Home » Networking » Network Address Translation

Operational visibility: Which IOS command shows all currently active NAT translations on the router (a snapshot of the present table)?

Difficulty: Easy

show ip nat translations
show ip nat statistics
debug ip nat
clear ip nat translations *

Correct Answer: show ip nat translations

Explanation:

Introduction / Context:
When validating NAT behavior, you often need to confirm which flows are translated and to what addresses. A command that lists the active entries is indispensable.

Given Data / Assumptions:

NAT is configured (static, dynamic, or PAT).
Traffic has flowed so that translations exist.
You want a point-in-time view, not a live debug feed.

Concept / Approach:
'show ip nat translations' displays the current translation table with columns for inside local/global and outside local/global. 'show ip nat statistics' summarizes counters and pool usage. 'debug ip nat' streams real-time events. 'clear ip nat translations *' deletes entries.

Step-by-Step Solution:

Run 'show ip nat translations' in privileged EXEC.Interpret columns to verify expected mappings.Use filters (e.g., pipe to include) if the table is large.

Verification / Alternative check:
Generate test traffic (ping/HTTP) and rerun the command; new entries should appear. Compare with 'show ip nat statistics' for aggregate counts.

Why Other Options Are Wrong:
show ip nat statistics: Summary only. debug ip nat: Real-time, not a static list. clear ip nat translations *: Destructive maintenance, not a display.

Common Pitfalls:
Assuming empty tables mean misconfiguration; idle timers may have aged entries out. Re-test with fresh traffic.

Operational visibility: Which IOS command shows all currently active NAT translations on the router (a snapshot of the present table)?

More Questions from Network Address Translation

Discussion & Comments