display nat session table

Function

The display nat session table command displays information about NAT session entries.

This command is supported only on the NetEngine 8000 F1A.

Format

display nat session table [ pat | no-pat ] [ verbose | source { inside inside-address | global global-address | ipv6 ipv6-address } | destination { inside inside-address | global global-address | ipv6 ipv6-address } | slot slot-id | source-vpn-instance vpn-instance-name | destination-vpn-instance vpn-instance-name | protocol { protocol-number | tcp | udp | icmp | esp | gre | sctp | udplite } | destination-port port-number | source-port-global source-port-global-number | cpe cpe-address [ prefix-length prefix-length ] | { nat-instance instance-name | nat64-instance instance-name } | alg { all | ftp | pptp | rtsp | sip | dns | http } | long-link ] ^*

Parameters

Parameter	Description	Value
pat	Displays PAT session entries.	-
no-pat	Displays NO-PAT session entries.	-
verbose	Displays detailed information about NAT session entries.	-
source	Source IP address.	-
inside inside-address	Displays NAT session entry information with a specified private IP address.	The value is in dotted decimal notation.
global global-address	Displays NAT session entry information with a specified public IP address.	The value is in dotted decimal notation.
ipv6 ipv6-address	Displays NAT session entry information with a specified source IPv6 address.	The value is a 32-bit hexadecimal number in the format of X:X::X:X.
destination	Destination IP address.	-
slot slot-id	Specifies the slot ID of a service board.	The value is a string of 1 to 15 case-sensitive characters, spaces not supported.
source-vpn-instance vpn-instance-name	Displays NAT session entry information with a specified source VPN instance name.	The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
destination-vpn-instance vpn-instance-name	Displays NAT session entry information with a specified destination VPN instance name.	The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.
protocol	Displays NAT session entry information with a specified protocol.	-
protocol-number	Displays NAT session entry information with a specified protocol number.	The value is an integer ranging from 0 to 255.
tcp	Displays NAT session entries of TCP.	-
udp	Displays NAT session entries of UDP.	-
icmp	Displays NAT session entries of ICMP.	-
esp	Displays NAT session entries of ESP.	-
gre	Displays NAT session entries of GRE.	-
sctp	Displays NAT session entries of SCTP.	-
udplite	Displays NAT session entries of UDPLITE.	-
destination-port port-number	Displays NAT session entry information with a specified destination port number.	The value is an integer ranging from 0 to 65535.
source-port-global source-port-global-number	Displays NAT session entry information with a specified source public port number.	The value is an integer ranging from 0 to 65535.
cpe cpe-address	Displays session entry information based on the IPv6 address of a home gateway.	The value is a 32-bit hexadecimal number in the format of X:X::X:X.
prefix-length prefix-length	Displays session entry information based on the prefix length of the IPv6 address of a home gateway.	The value is an integer ranging from 1 to 128.
nat-instance instance-name	Displays NAT session entry information with a specified NAT instance name.	The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
alg	Application Layer Gateway.	-
all	NAT ALG for all protocols.	-
ftp	Enables NAT ALG for FTP.	-
pptp	Enables NAT ALG for PPTP.	-
rtsp	Enables NAT ALG for RTSP.	-
sip	Enables NAT ALG for SIP.	-
nat64-instance instance-name	Displays NAT64 session entry information with a specified NAT64 instance name.	The value is a string of 1 to 31 case-sensitive characters, spaces not supported. When double quotation marks are used around the string, spaces are allowed in the string.
dns	Enables NAT ALG for DNS.	-
http	Enables NAT ALG for HTTP.	-
long-link	Specifies a long-connection session entry. This parameter applies only to NAT instances.	-

Views

All views

Default Level

1: Monitoring level

Task Name and Operations

Task Name	Operations
nat	read

Usage Guidelines

Usage Scenario

To view information about NAT session entries based on a specified IP address, port number, and protocol type, run the display nat session table command. The command output contains information about established NAT sessions.

Precautions

When the device executes the display nat session table command, the device queries each flow table and counts the total number of flow tables. The total number is displayed in the following output Current total sessions. The device then displays the latest flow table information. During this process, if flow tables are created or deleted after aging, the total number of displayed flow tables in the following output differs that that in the preceding output Current total sessions.

Example

The actual command output varies according to the device. The command output here is only an example.

# Display all long connection session entries of the NAT service on the service board.

<HUAWEI> display nat session table long-link verbose
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 1 
Current total sessions: 1.
  tcp: 10.1.1.5:1120[10.2.2.1:1033]-->172.17.2.2:0                                                                                    
       172.17.2.2:0-->10.2.2.1:1033[10.1.1.5:1120]                                                                                    
  NAT Instance: nat1                                                                                                                 
  VPN:vpn1-->-vpn2                                                                                                                         
  Tag:0x2,FixedTag:0x1, Status:hit, NPFlag:0x6, Create:2016-8-2 15:59:00,TTL:24000:00:00 ,Left:24000:00:00, Master                             
  AppProID: 0x0, FwdType:NATPT(NO-PAT)

# Display ALG FTP session entries of the NAT instance named nat1 on the service board in slot 1.

<HUAWEI> display nat session table verbose
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 1 
Current total sessions: 2.
 udp: 10.1.1.5:1120[10.2.2.1:1033]-->172.17.2.2:0 
      172.17.2.2:0-->10.2.2.1:1033[10.1.1.5:1120] 
 NAT Instance:huawei
 VPN:vpn1-->-vpn2 
 Tag:0x2,FixedTag:0x1, Status:hit, NPFlag:0x6, Create:2014-7-10 17:21:46,TTL:00:02:00 ,Left:00:01:59 , Master 
 AppProID: 0x0, CPEIP:10.1.1.5, FwdType:NATPT
gre: 1.1.1.1[2.2.2.2]-->3.3.3.3:49183
       3.3.3.3:49183-->2.2.2.2:0[1.1.1.1:0]
  NAT Instance: 10
  VPN:--->-
  Tag:0x0,FixedTag:0x1, Status:no-hit, NPFlag:0x6, Create:2018-2-27 11:28:28,TTL:00:04:00 ,Left:00:04:00 , Master
  AppProID: 0x0, CPEIP:1.1.1.1, FwdType:NATPT

# Display brief information about all established NAT session entries(include GRE session).

<HUAWEI> display nat session table verbose
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 1 
Current total sessions: 1.
 udp: 10.1.1.5:1120[10.2.2.1:1033]-->172.17.2.2:0 
      172.17.2.2:0-->10.2.2.1:1033[10.1.1.5:1120] 
 NAT Instance:huawei
 VPN:vpn1-->-vpn2 
 Tag:0x2,FixedTag:0x1, Status:hit, NPFlag:0x6, Create:2014-7-10 17:21:46,TTL:00:02:00 ,Left:00:01:59 , Master 
 AppProID: 0x0, CPEIP:10.1.1.5, FwdType:NATPT

# Display brief information about all established NAT session entries.

<HUAWEI> display nat session table
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 1 
Current total sessions: 1.
  udp: 10.1.1.5:1120[10.2.2.1:1033]-->172.17.2.2:0

# Display ALG FTP session entries of the NAT instance named cpe1 on the service board.

<HUAWEI> display nat session table nat-instance nat1 alg ftp verbose
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 1 
Current total sessions: 1.
  tcp: 2.2.2.2:5000-->3.3.3.1:21[1.1.1.2:21]
       1.1.1.2:21[3.3.3.1:21]-->2.2.2.2:5000
  NAT Instance:nat1
  VPN:--->-
  Tag:0x2, FixedTag:0x1, Status:hit, NPFlag:0x6, Create:2019-4-16 10:38:46, TTL:00:10:00, Left:00:10:00, Master
  AppProID: 0x2, CPEIP:1.1.1.2, FwdType:NATPT

# Display brief information about established NAT64 session entries on the service board.

<HUAWEI> display nat session table nat64-instance cpe1 alg ftp verbose slot 1
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 1 
Current total sessions: 1.

  tcp: [2001:db8::2]:5000(11.11.11.1:1024)-->[2001:db8::BFBF:BF81]:21(1.1.1.129:21)
       (1.1.1.129:21)[2001:db8::BFBF:BF81]:21-->[11.11.11.1:1024](2001:db8::2):5000
  NAT64 Instance: cpe1
  VPN:--->-
  Tag:0x8000002,FixedTag:0x1, Status:hit, NPFlag:0x6, Create:2019-5-7 16:21:07,TTL:00:00:05 ,Left:00:00:05 , Master
  AppProID: 0x2, FwdType:NAT64

# Display ICMP session entries of the NAT service on the service board.

<HUAWEI> display nat session table
This operation will take a few minutes. Press 'Ctrl+C' to break ...
Slot: 1
Current total sessions: 1.
  icmp: 1.1.1.2:2[2.2.2.1:3149]--> *:*
  *:*-->2.2.2.1:3149[1.1.1.2:2]
  NAT Instance: 88
  VPN:--->-
  Tag:0x0,FixedTag:0x1, Status:no-hit, NPFlag:0x6, Create:2018-3-20 14:47:49,TTL:00:00:20 ,Left:00:00:20 , Master
  AppProID: 0x0, CPEIP:1.1.1.2, FwdType:NATPT
  Dest-ip:11.1.1.2,Type-code:2048

**Table 1** Description of the **display nat session table** command output
Item	Description
Current total sessions	Total number of session entries.
NAT Instance	NAT instance name.
Master	Session entry status: Master. Slave.
NAT64 Instance	NAT64 instance name.
Slot	Slot ID of an existing service board.
10.1.1.5:1120	Private IP address and port number of user traffic.
10.2.2.1:1033	Public IP address and port number of user traffic after the NAT process.
172.17.2.2:0	Destination IP address and port number of user traffic,·3-tuple·NAT·contains·neither·the·destination·IP·address·nor·the·destination·port,·and·therefore·this·item·displayed·as·:·for·3-tuple·NAT.
VPN	VPN instance names before and after NAT translation is performed, which are the access VPN instance configured on an interface and the VPN instance named obtained from a NAT address pool, respectively.
Create	Date and time when a session entry was created.
Left	Remaining time of a session entry, in hh:mm:ss format.
udp	The protocol type of the session is UDP.
Tag	Tag of the current session status: 0x08000000: The session is in the FIN or RST state. 0x02: The session has completed TCP three-way handshake.
FixedTag	Session entry status: 0x1: Master session table. 0x0: Slave session table.
Status	TCP session status: hit: The three-way TCP handshake succeeds. fin/rst: The TCP session is in the FIN or RST state. no-hit: The establishment of the three-way TCP handshake has not started or fails.
TTL	Time to live of a session entry, in hh:mm:ss format. To change the TTL, run the nat session aging-time command.
AppProID	Application layer protocol ID of session entries: 0x0: unknown application layer protocol. 0x1: HTTP. 0x2: FTP control channel. 0x3: FTP data channel. 0x4: NAT DNS. 0x5: RTSP control channel. 0x7: SIP control channel. 0x8: SIP multimedia channel. 0x9: SMTP multimedia channel. 0x0E: PPTP control channel. 0x0F: PPTP data channel. 0x11: NAT64 DNS control channel. 0x255: all application channels.
FwdType	Address translation type: NATPT: PAT-based NAT. NATPT (NO-PAT): No-PAT-based NAT. NAT64: NAT64 translation.
gre	GRE flow table. Value 49183 stands for a call ID.
Dest-ip	Destination IP address.
Type-code	ICMP type code.
CPEIP	CPE IP address of a user terminal.
NPFlag	Fast forwarding flag. 0x0: Fast forwarding disable. 0x6: Fast forwarding enable.
tcp	The protocol type of the session is TCP.
icmp	The protocol type of the session is ICMP.