Courseiva
NATGlobal Config

ip nat pool [name] [start-ip] [end-ip] netmask [mask]

Defines a pool of global IP addresses for dynamic NAT or PAT translation, used when translating multiple inside addresses to a range of outside addresses.

Syntax·Global Config
ip nat pool [name] [start-ip] [end-ip] netmask [mask]

When to Use This Command

  • Translating a private LAN (e.g., 192.168.1.0/24) to a public IP range for internet access
  • Providing a pool of addresses for a small office with multiple public IPs from ISP
  • Configuring overload (PAT) with a pool of addresses for many internal users
  • Reserving a specific range for NAT translations in a DMZ scenario

Command Examples

Basic NAT Pool for Dynamic Translation

ip nat pool MYPOOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0

This command creates a pool named MYPOOL with addresses from 203.0.113.10 to 203.0.113.20 using a 24-bit netmask. The pool is then referenced in an access-list-based dynamic NAT rule.

NAT Pool with Overload (PAT)

ip nat pool MYPOOL 203.0.113.10 203.0.113.20 netmask 255.255.255.0

Same pool definition; when used with 'ip nat inside source list 1 pool MYPOOL overload', it allows multiple inside hosts to share the pool addresses using port numbers.

Understanding the Output

This command does not produce output on its own; it defines a pool. To verify, use 'show ip nat pool' or 'show ip nat translations'. In 'show ip nat pool', you'll see pool name, start/end IP, netmask, type (generic), and total addresses. Good values show correct range and mask; bad values include overlapping pools or incorrect mask. In 'show ip nat translations', you'll see inside local/global and outside local/global mappings using pool addresses.

CCNA Exam Tips

1.

Remember that the netmask defines the range; the start and end IPs must be within the same subnet.

2.

For PAT (overload), the pool can be smaller than the number of inside hosts; each translation uses a unique port.

3.

The pool name is case-sensitive and must match exactly in the NAT rule.

4.

If the pool is exhausted, new translations fail; 'show ip nat statistics' shows hits/misses.

Common Mistakes

Using a netmask that doesn't match the start/end IP range (e.g., start 10.0.0.1, end 10.0.0.10 with /24 is fine, but with /28 it's invalid)

Forgetting to apply the pool to an access list or inside/outside interfaces

Typo in pool name between definition and usage

Related Commands

ip nat inside source list [acl] interface [intf] overload

Configures dynamic NAT overload (PAT) to translate multiple inside private IP addresses to a single public IP address using the interface's IP, based on an access list.

show ip nat statistics

Displays statistics about NAT translations, including active translations, hit counts, and configuration parameters, used to verify NAT operation and troubleshoot translation issues.

show ip nat translations

Displays the current active Network Address Translation (NAT) translations on the router, used to verify NAT operations and troubleshoot connectivity issues.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions