Show commands EcoNAT Documentation / NAT configuration / Show commands
- Show translations
- Show sessions
- Deleting the sessions
- Show binds
- Port allocation errors
- Port allocation errors
Show translations
Use the show xlate commands to view the currently available translations.
The table below shows the various variations of this command.
| Command | Description |
|---|---|
show xlate gap ADDR:PORT | Output of all current translations for the specified pair: global address + global port |
show xlate gastat ADDRRANGE | Output of translation statistics for the specified global address |
show xlate global ADDRRANGE | Output of all current translations for the specified global address |
show xlate gport PORT | Output of all current translations for the specified global port (regardless of address) |
show xlate lap ADDR:PORT | Output of all current translations for the specified pair: local address + local port |
show xlate lastat ADDRRANGE | Output of translation statistics for the specified local address |
show xlate local ADDRRANGE | Output of all current translations for the specified local address |
show xlate lport PORT | Output of all current translations for the specified local port (regardless of address) |
show xlate pool POOLNAME | Output of the translations for the specified pool |
Examples of output are shown below.
EcoNAT:3:> sh xlate gap 10.4.5.136:56575
egress UDP 1.10.0.167:56575-10.4.5.136:56575 pool: poolx; Last packet 93.15 seconds ago; To be deleted in 206.85 seconds of inactivity.
EcoNAT:14:# sh xlate gastat 7.0.165.80
Pool type cgnat; gaddr: 7.0.165.80; ; TCP: Free blocks: 4294967294; UDP even: Free blocks: 4294967294; UDP odd: Free blocks: 4294967294; ICMP: Free blocks: 4294967295
EcoNAT:5:> sh xlate global 10.4.5.136
egress UDP 1.10.0.167:5221-10.4.5.136:5221 pool: poolx; Last packet 323.87 seconds ago; To be deleted right now.
EcoNAT:10:> sh xlate gport 56575
egress UDP 1.10.0.167:56575-10.4.5.136:56575 pool: poolx; Last packet 160.79 seconds ago; To be deleted in 139.21 seconds of inactivity.
EcoNAT:13:> sh xlate lap 1.10.0.167:43656
egress TCP 1.10.0.167:43656-10.4.5.136:43656 pool: poolx; Last packet 4.41 seconds ago; To be deleted in 295.59 seconds of inactivity.
EcoNAT:14:> sh xlate lastat 1.10.0.0/24
Pool type cgnat; laddr: 1.10.0.2, gaddr: 1.4.4.215; ; TCP: Blocks: 0; Conns: 0 of 4096; UDP even: Blocks: 0; Conns: 0 of 2048; UDP odd: Blocks: 0; Conns: 0 of 2048; ICMP: Blocks: 0; Conns: 0 of 4096
Pool type cgnat; laddr: 1.10.0.3, gaddr: 1.4.4.115; ; TCP: Blocks: 4; Conns: 42 of 4096; UDP even: Blocks: 0; Conns: 0 of 2048; UDP odd: Blocks: 0; Conns: 0 of 2048; ICMP: Blocks: 0; Conns: 0 of 4096
Pool type cgnat; laddr: 1.10.0.11, gaddr: 1.4.4.235; ; TCP: Blocks: 0; Conns: 0 of 4096; UDP even: Blocks: 0; Conns: 0 of 2048; UDP odd: Blocks: 0; Conns: 0 of 2048; ICMP: Blocks: 0; Conns: 0 of 4096
EcoNAT:51:> sh xlate local 10.10.0.167
egress UDP 1.10.0.167:13446-10.4.5.136:13446 pool: poolx; Last packet 285.09 seconds ago; To be deleted in 14.91 seconds of inactivity.
EcoNAT:18:> sh xlate lport 55700:55744
egress TCP 1.10.0.167:55744-10.4.5.136:55744 pool: poolx; Last packet 249.57 seconds ago; To be deleted right now.
egress TCP 1.10.0.43:55719-10.4.4.211:1029 pool: poolreserve; Last packet 2.12 seconds ago; To be deleted in 297.88 seconds of inactivity.
egress UDP 1.10.0.35:55718-10.4.4.247:1040 pool: poolreserve; Last packet 327.97 seconds ago; To be deleted right now.
EcoNAT:58:> sh xlate pool poolx
egress UDP 1.10.0.175:32407-10.4.5.134:32407 pool: poolx; Last packet 143.45 seconds ago; To be deleted in 156.55 seconds of inactivity.
egress TCP 1.10.0.196:54468-10.4.5.133:54468 pool: poolx; Last packet 1.22 seconds ago; To be deleted in 298.78 seconds of inactivity.
Show sessions
Use the show sessions commands to view the currently available sessions.
The table below shows the various variations of this command.
| Command | Description |
|---|---|
show sessions gap ADDR:PORT | Output of all current sessions for the specified pair: global address + global port |
show sessions global ADDRRANGE | Output of all current sessions for the specified global address |
show sessions gport PORT | Output of all current sessions for the specified global port (regardless of address) |
show sessions lap ADDR:PORT | Output of all current sessions for the specified pair: local address + local port |
show sessions local ADDRRANGE | Output of all current sessions for the specified local address |
show sessions lport PORT | Output of all current sessions for the specified local port (regardless of address) |
show sessions rap ADDR:PORT | Output of all current sessions for the specified pair: remote address + remote port |
show sessions remote ADDRRANGE | Output of all current sessions for the specified remote address |
show sessions rport PORT | Output of all current sessions for the specified remote port |
Examples of output are shown below.
EcoNAT:83:> sh sessions gap 10.4.125.134:43057
egress UDP 1.10.0.175:43057-10.4.125.134:43057 173.194.44.80:443; Last packet 7.78 seconds ago; To be deleted in 292.22 seconds of inactivity.
EcoNAT:84:> sh sessions global 10.4.125.134
egress UDP 1.10.0.175:26228-10.4.125.134:26228 8.8.8.8:53; Last packet 17.09 seconds ago; To be deleted in 282.91 seconds of inactivity.
EcoNAT:95:> sh sessions gport 41656:42000
egress TCP 1.10.0.175:41656-10.4.125.134:41656 87.240.165.80:443; Last packet 31.62 seconds ago; To be deleted in 208.38 seconds of inactivity.
egress UDP 1.10.0.175:41669-10.4.125.134:41669 8.8.8.8:53; Last packet 29.12 seconds ago; To be deleted in 270.88 seconds of inactivity.
EcoNAT:108:> sh sessions lap 1.10.0.175:5060
ingress UDP 1.10.0.175:5060-10.4.125.134:5060 163.172.91.161:5067; Last packet 272.29 seconds ago; To be deleted in 27.71 seconds of inactivity.
EcoNAT:109:> sh sessions local100.64.0.4~2
egress UDP 100.64.0.4~2:1024-100.64.0.4:1024 4.4.4.4:53; Last packet 8.27 seconds ago; To be deleted in 291.73 seconds of inactivity
EcoNAT:115:> sh sessions lport 30556:31000
egress UDP 1.10.0.167:30556-10.4.125.136:30556 8.8.8.8:53; Last packet 159.33 seconds ago; To be deleted in 140.67 seconds of inactivity.
egress UDP 1.10.0.175:30894-10.4.125.134:30894 8.8.8.8:53; Last packet 133.56 seconds ago; To be deleted in 166.44 seconds of inactivity.
EcoNAT:116:> sh sessions rap 8.8.8.8:53
egress UDP 1.10.0.167:6148-10.4.125.136:6148 8.8.8.8:53; Last packet 265.48 seconds ago; To be deleted in 34.52 seconds of inactivity.
EcoNAT:122:> sh sessions remote 8.8.8.8
egress UDP 1.10.0.167:6148-10.4.125.136:6148 8.8.8.8:53; Last packet 282.31 seconds ago; To be deleted in 17.69 seconds of inactivity.
EcoNAT:136:> sh sessions rport 2000:2100
egress UDP 1.10.0.169:35881-10.4.124.251:1027 111.71.62.156:2075; Last packet 27.07 seconds ago; To be deleted in 92.93 seconds of inactivity.
Deleting the sessions
To delete sessions, use the clear sessions command.
The table below shows the various variations of this command.
| Command | Description |
|---|---|
clear sessions all | Deleting of all current sessions |
clear sessions gap ADDR:PORT | Deleting of all current sessions for the specified pair: global address + global port |
clear sessions global ADDRRANGE | Deleting of all current sessions for the specified global address |
clear sessions gport PORT | Deleting of all current sessions for the specified global port (regardless of address) |
clear sessions lap ADDR:PORT | Deleting of all current sessions for the specified pair: local address + local port |
clear sessions local ADDRRANGE | Deleting of all current sessions for the specified local address |
clear sessions lport PORT | Deleting of all current sessions for the specified local port (regardless of address) |
clear sessions rap ADDR:PORT | Deleting of all current sessions for the specified pair: remote address + remote port |
clear sessions remote ADDRRANGE | Deleting of all current sessions for the specified remote address |
clear sessions rport PORT | Deleting of all current sessions for the specified remote port |
Example.
EcoNAT:126:> clear sessions gap 10.4.125.134:43057
egress UDP 1.10.0.175:43057-10.4.125.134:43057 173.194.44.80:443; Last packet 9.86 seconds ago; To be deleted right now.
Show binds
To see the currently existing bindings of local IP addresses to global bindings, use show bind commands.
The table below shows the various variations of this command.
| Command | Description |
|---|---|
show bind global IPRANGE | any | Output of all bindings for the specified global address |
show bind local IPRANGE | any | Output of all bindings for the specified local address |
show bind summary | Output of the counters for global ports |
show bind usage | Output of the counters for g_abons_table filling |
Examples of output are shown below.
EcoNAT:137:pools.poolx# show bind local any
CGNAT pool 'poolx'
Global IP usage: 4 out of 4
1.1.1.0 -> 2.2.2.3 | 86211 sec
1.1.1.1 -> 2.2.2.2 | 86211 sec
1.1.1.2 -> 2.2.2.1 | 86211 sec
1.1.1.3 -> 2.2.2.0 | 86211 sec
1.1.1.4 -> 2.2.2.0 | 86211 sec
1.1.1.5 -> 2.2.2.1 | 86211 sec
1.1.1.6 -> 2.2.2.2 | 86211 sec
1.1.1.7 -> 2.2.2.3 | 86211 sec
1.1.1.8 -> 2.2.2.3 | 86211 sec
1.1.1.9 -> 2.2.2.2 | 86211 sec
1.1.1.10 -> 2.2.2.1 | 86211 sec
1.1.1.11 -> 2.2.2.0 | 86211 sec
1.1.1.12 -> 2.2.2.0 | 86211 sec
1.1.1.13 -> 2.2.2.1 | 86211 sec
1.1.1.14 -> 2.2.2.2 | 86211 sec
1.1.1.15 -> 2.2.2.3 | 86211 sec
1.1.1.100 -> 2.2.2.3 | 86244 sec
EcoNAT:138:pools.poolx# show bind global any
CGNAT pool 'poolx'
Global IP usage: 4 out of 4
1.1.1.3 -> 2.2.2.0 | 86205 sec
1.1.1.4 -> 2.2.2.0 | 86205 sec
1.1.1.11 -> 2.2.2.0 | 86205 sec
1.1.1.12 -> 2.2.2.0 | 86205 sec
1.1.1.2 -> 2.2.2.1 | 86205 sec
1.1.1.5 -> 2.2.2.1 | 86205 sec
1.1.1.10 -> 2.2.2.1 | 86205 sec
1.1.1.13 -> 2.2.2.1 | 86205 sec
1.1.1.1 -> 2.2.2.2 | 86205 sec
1.1.1.6 -> 2.2.2.2 | 86205 sec
1.1.1.9 -> 2.2.2.2 | 86205 sec
1.1.1.14 -> 2.2.2.2 | 86205 sec
1.1.1.0 -> 2.2.2.3 | 86205 sec
1.1.1.7 -> 2.2.2.3 | 86205 sec
1.1.1.8 -> 2.2.2.3 | 86205 sec
1.1.1.15 -> 2.2.2.3 | 86205 sec
1.1.1.100 -> 2.2.2.3 | 86238 sec
2:146:pools.poolx# show bind usage
g_abons_table usage is 17 out of 65536
Port allocation errors
Port allocation errors
To view the information about the CGNAT port allocation errors, use the show cgnat errors command.
Example of output of a command.
ECONAT:1:> show cgnat errors
Last other port allocation errors:
local ip = 10.4.33.18, global port = 0029, proto = 4, reason = 14, count = 26
local ip = 10.4.171.19, global port = 0029, proto = 4, reason = 14, count = 288
...
local ip = 10.4.215.165, global port = 0029, proto = 4, reason = 14, count = 103
total 3032 other port allocation errors, 12 entries
Last PPTP_GRE port allocation errors:
total 0 PPTP_GRE port allocation errors, 0 entries
Last ICMP port allocation errors:
local ip = 10.4.192.5, global port = 33AA, proto = 3, reason = 2, count = 506
local ip = 10.4.215.122, global port = 261B, proto = 3, reason = 2, count = 1436
...
local ip = 10.4.10.92, global port = 0003, proto = 3, reason = 0, count = 7
total 25520 ICMP port allocation errors, 8 entries
Last UDP port allocation errors:
local ip = 10.4.96.160, global port = D9A9, proto = 2, reason = 2, count = 26
...
local ip = 10.4.10.225, global port = F248, proto = 2, reason = 2, count = 56123
local ip = 10.4.10.69, global port = 837E, proto = 2, reason = 2, count = 325840
total 20172340 UDP port allocation errors, 187 entries
Last TCP port allocation errors:
local ip = 10.4.12.38, global port = C4C6, proto = 1, reason = 2, count = 737
local ip = 10.4.101.68, global port = BEB4, proto = 1, reason = 2, count = 31860
...
local ip = 10.4.176.174, global port = C716, proto = 1, reason = 2, count = 1204
total 888852360 TCP port allocation errors, 8198 entries
Last GC port freeing errors:
total 0 GC port freeing errors, 0 entries
Debug counters: c0 = 2097260570, c10 = 2097260851, c11 = 281, c14 = 2097260851, c16 = 2097260851, c18 = 2097260851, c19 = 1962724651, c1A = 129378344, c1B = 5157732, c1D = 124, c21 = 1962956737, c22 = 129423896, c23 = 5158397, c25 = 125, c31 = 888866719, c32 = 20171823, c33 = 25513, c34 = 3032, c41 = 1962724651, c42 = 129391431, c43 = 5157732, c45 = 124, c60 = 2097539155, c61 = 2097273938, cE0 = 7787174454, cE3 = 7787173632, cE4 = 7787173632, cE5 = 541, cF8 = 541, c120 = 3, c122 = 888866719, c140 = 531, c142 = 20171808, c148 = 15, c160 = 7, c162 = 25513, c1B4 = 3032, c200 = 9528647, c201 = 3943199,
In the output of the command:
- Debug counters are debugging counters for developers,
- proto - type of protocol,
- reason is the cause of the error,
- count is the value of the error counter.
Legend types of protocols are presented in the table below.
| Legend | Protocol |
|---|---|
| 0 | UNKNOWN - protocols that are not in the categories listed below |
| 1 | TCP |
| 2 | UDP |
| 3 | ICMP |
| 4 | L4_OPAQUE (RDP, IPV4, IPV6, ESP, AH, L2TP) |
| 5 | PPTP_GRE |
| 6 | ARP |
The causes of the errors are indicated in the table below.
| Legend | Cause |
|---|---|
| 1 | Information for developers |
2 | The number of ports for the user has been exceeded, the limits_peruser parameter |
| 3 | Information for developers |
4 | Global_ip allocation error |
| 5 | Information for developers |
| 6 | Information for developers |
| 7 | Information for developers |
8 | Port block allocation error |
| 9 | Information for developers |
| 0xA | Information for developers |
| 0xB | Information for developers |
| 0xC | Information for developers |
| 0xD | Information for developers |
| 0x10 | Information for developers |
| 0x11 | Information for developers |
| 0x12 | Information for developers |
| 0x13 | Information for developers |
0x14 | Can not recognize the protocol |
| 0x20 | Information for developers |
0x21 | Entries do not exist |
| 0x22 | Information for developers |
0x23 | The top TCP ports are out of range |
0x24 | Lower TCP ports are out of range |
0x25 | The upper odd UDP ports are out of range |
0x26 | Lower odd UDP ports are out of range |
0x27 | Upper even UDP ports out of range |
0x28 | Bottom even UDP ports out of range |
0x29 | ICMP Ports Out of Range |
0x2A | PPTP_GRE ports are out of range |
0x[PP]30 | EGRESS translation did not hit any PP pool (pool number where the error occurred) |
0x[PP]31 | INGRESS translation did not hit any PP pool (pool number where the error occurred) |
0x[PP]32 | acl EGRESS translation does not match the PP pool (pool number where the error occurred) |
0x[PP]33 | acl INGRESS translation does not match the PP pool (pool number where the error occurred) |
0x34 | Translation does not match settings |
0x35 | The address does not match the global settings of the BNAT pool |
0x36 | Exceeded the number of connections BNAT pool |
0x37 | INGRESS connections are forbidden |
To clear the error counter, use the clear cgnat errors command.