Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Incomplete information: PAT ports 0-511, 512-1023, and 1024-65535


I am studying the first module of the fourth semester (CCNA v3.1)

"PAT (NAT overloading) divides the available ports per global IP address into three ranges of 0-511, 512-1023, and 1024-65535"

I have read the RFCs 1631, 3022, 2663.

I have looked for information in and google.

I cant find information about this groups.

I dont understand the port group selection in the PAT process (router).

Can you help me?

Best regards and thanks you very much

  • Other Network Infrastructure Subjects

Re: Incomplete information: PAT ports 0-511, 512-1023, and 1024-


I'm not absolutely sure about why Cisco does the division between the first 2 ranges. However, it is clear why they have a separate range for ports 1024-65535. Port numbers less than 1024 are considered to be well-known ports e.g. port used for telnet is 23. Therefore, it makes sense to divide up the port ranges into well-known and the rest.

Hope that helps - pls do rate the post if it does.


New Member

Re: Incomplete information: PAT ports 0-511, 512-1023, and 1024-

Hi Paresh:

First of all thanks you for your altruist reply.

PAT in Cisco Routers, IOS:

"It will attempt to assign the same port value of the original request. However, if the original source port has already been used, ***it will start scanning from the beginning of the particular port range*** to find the first available port and assign it to the conversation."

The workstation always chooses a port over 1023 when it connects to a service.

In what case the IOS choose a port under 1024 in the PAT process (0-511, 512-1023) ?

It would be nice a debug nat output of a pat config router (¡not emu!) with workstations and servers in the lan side.

Thanks again and best regards

This widget could not be displayed.