AUTHORITATIVE :
Indicates that the NHRP information was obtained from the Next Hop Server or router that maintains the NBMA-to-IP address mapping for a particular destination.
NEGATIVE:
For negative caching; indicates that the requested NBMA mapping could not be obtained. When NHRP sends an NHRP resolution request it inserts an incomplete (negative) NHRP mapping entry for the address in the resolution request. This is to keep the router
from triggering more NHRP resolution requests while this NHRP resolution request is being resolved and the IKE or IPsec tunnel created.
UNIQUE:
NHRP registration request packet had the "unique" flag set (on by default). This means that this NHRP mapping entry cannot be overwritten with a mapping entry that has the same IP address but a different NBMA address. When a spoke has a statically configured outside IP (NBMA) address this flag is used to keep another spoke that is misconfigured with the same tunnel IP address from overwriting this entry. If a spoke has a dynamic outside IP (NBMA) address then you configure ip nhrp registration no-unique on the spoke to clear this flag. This flag then allows the registered NHRP mapping entry for that spoke on the hub to be overwritten with a new NBMA address. This is necessary in this case since the spoke's outside IP (NBMA) address may change at any time. If the "unique" flag was set, then the spoke would have to wait for the mapping entry on the hub to time out before it could register
its new (NBMA) mapping.
REGISTERED:
The mapping entry was created from receiving an NHRP registration request. Registered mapping entries are dynamic entries, but they will not be refreshed through the "used" mechanism. These entries are refreshed by receiving another NHRP registration requests with the same tunnel IP to NBMA IP address mapping. The NHC must periodically send NHRP registration requests to keep these mappings from expiring.
USED:
When data packets are process-switched and this mapping entry was used, the mapping entry is marked as used. The mapping data base is checked every 60 seconds. If the used flag is set and there are more than 120 seconds left in the expire time, the used flag is
cleared. If there are fewer than 120 seconds left in the expire time, then this mapping entry is "refreshed" by sending another NHRP resolution request.
ROUTER:
NHRP mapping entries that are for a remote router itself for access to a network or host behind the remote router are marked with the router flag.
LOCAL:
NHRP mapping entries that are for a network's local to this router (serviced by this router) are marked with the local flag. These entries are created when this router answers an NHRP resolution request with this information and are used by the router to store the tunnel IP address of all of the other NHRP nodes to which this router has sent this information. If for some reason this router loses access to this local network (it can no longer service this network) it will send an NHRP purge message to all remote NHRP nodes listed in the 'local' entry (this list is not visible) to tell the remote nodes to clear this information out of their NHRP mapping tables. This 'local' mapping entry times out of the local NHRP mapping database at the same time that this information (from the NHRP resolution reply) would time out of the NHRP mapping database on the remote NHRP nodes.
IMPLICIT:
NHRP mapping entries that were learned by the local node by using the source NHRP mapping information from an NHRP resolution request or reply.
NO SOCKET:
NHRP mapping entries for which the router does not need nor want to trigger IPsec to set up encryption, because the router does not have data traffic that needs to use this tunnel. If later on there is data traffic that needs to use this tunnel it will be converted from a "no socket" to a "socket" entry and IPsec will be triggered to set up the encryption for this tunnel. Local and implicit NHRP mapping entries are always initially marked as "no socket."
NAT:
This setting is on NHRP mapping entries that are from NHRP registration packets.
This indicates that the remote node (NHS client) supports the NHRP NAT extension type for supporting dynamic spoke-to-spoke tunnels to or from spokes behind a NAT router. This flag does not mean that the spoke (NHS client) is behind a NAT router.