1

Rules of Access List

All deny statements have to be given First
There should be at least one Permit statement
An implicit deny blocks all traffic by default when
there is no match (an invisible statement).
Can have one access-list per interface per direction.
(i.e.) Two access-list per interface, one in inbound
direction and one in outbound direction.
Works in Sequential order
Editing of access-lists is not possible (i.e) Selectively
adding or removing access-list statements is not
possible.

Standard ACL - Network Diagram

10.0.0.1/8
S0

HYD

1.2

S1
10.0.0.2/8

1.3

LAN - 192.168.1.0/24

is
isdone
doneClosest
Closest
to
tothe
the

11.0.0.1/8
S0

E0
192.168.1.150/24

1.1

Creation
Creationand
and
Implementation
Implementation

2.1

CHE

Destination.
Destination.

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

1.1
1.1 &
& 1.2
1.2 should
should not
not communicate
communicate with
with 2.0
2.0 network
network

How Standard ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

1.1
1.1 is
is accessing
accessing 2.1
2.1

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

How Standard ACL Works ?

1.1

Source IP
192.168.1.1

2.1

Destination IP
192.168.2.1

access-list 1 deny 192.168.1.1 0.0.0.0

access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any

How Standard ACL Works ?

1.1

Source IP
192.168.1.1

2.1

Destination IP
192.168.2.1

access-list 1 deny 192.168.1.1 0.0.0.0

access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any

How Standard ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3
1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

1.3
1.3 is
is accessing
accessing 2.1
2.1

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

How Standard ACL Works ?

1.1

Source IP
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 1 deny 192.168.1.1 0.0.0.0

access-list 1 deny 192.168.1.2 0.0.0.0

access-list 1 permit any

How Standard ACL Works ?

1.1

Source IP
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 1 deny 192.168.1.1 0.0.0.0

access-list 1 deny 192.168.1.2 0.0.0.0

access-list 1 permit any

How Standard ACL Works ?

1.1

Source IP
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 1 deny 192.168.1.1 0.0.0.0

access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any

10

1.1

Source IP
192.168.1.1
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 1 deny 192.168.1.1 0.0.0.0

access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any

11

Standard ACL - Network Diagram

10.0.0.1/8
S0

HYD

1.2

S1
10.0.0.2/8

1.3

LAN - 192.168.1.0/24

is
isdone
doneClosest
Closest
to
tothe
the

11.0.0.1/8
S0

E0
192.168.1.150/24

1.1

Creation
Creationand
and
Implementation
Implementation

2.1

CHE

Destination.
Destination.

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

1.1
1.1 &
& 3.0
3.0 should
should not
not communicate
communicate with
with 2.0
2.0 network
network

12

How Standard ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

1.1
1.1 is
is accessing
accessing 2.1
2.1

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

13

How Standard ACL Works ?

1.1

Source IP
192.168.1.1

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any

14

How Standard ACL Works ?

1.1

Source IP
192.168.1.1

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any

15

How Standard ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3
1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

1.3
1.3 is
is accessing
accessing 2.1
2.1

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

16

How Standard ACL Works ?

1.3

Source IP
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255

access-list 5 permit any

17

How Standard ACL Works ?

1.3

Source IP
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255 x
access-list 5 permit any

18

How Standard ACL Works ?

1.3

Source IP
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any

19

1.3

Source IP
192.168.1.1
192.168.1.3

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any

20

How Standard ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

3.1
3.1 is
is accessing
accessing 2.1
2.1

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

21

How Standard ACL Works ?

3.1

Source IP
192.168.3.1

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255

access-list 5 permit any

22

How Standard ACL Works ?

3.1

Source IP
192.168.3.1

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any

23

How Standard ACL Works ?

3.1

Source IP
192.168.3.1

2.1

Destination IP
192.168.2.1

access-list 5 deny 192.168.1.1 0.0.0.0

access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any

24

Extended ACL - Network Diagram

Creation
Creationand
and
Implementation
Implementation
10.0.0.1/8
S0

HYD

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3

LAN - 192.168.1.0/24

is
isdone
doneClosest
Closest
to
tothe
theSource.
Source.

11.0.0.1/8
S0

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

2.0
2.0 should
should not
not access
access with
with 3.1
3.1 (Web
(Web Service)
Service)

25

How Extended ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

2.1
2.1 is
is accessing
accessing 3.1
3.1 -- Web
Web Service
Service

26

How Extended ACL Works ?

2.1

Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 80

3.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

27

How Extended ACL Works ?

2.1

Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 80

3.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

28

How Extended ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

2.1
2.1 is
is accessing
accessing 3.1
3.1 Telnet
Telnet Service
Service

29

How Extended ACL Works ?

2.1

Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 23

3.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

30

How Extended ACL Works ?

2.1

Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 23

3.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

31

How Extended ACL Works ?

2.1

Source IP
192.168.1.1
192.168.2.1
Destination IP
192.168.3.1
Port - 23

3.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

32

How Extended ACL Works ?

10.0.0.1/8
S0

HYD

11.0.0.1/8
S0

S1
10.0.0.2/8

E0
192.168.1.150/24

1.1

1.2

1.3

LAN - 192.168.1.0/24

2.1

CHE

S1
11.0.0.2/8

E0
192.168.2.150/24

2.2

2.3

LAN - 192.168.2.0/24

3.1

BAN

E0
192.168.3.150/2

3.2

3.3

LAN - 192.168.3.0/24

2.1
2.1 is
is accessing
accessing 1.1
1.1 -- Web
Web Service
Service

33

How Extended ACL Works ?

2.1

Source IP
192.168.2.1
Destination IP
192.168.1.1
192.168.1.1
Port - 80

1.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

34

How Extended ACL Works ?

2.1

Source IP
192.168.2.1
Destination IP
192.168.1.1
Port - 80

1.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

35

How Extended ACL Works ?

2.1

Source IP
192.168.1.1
192.168.2.1
Destination IP
192.168.1.1
Port - 80

1.1

access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80

access-list 101 permit ip any any

36

Named Access List

Access-lists are identified using Names
rather than Numbers.
Names are Case-Sensitive
No limitation of Numbers here.
One Main Advantage is Editing of ACL is Possible (i.e)
Removing a specific statement from the ACL is
possible.
(IOS version 11.2 or later allows Named ACL)

37

Standard Named Access List

Creation
Creationof
ofStandard
StandardNamed
NamedAccess
AccessList
List
Router(config)#
Router(config)#ip
ipaccess-list
access-liststandard
standard<name>
<name>
Router(config-std-nacl)#
Router(config-std-nacl)#<permit/deny>
<permit/deny><source
<sourceaddress>
address>
<source
<sourcewildcard
wildcardmask>
mask>

Implementation
Implementationof
ofStandard
StandardNamed
NamedAccess
AccessList
List
Router(config)#interface
Router(config)#interface<interface
<interfacetype><interface
type><interfaceno>
no>
Router(config-if)#ip
Router(config-if)#ipaccess-group
access-group<name>
<name><out/in>
<out/in>

38

Extended Named Access List

Creation
Creationof
ofExtended
ExtendedNamed
NamedAccess
AccessList
List
Router(config)#
Router(config)#ip
ipaccess-list
access-listextended
extended<name>
<name>
Router(config-ext-nacl)#
Router(config-ext-nacl)#<permit/deny>
<permit/deny><protocol>
<protocol>
<source
<sourceaddress>
address><source
<sourcewildcard
wildcardmask>
mask><destination
<destination
address>
address><
<destination
destinationwildcard
wildcardmask>
mask><operator>
<operator>
<service>
<service>
Implementation
Implementationof
ofExtended
ExtendedNamed
NamedAccess
AccessList
List
Router(config)#interface
Router(config)#interface<interface
<interfacetype><interface
type><interfaceno>
no>
Router(config-if)#ip
Router(config-if)#ipaccess-group
access-group<name>
<name><out/in>
<out/in>

39

40

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.
telnet 192.168.1.150
C:\>
Connecting .....
================================
Welcome to Hyderabad Router
================================
User Access Verification
password : ****
Hyderabad> enable
password : ****
Hyderabad# show ip route
Gateway of last resort is not set
C
10.0.0.0/8 is directly connected, Serial0
R
11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:25, Serial0
C
192.168.1.0/24 is directly connected, Ethernet0
R
192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:25, Serial0
R
192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:25, Serial0
Hyderabad#

41

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.
telnet 192.168.2.150
C:\>
Connecting .....
================================
Welcome to Chennai Router
================================
User Access Verification
password : ****
Chennai> enable
password : ****
Chennai# show ip route
Gateway of last resort is not set
C
10.0.0.0/8 is directly connected, Serial1
C
11.0.0.0/8 is directly connected, Serial0
R
192.168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, Serial1
C
192.168.2.0/24 is directly connected, Ethernet0
R
192.168.3.0/24 [120/1] via 11.0.0.2, 00:00:12, Serial0
Chennai#

42

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.
telnet 192.168.3.150
C:\>
Connecting .....
================================
Welcome to Banglore Router
================================
User Access Verification
password : ****
Banglore> enable
password : ****
Banglore# show ip route
Gateway of last resort is not set
R
10.0.0.0/8 [120/1] via 11.0.0.1, 00:00:04, Serial1
C
11.0.0.0/8 is directly connected, Serial1
R
192.168.1.0/24 [120/2] via 11.0.0.1, 00:00:04, Serial1
R
192.168.2.0/24 [120/1] via 11.0.0.1, 00:00:04, Serial1
C
192.168.3.0/24 is directly connected, Ethernet0
Banglore#

43

Microsoft Windows 2000 [Version 5.00.2195]

(C) Copyright 1985-2000 Microsoft Corp.
telnet 192.168.2.150
C:\>
Connecting .....
================================
Welcome to Chennai Router
================================
User Access Verification
password : ****
Chennai> enable
password : ****
Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# interface serial 1
Chennai(config-if)# ip address 10.0.0.2 255.0.0.0
Chennai(config-if)# no shut
Chennai(config-if)# encapsulation hdlc
Chennai(config-if)# interface serial 0
Chennai(config-if)# ip address 11.0.0.1 255.0.0.0
Chennai(config-if)# no shut
Chennai(config-if)# encapsulation hdlc

44

Chennai# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0
Chennai(config)# access-list 1 permit any
Creation
of
Access
Creation
ofStandard
Standard
AccessList
List
Chennai(config)# interface
ethernet
0
Router(config)#
access-list
Chennai(config-if)#
Router(config)#
ip access-group
access-list1 <acl
out
<acl no>
no> <permit/deny>
<permit/deny>
<source
<sourceaddress>
address><source
<sourcewildcard
wildcardmask>
mask>
Chennai(config-if)#
Implementation
Implementationof
ofStandard
StandardAccess
AccessList
List
Router(config)#interface
Router(config)#interface<interface
<interfacetype><interface
type><interfaceno>
no>
Router(config-if)#ip
Router(config-if)#ipaccess-group
access-group<number>
<number><out/in>
<out/in>

45

Chennai# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0
Chennai(config)# access-list 1 permit any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 1 out
Chennai(config-if)# ^Z
Chennai# show ip access-list
Standard IP access list 1
deny
192.168.1.1
deny
192.168.1.2
permit any
Chennai#

46

Chennai# show ip int e0

Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is 1
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled

Chennai#

47

Chennai# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255
Chennai(config)# access-list 5 permit any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 5 out
Chennai(config-if)# ^Z
Chennai# show ip access-list
Standard
deny
deny
permit
Chennai#

IP access list 5
192.168.1.1
192.168.3.0
any

48

Chennai# show ip int e0

Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is 5
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled

Chennai#

49

Chennai# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255
Chennai(config)# access-list 5 permit any
Creation
of
Access
Creation
ofStandard
Standard
AccessList
List
Chennai(config)# interface
ethernet
0
Router(config)#
access-list
Chennai(config-if)#
Router(config)#
ip access-group
access-list5 <acl
out
<acl no>
no> <permit/deny>
<permit/deny>
<source
<sourceaddress>
address><source
<sourcewildcard
wildcardmask>
mask>
Chennai(config-if)#
Implementation
Implementationof
ofStandard
StandardAccess
AccessList
List
Router(config)#interface
Router(config)#interface<interface
<interfacetype><interface
type><interfaceno>
no>
Router(config-if)#ip
Router(config-if)#ipaccess-group
access-group<number>
<number><out/in>
<out/in>

50

Chennai# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 101 deny tcp 192.168.2.0
0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)# access-list
101 Extended
permit ip any any
Creation
Creationof
of ExtendedAccess
AccessList
List
Chennai(config)# interface ethernet 0
Router(config)#
access-list
<acl
no>
Router(config)#
access-list101
<acl
no> <permit/deny>
<permit/deny>
Chennai(config-if)#
ip
access-group
in
<protocol>
<source
address>
<source
wildcard
mask>
<protocol>
<source
address>
<source
wildcard
mask>
Chennai(config-if)#
<destination
<destination address>
address> <
< destination
destination wildcard
wildcard mask>
mask>
<operator>
<service>
Implementation
<operator>
<service> of
Implementation
ofExtended
ExtendedAccess
AccessList
List
Router(config)#interface
Router(config)#interface<interface
<interfacetype><interface
type><interfaceno>
no>
Router(config-if)#ip
Router(config-if)#ipaccess-group
access-group<number>
<number><out/in>
<out/in>

51

Chennai# configure terminal

Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 101 deny tcp 192.168.2.0
0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)# access-list 101 permit ip any any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 101 in
Chennai(config-if)# ^Z
Chennai# show ip access-list
Extended IP access list 101
deny
tcp 192.168.2.0 0.0.0.255 host 192.168.3.1 eq www
permit ip any any
Chennai#

52

Chennai# show ip int e0

Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is not set
Inbound access list is 101
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled

Chennai#

53