateful Network Address Translation (SNAT) translations, use the show ip snat command in EXEC mode.

show ip snat [distributed [verbose] | peer ip-address]

Syntax Description

distributed

(Optional) Displays information about the distributed NAT, including its peers and status.

verbose

(Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used.

peer ip-address

(Optional) Displays TCP connection information between peer routers.

Command Modes

EXEC

Command History

Release

Modification

12.2(13)T

This command was introduced.

Examples

The following is sample output from the show ip snat distributed command for stateful NAT connected peers:


Router# show ip snat distributed
Stateful NAT Connected Peers
SNAT: Mode PRIMARY
:State READY
:Local Address 192.168.123.2
:Local NAT id 100
:Peer Address 192.168.123.3
:Peer NAT id 200
:Mapping List 10

The following is sample output from the show ip snat distributed verbose command for stateful NAT connected peers:


Router# show ip snat distributed verbose
SNAT: Mode PRIMARY
Stateful NAT Connected Peers
:State READY
:Local Address 192.168.123.2
:Local NAT id 100
:Peer Address 192.168.123.3
:Peer NAT id 200
:Mapping List 10
:InMsgs 7, OutMsgs 7, tcb 0x63EBA408, listener 0x0

show ip source binding

To display IP-source bindings configured on the system, use the show ip source command command in privileged EXEC mode.

show ip source binding [ip-address] [mac-address] [dhcp-snooping | static] [vlan vlan-id] [interface type mod/ port]

Syntax Description

ip-address

(Optional) Binding IP address.

mac-address

(Optional) Binding MAC address.

dhcp-snooping

(Optional) Specifies DHCP snooping binding entry.

static

(Optional) Specifies a static binding entry.

vlan vlan-id

(Optional) Specifies the Layer 2 VLAN identification; valid values are from 1 to 4094.

interface type

(Optional) Interface type; possible valid values are fastethernet , gigabitethernet , tengigabitethernet , port-channel num , and vlan vlan-id .

mod / port

Module and port number.

Command Default

Both static and DHCP-snooping bindings are displayed.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(33)SXH

This command was introduced.

Usage Guidelines

Each optional parameter is used to filter the display output.

Examples

This example shows the output without entering any keywords:

Router# show ip source binding


MacAddress             IpAddress       Lease(sec) Type          VLAN Interface
------------------     --------------- ---------- ------------- ---- --------------------
00:00:00:0A:00:0B      17.16.0.1        infinite   static        10   FastEthernet6/10
00:00:00:0A:00:0A      17.16.0.2        10000      dhcp-snooping 10   FastEthernet6/11

This example shows how to display the static IP binding entry for a specific IP address:


Router# show ip source binding 17.16.0.1 0000.000A.000B static vlan 10 interface gigabitethernet6/10
MacAddress          IpAddress        Lease(sec)  Type           VLAN  Interface 
------------------  ---------------  ----------  -------------  ----  -------------------- 
00:00:00:0A:00:0B   17.16.0.1         infinite    static         10    FastEthernet6/10 

The table below describes the significant fields in the display.

Table 17. show ip source binding Field Descriptions

Field

Description

MAC Address

Client hardware MAC address.

IP Address

Client IP address assigned from the DHCP server.

Lease (seconds)

IP address lease time.

Type

Binding type; static bindings configured from CLI to dynamic binding learned from DHCP snooping.

VLAN

VLAN number of the client interface.

Interface

Interface that connects to the DHCP client host.

show ip verify source

To display the IP source guard configuration and filters on a particular interface, use the show ip verify source command in EXEC mode.

show ip verify source [interface type mod/ port] [efp_id efp_id]

Syntax Description

interface type

(Optional) Specifies the interface type; possible valid values are fastethernet , gigabitethernet , tengigabitethernet , port-channel num , and vlan vlan-id .

mod / port

Module and port number.

efp_id

(Optional) Specifies the Ethernet flow point (EFP) (service instance) ID.

efp_id

EFP number; range is 1 to 8000.

Command Default

This command has no default settings.

Command Modes

EXEC (#)

Command History

Release

Modification

12.2(33)SXH

This command was introduced.

12.2(33)SRD

The efp_id efp_id keyword and argument were added.

Usage Guidelines

Enable port security first because the DHCP security MAC filter cannot apply to the port or VLAN.

Examples

This example shows the display when DHCP snooping is enabled on VLANs 10 to 20, the interface has IP source filter mode that is configured as IP, and there is an existing IP address binding 10.0.0.1 on VLAN 10:


Router# show ip verify source interface gigabitethernet6/1
Interface  Filter-type  Filter-mode  IP-address       Mac-address     Vlan
---------  -----------  -----------  ---------------  --------------  ---------
gi6/1      ip           active       10.0.0.1                         10
gi6/1      ip           active       deny-all     			               11-20

This example shows how to display the IP source guard configuration and filters on a specific interface:


Router# show ip verify source interface gigabitethernet6/1
Interface  Filter-type  Filter-mode  IP-address       Mac-address     Vlan
---------  -----------  -----------  ---------------  --------------  ---------
gi6/1      ip           inactive-trust-port

This example shows the display when the interface does not have a VLAN enabled for DHCP snooping:


Router# show ip verify source interface gigabitethernet6/3
Interface  Filter-type  Filter-mode  IP-address       Mac-address     Vlan
---------  -----------  -----------  ---------------  --------------  ---------
gi6/3      ip           inactive-no-snooping-vlan

This example shows the display when the interface has an IP source filter mode that is configured as IP MAC and an existing IP MAC binds 10.0.0.2/aaaa.bbbb.cccc on VLAN 10 and 10.0.0.1/aaaa.bbbb.cccd on VLAN 11:


Router# show ip verify source interface gigabitethernet6/4
Interface  Filter-type  Filter-mode  IP-address       Mac-address     Vlan
---------  -----------  -----------  ---------------  --------------  ---------
gi6/4      ip-mac       active       10.0.0.2         aaaa.bbbb.cccc  10
gi6/4      ip-mac       active       10.0.0.1         aaaa.bbbb.cccd  11
gi6/4      ip-mac       active       deny-all         deny-all        12-20

This example shows the display when the interface has an IP source filter mode that is configured as IP MAC and an existing IP MAC binding 10.0.0.3/aaaa.bbbb.ccce on VLAN 10, but port security is not enabled on the interface:


Router# show ip verify source interface gigabitethernet6/5
Interface  Filter-type  Filter-mode  IP-address       Mac-address     Vlan
---------  -----------  -----------  ---------------  --------------  ---------
gi6/5      ip-mac       active       10.0.0.3         permit-all      10
gi6/5      ip-mac       active       deny-all         permit-all      11-20

This example shows the display when the interface does not have IP source filter mode configured:


Router# show ip verify source interface gigabitethernet6/6
DHCP security is not configured on the interface gi6/6.

This example shows how to display all the interfaces on the switch that have DHCP snooping security enabled:


Router# show ip verify source
 
Interface  Filter-type  Filter-mode  IP-address       Mac-address     Vlan
---------  -----------  -----------  ---------------  --------------  ---------
gi6/1      ip           active       10.0.0.1                         10
gi6/1      ip           active       deny-all                         11-20
gi6/2      ip           inactive-trust-port
gi6/3      ip           inactive-no-snooping-vlan
gi6/4      ip-mac       active       10.0.0.2         aaaa.bbbb.cccc  10
gi6/4      ip-mac       active       11.0.0.1         aaaa.bbbb.cccd  11
gi6/4      ip-mac       active       deny-all         deny-all        12-20
gi6/5      ip-mac       active       10.0.0.3         permit-all      10
gi6/5      ip-mac       active       deny-all         permit-all      11-20
Router# 

This example shows how to display all the interfaces on the switch that have DHCP snooping security enabled:


Router# show ip verify source interface gi5/0/0 efp_id 10
Interface  Filter-type  Filter-mode  IP-address       Mac-address        Vlan        EFP ID
---------    -----------    -----------      ---------------     -----------------     ----------  ----------
Gi5/0/0    ip-mac       active          123.1.1.1        00:0A:00:0A:00:0A  100        10  
Gi5/0/0    ip-mac       active          123.1.1.2        00:0A:00:0A:00:0B  100        20  
Gi5/0/0    ip-mac       active          123.1.1.3        00:0A:00:0A:00:0C  100        30  

show ipv6 dhcp

To display the Dynamic Host Configuration Protocol (DHCP) unique identifier (DUID) on a specified device, use the show ipv6 dhcp command in user EXEC or privileged EXEC mode.

show ipv6 dhcp

Syntax Description

This command has no arguments or keywords.

Command Modes


User EXEC
Privileged EXEC

Command History

Release

Modification

12.3(4)T

This command was introduced.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

Usage Guidelines

The show ipv6 dhcp command uses the DUID based on the link-layer address for both client and server identifiers. The device uses the MAC address from the lowest-numbered interface to form the DUID. The network interface is assumed to be permanently attached to the device. Use the show ipv6 dhcp command to display the DUID of a device.

Examples

The following is sample output from the show ipv6 dhcp command. The output is self-explanatory:


Router# show ipv6 dhcp 
This device's DHCPv6 unique identifier(DUID): 000300010002FCA5DC1C

show ipv6 dhcp binding

To display automatic client bindings from the Dynamic Host Configuration Protocol (DHCP) for IPv6 server binding table, use the show ipv6 dhcp binding command in user EXEC or privileged EXEC mode.

show ipv6 dhcp binding [ipv6-address] [vrf vrf-name]

Syntax Description

ipv6-address

(Optional) The address of a DHCP for IPv6 client.

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes


User EXEC (>)
Privileged EXEC (#)

Command History

Release

Modification

12.3(4)T

This command was introduced.

12.4

This command was modified. Command output was updated to display a PPP username associated with a binding.

12.4(24)T

This command was modified. Command output was updated to display address bindings.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

15.1(2)S

This command was modified. The vrf vrf-name keyword and argument were added.

Cisco IOS XE Release 3.3S

This command was modified. The vrf vrf-name keyword and argument were added.

Usage Guidelines

The show ipv6 dhcp binding command displays all automatic client bindings from the DHCP for IPv6 server binding table if the ipv6-address argument is not specified. When the ipv6-address argument is specified, only the binding for the specified client is displayed.

If the vrf vrf-name keyword and argument combination is specified, all bindings that belong to the specified VRF are displayed.

Examples

The following sample output displays all automatic client bindings from the DHCP for IPv6 server binding table:


Router# show ipv6 dhcp binding
Client: FE80::A8BB:CCFF:FE00:300 
  DUID: 00030001AABBCC000300
  Username : client_1
  Interface: Virtual-Access2.1
  IA PD: IA ID 0x000C0001, T1 75, T2 135
    Prefix: 2001:380:E00::/64
            preferred lifetime 150, valid lifetime 300
            expires at Dec 06 2007 12:57 PM (262 seconds)
Client: FE80::A8BB:CCFF:FE00:300 (Virtual-Access2.2) 
  DUID: 00030001AABBCC000300
  IA PD: IA ID 0x000D0001, T1 75, T2 135
    Prefix: 2001:0DB8:E00:1::/64
            preferred lifetime 150, valid lifetime 300
            expires at Dec 06 2007 12:58 PM (288 seconds)

The table below describes the significant fields shown in the display.

Table 18. show ipv6 dhcp binding Field Descriptions

Field

Description

Client

Address of a specified client.

DUID

DHCP unique identifier (DUID).

Virtual-Access2.1

First virtual client. When an IPv6 DHCP client requests two prefixes with the same DUID but a different identity association for prefix delegation (IAPD ) on two different interfaces, these prefixes are considered to be for two different clients, and interface information is maintained for both.

Username : client_1

The username associated with the binding.

IA PD

Collection of prefixes assigned to a client.

IA ID

Identifier for this IAPD.

Prefix

Prefixes delegated to the indicated IAPD on the specified client.

preferred lifetime, valid lifetime

The preferred lifetime and valid lifetime settings, in seconds, for the specified client.

Expires at

Date and time at which the valid lifetime expires.

Virtual-Access2.2

Second virtual client. When an IPv6 DHCP client requests two prefixes with the same DUID but different IAIDs on two different interfaces, these prefixes are considered to be for two different clients, and interface information is maintained for both.

When the DHCPv6 pool on the Cisco IOS DHCPv6 server is configured to obtain prefixes for delegation from an authentication, authorization, and accounting (AAA) server, it sends the PPP username from the incoming PPP session to the AAA server for obtaining the prefixes. The PPP username is associated with the binding is displayed in output from the show ipv6 dhcp binding command. If there is no PPP username associated with the binding, this field value is displayed as "unassigned."

The following example shows that the PPP username associated with the binding is "client_1":


Router# show ipv6 dhcp binding
Client: FE80::2AA:FF:FEBB:CC 
  DUID: 0003000100AA00BB00CC 
  Username : client_1
  Interface : Virtual-Access2
  IA PD: IA ID 0x00130001, T1 75, T2 135
    Prefix: 2001:0DB8:1:3::/80
            preferred lifetime 150, valid lifetime 300
            expires at Aug 07 2008 05:19 AM (225 seconds)

The following example shows that the PPP username associated with the binding is unassigned:


Router# show ipv6 dhcp binding 
Client: FE80::2AA:FF:FEBB:CC 
  DUID: 0003000100AA00BB00CC 
  Username : unassigned 
  Interface : Virtual-Access2 
  IA PD: IA ID 0x00130001, T1 150, T2 240 
    Prefix: 2001:0DB8:1:1::/80 
            preferred lifetime 300, valid lifetime 300 
            expires at Aug 11 2008 06:23 AM (233 seconds) 

show ipv6 dhcp conflict

To display address conflicts found by a Dynamic Host Configuration Protocol for IPv6 (DHCPv6) server when addresses are offered to the client, use the show ipv6 dhcp conflict command in privileged EXEC mode.

show ipv6 dhcp conflict [ipv6-address] [vrf vrf-name]

Syntax Description

ipv6-address

(Optional) The address of a DHCP for IPv6 client.

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

12.4(24)T

This command was introduced.

Cisco IOS XE Release 2.5

This command was integrated into Cisco IOS XE Release 2.5.

15.1(2)S

This command was modified. The vrf vrf-name keyword and argument were added.

Cisco IOS XE Release 3.3S

This command was modified. The vrf vrf-name keyword and argument were added.

Cisco IOS XE Release 3.2SE

This command was integrated into Cisco IOS XE Release 3.2SE.

Usage Guidelines

When you configure the DHCPv6 server to detect conflicts, it uses ping. The client uses neighbor discovery to detect clients and reports to the server through a DECLINE message. If an address conflict is detected, the address is removed from the pool, and the address is not assigned until the administrator removes the address from the conflict list.

Examples

The following is a sample output from the show ipv6 dhcp conflict command. This command shows the pool and prefix values for DHCP conflicts.:


Router# show ipv6 dhcp conflict
Pool 350, prefix 2001:0DB8:1005::/48
	    2001:0DB8:1005::10

show ipv6 dhcp database

To display the Dynamic Host Configuration Protocol (DHCP) for IPv6 binding database agent information, use the show ipv6 dhcp database command in user EXEC or privileged EXEC mode.

show ipv6 dhcp database [agent-URL]

Syntax Description

agent-URL

(Optional) A flash, NVRAM, FTP, TFTP, or remote copy protocol (RCP) uniform resource locator.

Command Modes


User EXEC
Privileged EXEC

Command History

Release

Modification

12.3(4)T

This command was introduced.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

Usage Guidelines

Each permanent storage to which the binding database is saved is called the database agent. An agent can be configured using the ipv6 dhcp database command. Supported database agents include FTP and TFTP servers, RCP, Flash file system, and NVRAM.

The show ipv6 dhcp database command displays DHCP for IPv6 binding database agent information. If the agent-URL argument is specified, only the specified agent is displayed. If the agent-URL argument is not specified, all database agents are shown.

Examples

The following is sample output from the show ipv6 dhcp database command:


Router# show ipv6 dhcp database 
Database agent tftp://172.19.216.133/db.tftp:
  write delay: 69 seconds, transfer timeout: 300 seconds
  last written at Jan 09 2003 01:54 PM,
     write timer expires in 56 seconds
  last read at Jan 06 2003 05:41 PM
  successful read times 1
  failed read times 0
  successful write times 3172
  failed write times 2
Database agent nvram:/dhcpv6-binding:
  write delay: 60 seconds, transfer timeout: 300 seconds
  last written at Jan 09 2003 01:54 PM,
     write timer expires in 37 seconds
  last read at never
  successful read times 0
  failed read times 0
  successful write times 3325
  failed write times 0
Database agent flash:/dhcpv6-db:
  write delay: 82 seconds, transfer timeout: 3 seconds
  last written at Jan 09 2003 01:54 PM,
    write timer expires in 50 seconds
  last read at never
  successful read times 0
  failed read times 0
  successful write times 2220
  failed write times 614

The table below describes the significant fields shown in the display.

Table 19. show ipv6 dhcp database Field Descriptions

Field

Description

Database agent

Specifies the database agent.

Write delay

The amount of time (in seconds) to wait before updating the database.

transfer timeout

Specifies how long (in seconds) the DHCP server should wait before terminating a database transfer. Transfers that exceed the timeout period are terminated.

Last written

The last date and time bindings were written to the file server.

Write timer expires...

The length of time, in seconds, before the write timer expires.

Last read

The last date and time bindings were read from the file server.

Successful/failed read times

The number of successful or failed read times.

Successful/failed write times

The number of successful or failed write times.

show ipv6 dhcp guard policy

To display Dynamic Host Configuration Protocol for IPv6 (DHCPv6) guard information, use the show ipv6 dhcp guard policy command in privileged EXEC mode.

show ipv6 dhcp guard policy [policy-name]

Syntax Description

policy-name

(Optional) DHCPv6 guard policy name.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

15.2(4)S

This command was introduced.

Usage Guidelines

If the policy-name argument is specified, only the specified policy information is displayed. If the policy-name argument is not specified, information is displayed for all policies.

Examples

The following is sample output from the show ipv6 dhcp guard guard command:


        
	
Router#show ipv6 dhcp guard policy

Dhcp guard policy: default
        Device Role: dhcp client
        Target: Et0/3 

Dhcp guard policy: test1
        Device Role: dhcp server
        Target: vlan 0    vlan 1    vlan 2    vlan 3    vlan 4   
        Max Preference: 200
        Min Preference: 0
        Source Address Match Access List: acl1
        Prefix List Match Prefix List: pfxlist1

Dhcp guard policy: test2
        Device Role: dhcp relay
        Target: Et0/0 Et0/1 Et0/2 


      

The table below describes the significant fields shown in the display.

Table 20. show ipv6 dhcp guard Field Descriptions

Field

Description

Device Role

The role of the device. The role is either client, server or relay.

Target

The name of the target. The target is either an interface or a VLAN.

show ipv6 dhcp-ldra

To display configuration details and statistics for a Lightweight DHCPv6 Relay Agent (LDRA), use the show ipv6 dhcp-ldra command in user EXEC or privileged EXEC mode.

show ipv6 dhcp-ldra [statistics]

Syntax Description

statistics

(Optional) Displays LDRA-related statistics.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release Modification

15.1(2)SG

This command was introduced.

Cisco IOS XE Release 3.4SG

This command was integrated into Cisco IOS XE Release 3.4SG.

Usage Guidelines

Use this command to view the number and type of DHCPv6 packets received or processed, the number and type of DHCPv6 messages dropped, error counters, and the interface state (client-facing trusted interface, server-facing interface, and so on).

You can also view LDRA configuration details, such as the type of LDRA configuration and the interface or VLAN where the LDRA is configured.

Examples

The following sample output displays LDRA configuration details before initiating a DHCP session. The fields in the example below are self-explanatory.


Device> enable
Device # show ipv6 dhcp-ldra statistics 


                DHCPv6 LDRA client facing statistics.

Messages received                0
Messages sent                    0
Messages discarded               0

                DHCPv6 LDRA server facing statistics.

Messages received                0
Messages sent                    0
Messages discarded               0

The following sample output displays LDRA configuration details after initiating a DHCP session. The fields in the example below are self-explanatory.

Device> enable

Device # show ipv6 dhcp-ldra statistics

 
                  DHCPv6 LDRA client facing statistics.

Messages received                2
Messages sent                    2
Messages discarded               0

Messages                         Received
SOLICIT                          1
REQUEST                          1

Messages                         Sent
RELAY-FORWARD                    2

                DHCPv6 LDRA server facing statistics.


Messages received                2
Messages sent                    2
Messages discarded               0

Messages                         Received
RELAY-REPLY                      2

Messages                         Sent
ADVERTISE                        1
REPLY                            1

The following sample output displays LDRA configuration details. The fields in the example below are self-explanatory.


Device> enable
Device # show ipv6 dhcp-ldra



DHCPv6 LDRA is Enabled.
DHCPv6 LDRA policy: client-facing-disable
       Target: none
DHCPv6 LDRA policy: client-facing-trusted
       Target: vlan 5
DHCPv6 LDRA policy: client-facing-untrusted
       Target: none
DHCPv6 LDRA policy: server-facing
       Target: Gi1/0/7

show ipv6 dhcp pool

To display Dynamic Host Configuration Protocol (DHCP) for IPv6 configuration pool information, use the show ipv6 dhcp pool command in user EXEC or privileged EXEC mode.

show ipv6 dhcp pool [poolname]

Syntax Description

poolname

(Optional) User-defined name for the local prefix pool. The pool name can be a symbolic string (such as "Engineering") or an integer (such as 0).

Command Modes


User EXEC
Privileged EXEC

Command History

Release

Modification

12.3(4)T

This command was introduced.

12.4(24)T

Command output was updated to display address pools and prefix pools.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

12.2(33)XNE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)XNE.

Usage Guidelines

Use the ipv6 dhcp pool command to create a configuration pool, and use the ipv6 dhcp server command to associate the configuration pool with a server on an interface.

The show ipv6 dhcp pool command displays DHCP for IPv6 configuration pool information. If the poolname argument is specified, only information on the specified pool is displayed. If the poolname argument is not specified, information about all pools is shown.

Examples

The following sample output displays DHCP for IPv6 configuration pool information:


Router# show ipv6 dhcp pool
 
DHCPv6 pool: svr-p1
  Static bindings:
    Binding for client 000300010002FCA5C01C
      IA PD: IA ID 00040002, 
        Prefix: 3FFE:C00:C18:3::/72
                preferred lifetime 604800, valid lifetime 2592000
      IA PD: IA ID not specified; being used by 00040001
        Prefix: 3FFE:C00:C18:1::/72
                preferred lifetime 240, valid lifetime 54321
        Prefix: 3FFE:C00:C18:2::/72
                preferred lifetime 300, valid lifetime 54333
        Prefix: 3FFE:C00:C18:3::/72
                preferred lifetime 280, valid lifetime 51111
  Prefix from pool: local-p1, Valid lifetime 12345, Preferred lifetime 180
  DNS server: 1001::1
  DNS server: 1001::2
  Domain name: example1.net
  Domain name: example2.net
  Domain name: example3.net
Active clients: 2

The table below describes the significant fields shown in the display.

Table 21. show ipv6 dhcp pool Field Descriptions

Field

Description

DHCPv6 pool: svr-p1

The name of the pool.

IA PD

Identity association for prefix delegation (IAPD), which is a collection of prefixes assigned to a client.

IA ID

Identifier for this IAPD.

Prefix

Prefixes to be delegated to the indicated IAPD on the specified client.

preferred lifetime, valid lifetime

Lifetimes, in seconds, associated with the prefix statically assigned to the specified client.

DNS server

IPv6 addresses of the DNS servers.

Domain name

Displays the DNS domain search list.

Active clients

Total number of active clients.

show ipv6 dhcp interface

To display Dynamic Host Configuration Protocol (DHCP) for IPv6 interface information, use the show ipv6 dhcp interface command in user EXEC or privileged EXEC mode.

show ipv6 dhcp interface [type number]

Syntax Description

type number

(Optional) Interface type and number. For more information, use the question mark (? ) online help function.

Command Modes


User EXEC
Privileged EXEC

Command History

Release

Modification

12.3(4)T

This command was introduced.

12.3(11)T

Command output was modified to allow relay agent information to be displayed on a specified interface if the relay agent feature is configured on that interface.

12.4(24)T

Command output was updated to display interface address assignments and T1 and T2 renew/rebind times.

Cisco IOS XE Release 2.1

This command was integrated into Cisco IOS XE Release 2.1.

12.2(33)SRE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRE.

12.2(33)XNE

This command was modified. It was integrated into Cisco IOS Release 12.2(33)XNE.

Usage Guidelines

If no interfaces are specified, all interfaces on which DHCP for IPv6 (client or server) is enabled are shown. If an interface is specified, only information about the specified interface is displayed.

Examples

The following is sample output from the show ipv6 dhcp interface command. In the first example, the command is used on a router that has an interface acting as a DHCP for IPv6 server. In the second example, the command is used on a router that has an interface acting as a DHCP for IPv6 client:


Router1# show ipv6 dhcp interface
Ethernet2/1 is in server mode
  Using pool: svr-p1
  Preference value: 20
  Rapid-Commit is disabled
Router2# show ipv6 dhcp interface
Ethernet2/1 is in client mode
  State is OPEN (1)
  List of known servers:
    Address: FE80::202:FCFF:FEA1:7439, DUID 000300010002FCA17400
    Preference: 20
      IA PD: IA ID 0x00040001, T1 120, T2 192
        Prefix: 3FFE:C00:C18:1::/72
                preferred lifetime 240, valid lifetime 54321
                expires at Nov 08 2002 09:10 AM (54319 seconds)
        Prefix: 3FFE:C00:C18:2::/72
                preferred lifetime 300, valid lifetime 54333
                expires at Nov 08 2002 09:11 AM (54331 seconds)
        Prefix: 3FFE:C00:C18:3::/72
                preferred lifetime 280, valid lifetime 51111
                expires at Nov 08 2002 08:17 AM (51109 seconds)
      DNS server: 1001::1
      DNS server: 1001::2
      Domain name: domain1.net
      Domain name: domain2.net 
      Domain name: domain3.net
    Prefix name is cli-p1
    Rapid-Commit is enabled

The table below describes the significant fields shown in the display.

Table 22. show ipv6 dhcp interface Field Descriptions

Field

Description

Ethernet2/1 is in server/client mode

Displays whether the specified interface is in server or client mode.

Preference value:

The advertised (or default of 0) preference value for the indicated server.

Prefix name is cli-p1

Displays the IPv6 general prefix pool name, in which prefixes successfully acquired on this interface are stored.

Using pool: svr-p1

The name of the pool that is being used by the interface.

State is OPEN

State of the DHCP for IPv6 client on this interface. "Open" indicates that configuration information has been received.

List of known servers

Lists the servers on the interface.

Address, DUID

Address and DHCP unique identifier (DUID) of a server heard on the specified interface.

Rapid commit is disabled

Displays whether the rapid-commit keyword has been enabled on the interface.

The following example shows the DHCP for IPv6 relay agent configuration on FastEthernet interface 0/0, and use of the show ipv6 dhcp interface command displays relay agent information on FastEthernet interface 0/0:


Router(config-if)# ipv6 dhcp relay destination FE80::250:A2FF:FEBF:A056 FastEthernet0/1
Router# show ipv6 dhcp interface FastEthernet 0/0
FastEthernet0/0 is in relay mode 
  Relay destinations:
    FE80::250:A2FF:FEBF:A056 via FastEthernet0/1 

show ipv6 dhcp relay binding

To display DHCPv6 Internet Assigned Numbers Authority (IANA) and DHCPv6 Identity Association for Prefix Delegation (IAPD) bindings on a relay agent, use the show ipv6 dhcp relay binding command in user EXEC or privileged EXEC mode.

show ipv6 dhcp relay binding [vrf vrf-name]

Syntax Description

vrf vrf-name

(Optional) Specifies a virtual routing and forwarding (VRF) configuration.

Command Modes


User EXEC (>)
Privileged EXEC (#)

Command History

Release

Modification

15.1(2)S

This command was introduced.

Cisco IOS XE Release 3.3S

This command was integrated into Cisco IOS XE Release 3.3S.

15.2(1)S

This command was modified. In addition to DHCPv6 IAPD bindings, DHCPv6 IANA bindings on a relay agent can be displayed.

Cisco IOS XE Release 3.5S

This command was modified. In addition to DHCPv6 IAPD bindings, DHCPv6 IANA bindings on a relay agent can be displayed.

12.2(33)SCF4

This command was implemented on Cisco uBR10012 and Cisco uBR7200 series universal broadband devices.

15.3(3)M

This command was integrated into Cisco IOS Release 15.3(3)M.

Usage Guidelines

If the vrf vrf-name keyword-argument pair is specified, all bindings belonging to the specified VRF are displayed.


Note


Only the DHCPv6 IAPD bindings on a relay agent are displayed on the Cisco uBR10012 and Cisco uBR7200 series universal broadband devices.


Examples

The following is sample output from the show ipv6 dhcp relay binding command:


Device# show ipv6 dhcp relay binding

The following example shows output from the show ipv6 dhcp relay binding command with a specified VRF name on a Cisco uBR10012 universal broadband device:

Device# show ipv6 dhcp relay binding vrf vrf1

Prefix: 2001:DB8:0:1:/64 (Bundle100.600)
  DUID: 000300010023BED94D31
  IAID: 3201912114
  lifetime: 600

The table below describes the significant fields shown in the display.

Table 23. show ipv6 dhcp relay binding Field Descriptions

Field

Description

Prefix

IPv6 prefix for DHCP.

DUID

DHCP Unique Identifier (DUID) for the IPv6 relay binding.

IAID

Identity Association Identification (IAID) for DHCP.

lifetime

Lifetime of the prefix, in seconds.

show ipv6 dhcp route

To display routes added by Dynamic Host Configuration Protocol for IPv6 (DHCPv6) on the DHCPv6 server for Internet Assigned Numbers Authority (IANA) and Identity Association for Prefix Delegation (IAPD), use the show ipv6 dhcp route command in privileged EXEC mode.

show ipv6 dhcp route {vrf vrf-name} {* | ipv6-address | ipv6-prefix}

Syntax Description

vrf vrf-name

Specifies a virtual routing and forwarding (VRF) configuration.

*

Displays all the DHCPv6 relay bindings.

ipv6-address

DHCPv6 address.

ipv6-prefix

IPv6 prefix.

Command Modes


Privileged EXEC (#)

Command History

Release

Modification

15.2(1)S

This command was introduced.

Cisco IOS XE Release 3.5S

This command was integrated into Cisco IOS XE Release 3.5S.

Examples

The following is sample output from the show ipv6 dhcp route command:


Router# show ipv6 dhcp route vrf vrfname 2001:0DB8:3333:4::5/126

show ip nat pool platform

To display results of show platform software nat fp active pool command, use the show ip nat pool platform command in user EXEC or privileged EXEC mode.

show ip nat pool platform

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following is sample output from the show ip nat pool platform command :

Examples

Device# show ip nat pool name natpool1 platform

Dump NAT pool config
ID: 1, Name: nat_pool1, Type: Generic, Mask: 255.255.0.0
Flags: Unknown, Acct name:
Address range blocks: 1
Start: 192.0.2.1, End: 192.0.2.254
Last stats update: 02/28 05:57:02.263
Last refcount value: 1

show ip nat pool name platform

To display combined results of show platform hardware qfp active feature nat datapath pool and show platform software nat f0 pool-stats id command, use the show ip nat pool name platform command in user EXEC or privileged EXEC mode.

show ip nat pool platform

Syntax Description

pool-name

Name of the NAT address pool for which information will be displayed.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release Modification

Cisco IOS XE Gibraltar 16.10.1

This command was introduced.

Examples

The following is sample output from the show ip nat pool name platform command :

Examples

Device# show ip nat pool name natpool1 platform

Total translations: 2 (0 static, 2 dynamic; 0 extended)
Outside interfaces: Serial0
Inside interfaces: Ethernet1
Hits: 135 Misses: 5
Expired translations: 2
Dynamic mappings:
-- Inside Source
access-list 1 pool net-208 refcount 2
pool net-208: netmask 255.255.255.240
start 172.16.233.208 end 172.16.233.221
type generic, total addresses 14, allocated 2 (14%), misses 0

show ipv6 nat statistics

To display Network Address Translation--Protocol Translation (NAT-PT) statistics, use the show iv6 nat statistics command in user EXEC or privileged EXEC mode.

show ipv6 nat statistics

Syntax Description

This command has no arguments or keywords.

Command Modes


User EXEC
Privileged EXEC

Command History

Release

Modification

12.2(13)T

This command was introduced.

Examples

The following is sample output from the show ipv6 nat statistics command:


Router# show ipv6 nat statistics
Total active translations: 4 (2 static, 2 dynamic; 2 extended) 
NAT-PT interfaces: 
  Ethernet3/1, Ethernet3/3 
Hits: 1  Misses: 1 
Expired translations: 0 

The table below describes the significant fields shown in the display.

Table 24. show ipv6 nat statistics Field Descriptions

Field

Description

Total active translations

Number of translations active in the system. This number increments by one each time a translation is created and is decremented each time a translation is cleared or times out. Displays the numbers for each type of translation.

NAT-PT interfaces

The interfaces, by type and number, that are configured to run NAT-PT translations.

Hits

Number of times the software does a translations table lookup and finds an entry.

Misses

Number of times the software does a translations table lookup, fails to find an entry, and must try to create one.

Expired translations

Cumulative count of translations that have expired since the router was booted.

show ipv6 nat translations

To display active Network Address Translation--Protocol Translation (NAT-PT) translations, use the show ip nat translations command in user EXEC or privileged EXEC mode.

show ipv6 nat translations [icmp | tcp | udp] [verbose]

Syntax Description

icmp

(Optional) Displays detailed information about NAT-PT ICMP translation events.

tcp

(Optional) Displays detailed information about NAT-PT TCP translation events.

udp

(Optional) Displays detailed information about NAT-PT User Datagram Protocol (UDP) translation events.

verbose

(Optional) Displays additional information for each translation table entry, including how long ago the entry was created and used.

Command Modes


User EXEC
Privileged EXEC

Command History

Release

Modification

12.2(13)T

This command was introduced.

Examples

The following is sample output from the show ip nat translations command. Two static translations have been configured between an IPv4 source address and an IPv6 destination, and vice versa.


Router# show ipv6 nat translations
Prot  IPv4 source              IPv6 source 
      IPv4 destination         IPv6 destination 
---   ---                      --- 
      192.168.123.2            2001::2 
---   ---                      --- 
      192.168.122.10           2001::10 
tcp   192.168.124.8,11047      3002::8,11047 
      192.168.123.2,23         2001::2,23 
udp   192.168.124.8,52922      3002::8,52922 
      192.168.123.2,69         2001::2,69 
udp   192.168.124.8,52922      3002::8,52922 
      192.168.123.2,52922      2001::2,52922 
---   192.168.124.8            3002::8 
      192.168.123.2            2001::2 
---   192.168.124.8            3002::8 
      ---                      --- 
---   192.168.121.4            5001::4 
      ---                      ---

The following is sample output that includes the verbose keyword:


Router# show ipv6 nat translations verbose
Prot  IPv4 source              IPv6 source 
      IPv4 destination         IPv6 destination 
---   ---                      --- 
      192.168.123.2            2001::2 
      create 00:04:24, use 00:03:24, 
---   ---                      --- 
      192.168.122.10           2001::10 
      create 00:04:24, use 00:04:24, 
tcp   192.168.124.8,11047      3002::8,11047 
      192.168.123.2,23         2001::2,23 
      create 00:03:24, use 00:03:20, left 00:16:39, 
udp   192.168.124.8,52922      3002::8,52922 
      192.168.123.2,69         2001::2,69 
      create 00:02:51, use 00:02:37, left 00:17:22, 
udp   192.168.124.8,52922      3002::8,52922 
      192.168.123.2,52922      2001::2,52922 
      create 00:02:48, use 00:02:30, left 00:17:29, 
---   192.168.124.8            3002::8 
      192.168.123.2            2001::2 
      create 00:03:24, use 00:02:34, left 00:17:25, 
---   192.168.124.8            3002::8 
      ---                      --- 
      create 00:04:24, use 00:03:24, 
---   192.168.121.4            5001::4 
      ---                      --- 
      create 00:04:25, use 00:04:25,

The table below describes the significant fields shown in the display.

Table 25. show ipv6 nat translations Field Descriptions

Field

Description

Prot

Protocol of the port identifying the address.

IPv4 source/IPv6 source

The IPv4 or IPv6 source address to be translated.

IPv4 destination/IPv6 destination

The IPv4 or IPv6 destination address.

create

How long ago the entry was created (in hours:minutes:seconds).

use

How long ago the entry was last used (in hours:minutes:seconds).

left

Time before the entry times out (in hours:minutes:seconds).

show logging ip access-list

To display information about the logging IP access list, use the show logging ip access-list command in privileged EXEC mode.

show logging ip access-list {cache | config}

Syntax Description

cache

Displays information about all the entries in the Optimized ACL Logging (OAL) cache.

config

Displays information about the logging IP access-list configuration.

Command Default

This command has no default settings.

Command Modes

Privileged EXEC

Command History

Release

Modification

12.2(17d)SXB

Support for this command was introduced on the Supervisor Engine 720.

12.2(18)SXE

This command was changed to include the config keyword on the Supervisor Engine 720 only.

12.2(33)SRA

This command was integrated into Cisco IOS Release 12.2(33)SRA.

Usage Guidelines

This command is supported on Cisco 7600 series routers that are configured with a Supervisor Engine 720 only.

OAL is supported on IPv4 unicast traffic only.

Examples

This example shows how to display all the entries in the OAL cache:


Router# show logging ip access-list cache
Matched flows: 
id prot src_ip dst_ip sport dport status count 
total lastlog 
--------------------------------------------------------------------------------------
1 17 10.2.1.82 10.2.12.2 111 63 Permit 0 
3906 2d02h 
2 17 10.2.1.82 10.2.12.2 1135 63 Permit 0 
3906 2d02h 
3 17 10.2.1.82 10.2.12.2 2159 63 Permit 0 
3906 2d02h 
4 17 10.2.1.82 10.2.12.2 3183 63 Permit 0 
3906 2d02h 
5 17 10.2.1.82 10.2.12.2 4207 63 Permit 0 
3906 2d02h 
6 17 10.2.1.82 10.2.12.2 5231 63 Deny 0 
3906 2d02h 
7 17 10.2.1.82 10.2.12.2 6255 63 Deny 0 
3906 2d02h 
8 17 10.2.1.82 10.2.12.2 7279 63 Permit 0 
3906 2d02h 
9 17 10.2.1.82 10.2.12.2 8303 63 Permit 0 
3906 2d02h 
10 17 10.2.1.82 10.2.12.2 9327 63 Permit 0 
3905 2d02h 
11 17 10.2.1.82 10.2.12.2 10351 63 Permit 0 
3905 2d02h 
12 17 10.2.1.82 10.2.12.2 11375 63 Permit 0 
3905 2d02h 
13 17 10.2.1.82 10.2.12.2 12399 63 Deny 0 
3905 2d02h 
14 17 10.2.1.82 10.2.12.2 13423 63 Permit 0 
3905 2d02h 
15 17 10.2.1.82 10.2.12.2 14447 63 Deny 0 
3905 2d02h 
16 17 10.2.1.82 10.2.12.2 15471 63 Permit 0 
3905 2d02h 
17 17 10.2.1.82 10.2.12.2 16495 63 Permit 0 
3905 2d02h 
18 17 10.2.1.82 10.2.12.2 17519 63 Permit 0 
3905 2d02h 
19 17 10.2.1.82 10.2.12.2 18543 63 Permit 0 
3905 2d02h 
20 17 10.2.1.82 10.2.12.2 19567 63 Permit 0 
3905 2d02h
Number of entries: 20 
Number of messages logged: 112 
Number of packets logged: 11200 
Number of packets received for logging: 11200

This example shows how to display information about the logging IP access-list configuration:


Router# show logging ip access-list config 
Logging ip access-list configuration
 Maximum number of cached entries: 8192
 Logging rate limiter: 0
 Log-update interval: 300
 Log-update threshold: 0
 Configured on input direction:
        Vlan2
        Vlan1
 Configured on output direction:
        Vlan2

show mdns cache

To display multicast Domain Name System (mDNS) cache information, use the show mdns cache command in user EXEC or privileged EXEC mode.

show mdns cache [ interface type number [ detail] | [ name record-name] [ type record-type] [ detail]]

Syntax Description

interface type number

(Optional) Displays mDNS cache information for the specified interface.

detail
(Optional) Displays detailed mDNS cache information for the specified interface or record.

Note

 

You can use the detail keyword for a specific interface, record or type. You cannot use it independently with the show mdns cache command.

name record-name

(Optional) Displays mDNS cache information for the specified record.

type record-type

(Optional) Displays mDNS cache information for the specific record type.


Note


You can view mDNS cache information for a specific record type and record name by using the keyword-argument pair combination name record-name type record-type.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release

Modification

15.2(1)E

This command was introduced.

15.2(1)SY

This command was integrated into Cisco IOS Release 15.2(1)SY.

15.5(2)S

This command was integrated into Cisco IOS Release 15.5(2)S.