The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
Contents
This module describes how to:
Your software release may not support all the features documented in this module. For the latest caveats and feature information, see Bug Search Tool and the release notes for your platform and software release. To find information about the features documented in this module, and to see a list of the releases in which each feature is supported, see the feature information table at the end of this module.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Before performing the tasks in this module, you must be familiar with the concepts described in the “Configuring NAT for IP Address Conservation” module and have NAT configured in your network.
Syslog for Network Address Translation (NAT) is not supported.
There are two basic types of IP Network Address Translation (NAT) translation information:
Translation entry information includes the following:
Statistical information includes the following:
NAT does not support access control lists (ACLs) with the log option. The same functionality can be achieved by using one of the following options:
1.
enable
2.
show
ip
nat
translations
[verbose]
3.
show
ip
nat
statistics
The following is sample output from the show ip nat translations command:
Device# show ip nat translations Pro Inside global Inside local Outside local Outside global tcp 192.168.1.1:514 192.168.2.3:53 192.168.2.22:256 192.168.2.22:256 tcp 192.168.1.1:513 192.168.2.2:53 192.168.2.22:256 192.168.2.22:256 tcp 192.168.1.1:512 192.168.2.4:53 192.168.2.22:256 192.168.2.22:256 Total number of translations: 3
The following is sample output from the show ip nat translations verbose command:
Device# show ip nat translations verbose Pro Inside global Inside local Outside local Outside global tcp 192.168.1.1:514 192.168.2.3:53 192.168.2.22:256 192.168.2.22:256 create 04/09/11 10:51:48, use 04/09/11 10:52:31, timeout: 00:01:00 Map-Id(In):1, Mac-Address: 0000.0000.0000 Input-IDB: GigabitEthernet0/3/1 entry-id: 0x8ef80350, use_count:1 tcp 192.168.1.1:513 192.168.2.2:53 192.168.2.22:256 192.168.2.22:256 create 04/09/11 10:51:48, use 04/09/11 10:52:31, timeout: 00:01:00 Map-Id(In):1, Mac-Address: 0000.0000.0000 Input-IDB: GigabitEthernet0/3/1 entry-id: 0x8ef801b0, use_count:1 tcp 192.168.1.1:512 192.168.2.4:53 192.168.2.22:256 192.168.2.22:256 create 04/09/11 10:51:48, use 04/09/11 10:52:31, timeout: 00:01:00 Map-Id(In):1, Mac-Address: 0000.0000.0000 Input-IDB: GigabitEthernet0/3/1 entry-id: 0x8ef80280, use_count:1 Total number of translations: 3
The following is sample output from the show ip nat statistics command:
Device# show ip nat statistics Total active translations: 3 (0 static, 3 dynamic; 3 extended) Outside interfaces: GigabitEthernet0/3/0 Inside interfaces: GigabitEthernet0/3/1 Hits: 3228980 Misses: 3 CEF Translated packets: 0, CEF Punted packets: 0 Expired translations: 0 Dynamic mappings: -- Inside Source [Id: 1] access-list 1 pool pool1 refcount 3 pool pool1: netmask 255.255.255.0 start 198.168.1.1 end 198.168.254.254 type generic, total addresses 254, allocated 0 (0%), misses 0 longest chain in pool: pool1's addr-hash: 0, average len 0,chains 0/256 Pool stats drop: 0 Mapping stats drop: 0 Port block alloc fail: 0 IP alias add fail: 0 Limit entry add fail: 0
By default, dynamic address translations will time out from the NAT translation table at some point. Perform this task to clear the entries before the timeout.
1.
enable
2.
clear
ip
nat
translation
inside
global-ip
local-ip
outside
local-ip
global-ip
3.
clear
ip
nat
translation
outside
global-ip
local-ip
4.
clear
ip
nat
translation
protocol
inside
global-ip
global-port
local-ip
local-port
outside
local-ip
local-port global-ip
global-port
5.
clear
ip
nat
translation
{* | [forced] | [inside
global-ip
local-ip] [outside
local-ip
global-ip]}
6.
clear
ip
nat
translation
inside
global-ip
local-ip
[forced]
7.
clear
ip
nat
translation
outside
local-ip
global-ip
[forced]
The following example shows the Network Address Translation (NAT) entries before and after the UDP entry is cleared:
Device# show ip nat translation Pro Inside global Inside local Outside local Outside global udp 192.168.2.20:1220 192.168.2.95:1220 192.168.2.22:53 192.168.2.20:53 tcp 192.168.2.20:11012 192.168.2.209:11012 171.69.1.220:23 192.168.2.20:23 tcp 192.168.2.20:1067 192.168.2.20:1067 192.168.2.20:23 192.168.2.20:23 Device# clear ip nat translation udp inside 192.168.2.20:1067 192.168.2.20:1067 outside 192.168.2.20:23 192.168.2.20:23 Device# show ip nat translation Pro Inside global Inside local Outside local Outside global udp 192.168.2.20:1220 192.168.2.95:1220 192.168.2.22:53 192.168.2.20:53 tcp 192.168.2.20:11012 192.168.2.209:11012 171.69.1.220:23 192.168.2.20:23
Related Topic |
Document Title |
---|---|
Cisco IOS commands |
|
NAT commands: complete command syntax, command mode, command history, defaults, usage guidelines, and examples |
|
NAT for IP address conservation |
“Configuring NAT for IP Address Conservation” module |
Description |
Link |
---|---|
The Cisco Support and Documentation website provides online resources to download documentation, software, and tools. Use these resources to install and configure the software and to troubleshoot and resolve technical issues with Cisco products and technologies. Access to most tools on the Cisco Support and Documentation website requires a Cisco.com user ID and password. |
The following table provides release information about the feature or features described in this module. This table lists only the software release that introduced support for a given feature in a given software release train. Unless noted otherwise, subsequent releases of that software release train also support that feature.
Use Cisco Feature Navigator to find information about platform support and Cisco software image support. To access Cisco Feature Navigator, go to www.cisco.com/go/cfn. An account on Cisco.com is not required.
Feature Name |
Releases |
Feature Information |
---|---|---|
NAT—Forced Clear of Dynamic NAT Half-Entries |
12.2(15)T |
A second forced keyword was added to the clear ip nat translation command to enable the removal of half-entries regardless of whether they have any child translations. |