Courseiva
NATPrivileged EXEC

show ip nat statistics

Displays statistics about NAT translations, including active translations, hit counts, and configuration parameters, used to verify NAT operation and troubleshoot translation issues.

Syntax·Privileged EXEC
show ip nat statistics

When to Use This Command

  • Verify that NAT translations are being created and used correctly after configuring dynamic NAT.
  • Check for NAT overload (PAT) port exhaustion when users report connectivity issues.
  • Monitor NAT hit counts to see if traffic is being translated as expected.
  • Troubleshoot why certain inside hosts are not getting translated by examining translation counts and pool usage.

Command Examples

Basic show ip nat statistics

show ip nat statistics
Total active translations: 3 (0 static, 3 dynamic; 3 extended)
Outside interfaces: GigabitEthernet0/1
Inside interfaces: GigabitEthernet0/0
Hits: 1524  Misses: 12
CEF Translated packets: 1524, CEF Punted packets: 0
Expired translations: 45
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 100 pool NAT_POOL refcount 3
 pool NAT_POOL: netmask 255.255.255.240
   start 203.0.113.10 end 203.0.113.20
   type generic, total addresses 11, allocated 3 (27%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Total active translations: 3 (0 static, 3 dynamic; 3 extended) — Shows 3 active dynamic translations, all extended (PAT). Outside interfaces: GigabitEthernet0/1 — The NAT outside interface. Inside interfaces: GigabitEthernet0/0 — The NAT inside interface. Hits: 1524 Misses: 12 — Number of packets that matched NAT (hits) vs. those that did not (misses). CEF Translated packets: 1524, CEF Punted packets: 0 — Packets processed by CEF switching. Expired translations: 45 — Number of translations that have timed out. Dynamic mappings: — Shows the ACL and pool used. pool NAT_POOL: netmask 255.255.255.240 — Pool details. start 203.0.113.10 end 203.0.113.20 — Pool address range. type generic, total addresses 11, allocated 3 (27%), misses 0 — Pool type, total addresses, how many are currently allocated, and misses (0 means no failed allocations).

Show ip nat statistics with overload

show ip nat statistics
Total active translations: 150 (0 static, 150 dynamic; 150 extended)
Outside interfaces: GigabitEthernet0/1
Inside interfaces: GigabitEthernet0/0
Hits: 45231  Misses: 0
CEF Translated packets: 45231, CEF Punted packets: 0
Expired translations: 1200
Dynamic mappings:
-- Inside Source
[Id: 1] access-list 100 pool NAT_POOL refcount 150
 pool NAT_POOL: netmask 255.255.255.240
   start 203.0.113.10 end 203.0.113.20
   type generic, total addresses 11, allocated 11 (100%), misses 0
Total doors: 0
Appl doors: 0
Normal doors: 0
Queued Packets: 0

Total active translations: 150 — Many translations active, all extended (PAT). Hits: 45231 Misses: 0 — All packets matched NAT. allocated 11 (100%) — All pool addresses are fully utilized, meaning PAT is heavily used. This indicates high utilization but no misses, so NAT is working fine.

Understanding the Output

The 'show ip nat statistics' command provides a summary of NAT operations. The first line shows total active translations, broken down into static vs dynamic and simple vs extended (PAT). 'Outside interfaces' and 'Inside interfaces' list the interfaces where NAT is enabled. 'Hits' count packets that matched a NAT rule; 'Misses' count packets that should have been translated but failed (e.g., no pool address available). High misses indicate a problem. 'CEF Translated packets' shows hardware-switched translations. 'Expired translations' is the total number of translations that have timed out since counters were last cleared. The 'Dynamic mappings' section details each NAT rule, including the ACL, pool name, address range, and allocation statistics. 'allocated' shows how many addresses are in use; if it reaches 100% and misses are non-zero, the pool is exhausted. 'misses' in the pool line indicates failed attempts to allocate an address. This command is essential for verifying NAT configuration and troubleshooting connectivity issues related to address translation.

CCNA Exam Tips

1.

CCNA exam tip 1: Remember that 'Hits' and 'Misses' are key indicators; high misses suggest a missing ACL entry or exhausted pool.

2.

CCNA exam tip 2: Know the difference between static, dynamic, and extended (PAT) translations as shown in the first line.

3.

CCNA exam tip 3: Be able to interpret pool utilization: 'allocated 11 (100%)' means all addresses are in use, which may cause new translations to fail.

4.

CCNA exam tip 4: The 'Outside interfaces' and 'Inside interfaces' lines verify correct NAT interface configuration.

Common Mistakes

Mistake 1: Confusing 'Hits' with successful translations; hits count packets that matched NAT, not necessarily successful translations.

Mistake 2: Forgetting to clear counters before troubleshooting; stale data can mislead analysis.

Mistake 3: Assuming 'allocated 0%' means NAT is not working; it may simply mean no traffic has triggered translations yet.

Related Commands

clear ip nat translation *

Clears all dynamic NAT translations from the translation table, forcing the router to rebuild translations for new traffic.

show ip nat translations

Displays the current active Network Address Translation (NAT) translations on the router, used to verify NAT operations and troubleshoot connectivity issues.

show running-config

Displays the current active configuration in DRAM, showing all non-default settings.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions