Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

header-navigation

Solutions

Featured solutions AI Campus and branch Data center WAN Security Service provider Cloud operator Industries
Campus and Branch

Welcome to the NOW Way to Wi-Fi

Take your networking performance to new heights with a modern, cloud-native, AI-Native architecture. Only Juniper can help you unleash the full potential of Wi-Fi 7 with our AI-Native platform for innovation.
Prepare for liftoff
Business intelligence analyst dashboard on virtual screen. Big data Graphs Charts.

AI Data Center Networking

Juniper’s AI data center solution is a quick way to deploy high performing AI training and inference networks that are the most flexible to design and easiest to manage with limited IT resources.
Find out more
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Zero trust security

Ops4AI Lab

Visit our lab in Sunnyvale, CA and see our AI data center solution for yourself. You can try out your own model’s functionality and performance, too.
Visit the lab
Enterprise AI-Native Networking

Enterprise AI‑Native Routing

Juniper's Ai-Native routing solution delivers robust 400GbE and 800GbE capabilities for unmatched performance, reliability, and sustainability at scale.
Explore enterprise routing
Higher Education

Shaping Student Experiences: The NOW Way to Build Higher Education Networks

Join Juniper Networks CIO Sharon Mandell and a virtual summit of C-level IT leaders from prestigious institutions as they discuss ongoing efforts to support digital transformation.
Register to attend
Hand on tablet with healthcare overlay of graphics

Security in healthcare

In this IDC Spotlight report, discover how AI networking can automate and strengthen a healthcare ecosystem to defeat criminals and prevent loss. 
Gain insights into ecosystem security
Retail

The Future of In-Store Technologies

Join us for an enlightening webinar with Kevin McCartan, Senior IT Service Delivery Engineer at Musgrave; retail guru Jack Stratten of Insider Trends; and Christian Gilby, Director of Product Marketing at Juniper Networks, as they discuss the future of in-store technologies.
Reserve my spot

Products

Wireless access Wired access SD-WAN / SASE Routing and switching Security Mist AI™ Management software Network operating system Blueprint for AI-Native Acceleration Optics
  • Operations
ACX7020 router

Juniper ACX7020 Cloud Metro Access Router

Legacy networks simply cannot meet the demands of today’s rapidly evolving metro landscape. Unlock a new generation of highly scalable architectures and automated operations with the Juniper ACX7020. 
Learn more
EX4000 Ethernet Switch

Next-gen AI-Native EX4000 line of switches

Lack of AI innovation from your current networking vendor slowing you down? Embrace Juniper’s cloud-native, AI-Native access switches that support every level and layer, across nearly every deployment.
Discover how
The Q and AI text with an image of Bob Friday and Kedar Dhuru.

The Q&AI Podcast

Delivering practical solutions and enriching discussions, this podcast series is a vital resource for those seeking an in-depth exploration of AI's transformative potential.
Catch the latest episode

Services

Services
Services AI Care

Juniper AI Care Services Revolutionize Your Service Experience

Our industry-first AI-Native services couple AIOps with our deep expertise across the full network life cycle. You can move from reactive response to proactive insight and action.
Explore AI Care Services
Services AI Data Center

Juniper AI Data Center Deployment Services Optimize Your AI Model Runs

We use our expertise and validated designs to help design, deploy, validate and tune networks, including GPUs and storage, to get the most from your AI infrastructure operation.
Learn about AI Data Center Deployment Services

Partners

Partners

Support and Documentation

Support and Documentation

Learn

About Juniper Training Events The Feed Resources Technology learning topics Thought leadership and insights
Audience raising hands up while businessman is speaking in training at the office.

Juniper certification and training news

See the latest
Ringing of the bell

All global events

See the latest
AI-native-now

AI-Native NOW event series

Register now
Juniper's Christina Hendrix at the head of a conference table. With the text "The NOW Way to Network" overlayed, with "NOW" emphasizing the "O" in green color.

The NOW Way to Network

Watch the video series
AI Native Now

Executive insights

Dive deep with leading experts and thought leaders on all the topics that matter most to your business, from AI to network security to driving rapid, relevant transformation for your business.
Learn more
A keynote speaker giving a presentation at a conference. There are dozens of people sitting around them. The presentation is displayed via projector on all the walls in the room.

Leadership voices

Juniper Networks’ leaders operate on the front lines of creating the network of the future. Take a look around to see what’s on their minds.
Watch now
Bob Friday and Jessica Garrison speaking

Bob Friday Talks

Join Bob as he ventures into all the knowns -- and -- unknowns -- of AI.
Catch the latest episode
Documentation
Menu
License Guide
Quick Starts
Validated Designs
Explore Pathfinder Apps
CLI Explorer
Feature Explorer
Hardware Compatibility Tool
Port Checker
Browse All
Collapse

Pathfinder Apps

All

By Software

By Hardware

Learn More
Pathfinder HomeCLI ExplorerCompliance AdvisorFeature ExplorerHardware Compatibility ToolJunos XML API ExplorerJunos YANG Data Model ExplorerPort CheckerPower CalculatorSNMP MIB ExplorerSystem Log Explorer
CLI ExplorerFeature ExplorerJunos XML API ExplorerJunos YANG Data Model ExplorerSNMP MIB ExplorerSystem Log Explorer
Compliance AdvisorFeature ExplorerHardware Compatibility ToolPort CheckerPower Calculator
Home Documentation Junos OS Junos CLI Reference CLI Reference S

Junos CLI Reference

keyboard_arrow_up
close
keyboard_arrow_left
Junos CLI Reference
Table of Contents Expand all
list Table of Contents
file_download PDF
{ "lLangCode": "en", "lName": "English", "lCountryCode": "us", "transcode": "en_US" }
English
ON THIS PAGE
keyboard_arrow_right

show services nat pool

date_range 19-Nov-23
arrow_backward
arrow_forward

Syntax

content_copy zoom_out_map
show services nat pool 
<brief | detail>
<pool-name> 
pgcp <ports-per-session | remotely-controlled>

Description

Display information about Network Address Translation (NAT) pools.

Note:

On MS-MPCs and MS-MICs, if the line cards receive a packet immediately after the active port block timeout interval has expired, a new port block is allocated and the old port block is released thereafter (if no more ports are being used from that block). In such a scenario, you might notice that the Max number of port blocks used field displays a higher value than the value shown for the Unique pool users field in the output of the show services nat pool detail command. This behavior is expected with port block allocation.

With MS-MPCs and MS-MICs, in the output of the show services nat pool detail command, the Max ports used and the Ports in use fields display values that indicate a higher number than the number of active subscribers on the member interfaces of an ams interface. This behavior of an increased value displayed for the number of ports allocated and maximum number of ports used is expected after you perform a Graceful Routing Engine switchover (GRES) and a restart of the MPC.

With MS-MPCs and MS-MICs on MX Series routers with AMS interfaces, it is observed that the subscriber and port count details are displayed only after a long time in the output of the show services nat pool detail command. This behavior is expected with NAT pool counters and occurs, regardless of port block allocation being configured.

Options

none

Display standard information about all NAT pools.

brief | detail

(Optional) Display the specified level of output.

pool-name

(Optional) Display information about the specified NAT pool.

pgcp

(Optional) Display information about a NAT pool that is exclusive to the BGF.

ports-per-session

(Optional) Display the number of ports allocated per session from the NAT pool.

remotely-controlled

(Optional) Display if the NAT pool is explicitly specified by the gateway controller.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show services nat pool command. Output fields are listed in the approximate order in which they appear.

Table 1: show services nat pool Output Fields

Field Name

Field Description

Level of Output

Interface

Name of an adaptive services interface.

All levels

Service set

Name of a service set. Individual empty service sets are not displayed, but if none of the service sets has any flows, a flow table header is printed for each service set.

All levels

NAT pool

Name of the Network Address Translation pool.

All levels

Type or Translation type

Address translation type: basic-nat-pt, Y, Y, Y, Y, Y, Y, Y, Y, Y, Y, Y, Y.

All levels

Address or Address range

IPv4 address range of the pool.

All levels

Port or Port range

Port range of the pool. Applicable only for dynamic NAT pools. Not displayed for static NAT pools.

All levels

Ports used or Ports in use

Number of ports allocated in this pool with this name. Applicable only for dynamic NAT pools. Not displayed for static NAT pools.

All levels

Port block type

Type of port block allocation: secured or deterministic

All levels

Available addresses

Number of free addresses in the NAT pool.

detail

Configured port range

The range of ports configured to be used for NAT pool.

detail

Out of port errors

Number of port allocation errors. Applicable only for dynamic NAT pools. Not displayed for static NAT pools.

detail

Parity port errors

Number of port allocations that failed because a port number of the desired parity was not available.

detail

Preserve Range errors

Number of port allocations that failed because a port in the desired range was not available.

detail

Max ports used

Maximum number of ports used. Applicable only for dynamic NAT pools. Not displayed for static NAT pools.

detail

Addresses in use

Number of addresses in use for dynamic source address NAT pools.

detail

AP-P port allocation errors

When address pooling paired (AP-P) is configured, a private IP is paired to a public IP. This is a counter of translation errors where there are free ports available in the NAT pool, but none for the NAT IP to which the private IP is paired.

detail

AP-P port limit allocation errors

When AP-P is configured, this is a counter of out-of-port errors that are due to a configured limit for the number of allocated ports in the limit-ports-per-address statement at the [edit services nat pool nat-pool-name] hierarchy level.

detail

Memory allocation errors

Number of memory allocation failures.

detail

EIF Inbound session count

Current number of EIF inbound sessions.

detail

EIF Inbound session Limit exceeded drops

Number of inbound connections that were dropped because the EIF limit was exceeded.

detail

Port block size

Number of ports in a port block.

nonebrief

Max port blocks per address

Maximum number of port blocks per private address.

nonebrief

Active block timeout

Activity timeout of port block.

nonebrief

Effective port range

Effective range of port numbers.

nonebrief

Effective number of port blocks

Effective number of port blocks.

nonebrief

Effective number of ports

Effective number of ports.

nonebrief

Port block efficiency

Port block efficiency.

nonebrief

Port blocks limit exceeded errors

The total number of times when a request for more than the allowed port blocks allocated for a user arrives from a user.

All levels

Preserve range enabled

Whether the capability to preserve the privileged port range after translation is enabled. One of the following is displayed:

  • Is active—Preservation of port range is enabled.

  • Not active—Preservation of port range is not enabled.

detail

AP-P out of port errors

When AP-P is configured, a private IP is paired to a public IP. This is a counter of translation errors where there are free ports available in the NAT pool, but none for the NAT IP to which the private IP is paired.

detail

MAX number of port blocks used

The maximum number of port blocks used.

All levels

Current number of port blocks in use

Current count of the port blocks that are being used.

detail

Port block allocation errors

The consolidated number of port block allocation errors.

All levels

Port block memory allocation errors

The number of memory allocation errors for port blocks.

All levels

DetNat subscriber exceeded port limits

The number of times a subscriber exceeded its port limits for a NAT pool that uses deterministic port block allocation.

All levels

Unique pool users

The number of different users of the NAT pools.

All levels

Current EIF Inbound flows count

Current count of EIF inbound flows, including all EIF flows per pool.

detail

EIF flow limit exceeded drops

Current number of flow drops due to exceeded flow limit. This number is per pool, not per EIF mapping.

detail

Sample Output

show services nat pool brief

content_copy zoom_out_map
user@host> show services nat pool brief

Interface: ms-1/0/0, Service set: s1
NAT pool          Type    Address                         Port        Ports used
dest-pool         DNAT-44 10.10.10.2-10.10.10.2          
napt-pool         NAPT-44 50.50.50.1-50.50.50.254         1024-63487  0         
source-dynamic-pool DYNAMIC NAT44 40.40.40.1-40.40.40.254        
source-static-pool BASIC NAT44 30.30.30.1-30.30.30.254

show services nat pool detail

content_copy zoom_out_map
user@host> show services nat pool detail
Interface: ms-4/0/0, Service set: ss1
	 NAT pool: srcpool, Translation type: NAPT-44
	  Address range: 100.0.0.1-100.0.0.254
	  Available addresses: 254
	  Configured port range: 1024-65535
	  Port range: 1024-65535, Ports in use: 0, Out of port errors: 0
	  Parity port errors: 0, Preserve Range errors: 0
	  Max ports used: 0
	  AP-P port allocation errors: 0, AP-P port limit allocation errors: 0
	  Memory allocation errors: 0
	  EIF Inbound session count: 0
	  EIF Inbound session Limit exceeded drops: 0

show services nat pool (Secured Port Block Allocation)

content_copy zoom_out_map
user@host> show services nat pool

content_copy zoom_out_map
Interface: sp-2/0/0, Service set: in
NAT pool          Type    Address                         Port        Ports used
mypool            dynamic 3.3.3.3-3.3.3.10                512-65535   0
                          3.3.3.15-3.3.3.20
                          3.3.3.25-3.3.3.30
                          3.3.3.95-3.3.3.200
Port block size: 64, Max port blocks per address: 1, Active block timeout: 86400, Effective port range: 1024-65471,
Effective number of port blocks: 126882, Effective number of ports: 8120448, Port block efficiency: nan

Interface: sp-2/1/0, Service set: in1
NAT pool          Type    Address                         Port        Ports used
mypool1           dynamic 9.9.9.1-9.9.9.254               512-65535   0
Port block size: 64, Max port blocks per address: 1, Active block timeout: 86400, Effective port range: 1024-65471,
Effective number of port blocks: 255778, Effective number of ports: 16369792, Port block efficiency: nan

show services nat pool detail (Deterministic Port Block Allocation)

content_copy zoom_out_map
user@host> show services nat pool detail
Interface: sp-2/0/0, Service set: ss1
  NAT pool: napt_pool, Translation type: dynamic
    Address range: 5.5.5.1-5.5.5.254
    Configured port range: 1-60000, Preserve range enabled: Is active 
    Port range: 2000-2002, Ports in use: 2, Out of port errors: 0, Max ports used: 2
    AP-P out of port errors: 188 
    Max number of port blocks used: 1, Current number of port blocks in use: 1, Port block allocation errors: 0,
    Port block memory allocation errors: 0
    DetNAT subscriber exceeded port limits: 1
    Unique pool users: 1

show services nat pool (Deterministic Port Block Allocation)

content_copy zoom_out_map
user@host> show services nat pool

Interface: sp-2/0/0, Service set: ss2
NAT pool          Type    Address                         Port        Ports Used
pba               dynamic 33.33.33.1-33.33.33.128         512-65535   6604      
Port block type: Deterministic port block, Port block size: 200

show services nat pool detail (Port Block Allocation)

content_copy zoom_out_map
user@host> show services nat pool detail

Interface: sp-2/0/0, Service set: s
  NAT pool: napt_pool, Translation type: dynamic
    Address range: 44.1.1.1-44.1.1.1
    Configured port range: 1-60000 
    Port range: 1024-65535, Ports in use: 0, Out of port errors: 0, 
    Max ports used: 0
    AP-P out-of-port errors: 0
    Current EIF Inbound flows count: 0
    EIF flow limit exceeded drops: 0

Release Information

Command introduced before Junos OS Release 7.4.

pgcp option added in Junos OS Release 8.5.

arrow_backward PREVIOUS show services nat ipv6-multicast-interfaces
NEXT arrow_forward show services nat resource-usage source-pool
footer-navigation

© 1999 - 2025 Juniper Networks, Inc. All rights reserved.

Scroll to top