ip nat inside source list [acl] interface [intf] overload
Configures dynamic NAT overload (PAT) to translate multiple inside private IP addresses to a single public IP address using the interface's IP, based on an access list.
ip nat inside source list [acl] interface [intf] overloadWhen to Use This Command
- Enabling internet access for multiple internal hosts using one public IP on a small office/home office router
- Conserving public IP addresses in an enterprise network by sharing a single public IP among many users
- Providing outbound internet connectivity for a branch office with limited public IP allocation
- Allowing internal servers to initiate outbound connections while hiding their private addresses
Command Examples
Basic PAT with standard ACL
ip nat inside source list 1 interface GigabitEthernet0/0 overloadThis command enables NAT overload on the router. Traffic matching ACL 1 (typically permitting private subnets) will have its source IP translated to the IP of GigabitEthernet0/0. The 'overload' keyword enables port address translation, allowing multiple inside hosts to share the same public IP.
Verification with show ip nat translations
show ip nat translationsPro Inside global Inside local Outside local Outside global --- --------------- ----------------- ----------------- ----------------- ... 203.0.113.1:1024 192.168.1.10:1024 8.8.8.8:80 8.8.8.8:80 ... 203.0.113.1:1025 192.168.1.11:2048 8.8.8.8:80 8.8.8.8:80
The output shows active NAT translations. Inside global is the translated public IP and port. Inside local is the original private IP and port. Outside local and outside global are typically the same for outbound traffic. Each line represents a unique session.
Understanding the Output
The 'show ip nat translations' command displays active NAT entries. The 'Pro' column shows the protocol (TCP/UDP/ICMP). 'Inside global' is the translated public IP and port. 'Inside local' is the original private IP and port. 'Outside local' and 'Outside global' are the destination IP and port; for outbound traffic, they are identical. A healthy NAT table will have entries for active sessions. If the table is empty, no traffic is being translated or the configuration is incorrect. Watch for high port usage on a single public IP, which may exhaust available ports (over 65,000 per IP).
CCNA Exam Tips
Remember that 'overload' is required for PAT; without it, only one-to-one translation occurs and may fail if multiple hosts try to access the same destination.
The ACL used in the command should permit only the inside networks that need translation; a 'permit any' ACL is common but less secure.
CCNA may test the difference between static NAT, dynamic NAT, and PAT; PAT is the only one that uses port numbers to multiplex.
You must configure 'ip nat inside' on the inside interface and 'ip nat outside' on the outside interface for the command to work.
Common Mistakes
Forgetting to apply 'ip nat inside' and 'ip nat outside' on the respective interfaces, causing no translation to occur.
Using an extended ACL instead of a standard ACL; the command expects a standard ACL number or name.
Omitting the 'overload' keyword, resulting in one-to-one dynamic NAT that fails when more inside hosts than available public IPs try to communicate.
Related Commands
clear ip nat translation *
Clears all dynamic NAT translations from the translation table, forcing the router to rebuild translations for new traffic.
ip nat inside source list [acl] interface [intf] overload
Configures dynamic NAT overload (PAT) to translate multiple inside private IP addresses to a single public IP address using the interface's IP, based on an access list.
ip nat inside source static [local-ip] [global-ip]
Configures static NAT to map a single inside local IP address to a single inside global IP address, allowing internal hosts to be reachable from external networks.
show ip nat translations
Displays the current active Network Address Translation (NAT) translations on the router, used to verify NAT operations and troubleshoot connectivity issues.
Practice for the CCNA 200-301
Test your knowledge with hundreds of CCNA practice questions covering all exam domains.
Practice CCNA Questions