The document outlines rules for access control lists (ACLs) in networking, stating that all deny statements must precede permit statements and that each interface can have one ACL per direction. It describes standard ACLs and their function in controlling traffic between different IP networks while emphasizing that they operate in a sequential manner without the ability to edit individual statements once created. Additionally, the document details examples of ACL configurations for specific source and destination IP pairs, illustrating how access restrictions are implemented.

1. 1

2. Rules of Access List
• All deny statements have to be given First
• There should be at least one Permit statement
• An implicit deny blocks all traffic by default when
there is no match (an invisible statement).
• Can have one access-list per interface per direction.
(i.e.) Two access-list per interface, one in inbound
direction and one in outbound direction.
• Works in Sequential order
• Editing of access-lists is not possible (i.e) Selectively
adding or removing access-list statements is not
possible.
2

3. Standard ACL - Network Diagram
10.0.0.1/8
S0
HYD
1.2
S1
10.0.0.2/8
1.3
LAN - 192.168.1.0/24
is done Closest
is done Closest
to the
to the
11.0.0.1/8
S0
E0
192.168.1.150/24
1.1
Creation and
Creation and
Implementation
Implementation
2.1
Destination.
Destination.
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
1.1 & 1.2 should not communicate with 2.0 network
1.1 & 1.2 should not communicate with 2.0 network
3

4. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.1 is accessing 2.1
1.1 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
4

5. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
5

6. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
6

7. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.3 is accessing 2.1
1.3 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
7

8. How Standard ACL Works ?
1.1
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
8
x

9. How Standard ACL Works ?
1.1
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
9
x

10. How Standard ACL Works ?
1.1
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
10

11. 1.1
Source IP
192.168.1.1
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
11

12. Standard ACL - Network Diagram
10.0.0.1/8
S0
HYD
1.2
S1
10.0.0.2/8
1.3
LAN - 192.168.1.0/24
is done Closest
is done Closest
to the
to the
11.0.0.1/8
S0
E0
192.168.1.150/24
1.1
Creation and
Creation and
Implementation
Implementation
2.1
Destination.
Destination.
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
1.1 & 3.0 should not communicate with 2.0 network
1.1 & 3.0 should not communicate with 2.0 network
12

13. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.1 is accessing 2.1
1.1 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
13

14. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
14

15. How Standard ACL Works ?
1.1
Source IP
192.168.1.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
15

16. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
1.3 is accessing 2.1
1.3 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
16

17. How Standard ACL Works ?
1.3
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
x
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
17

18. How Standard ACL Works ?
1.3
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255 x
access-list 5 permit any
18

19. How Standard ACL Works ?
1.3
Source IP
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
19

20. 1.3
Source IP
192.168.1.1
192.168.1.3
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
20

21. How Standard ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1 is accessing 2.1
3.1 is accessing 2.1
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
21

22. How Standard ACL Works ?
3.1
Source IP
192.168.3.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
x
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
22

23. How Standard ACL Works ?
3.1
Source IP
192.168.3.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
23

24. How Standard ACL Works ?
3.1
Source IP
192.168.3.1
2.1
Destination IP
192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
24

25. Extended ACL - Network Diagram
Creation and
Creation and
Implementation
Implementation
10.0.0.1/8
S0
HYD
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
is done Closest
is done Closest
to the Source.
to the Source.
11.0.0.1/8
S0
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.0 should not access with 3.1 (Web Service)
2.0 should not access with 3.1 (Web Service)
25

26. How Extended ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.1 is accessing 3.1 -- Web Service
2.1 is accessing 3.1 Web Service
26

27. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 80
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
27

28. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 80
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
28

29. How Extended ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.1 is accessing 3.1 – Telnet Service
2.1 is accessing 3.1 – Telnet Service
29

30. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 23
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
30
x

31. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.3.1
Port - 23
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
31

32. How Extended ACL Works ?
2.1
Source IP
192.168.1.1
192.168.2.1
Destination IP
192.168.3.1
Port - 23
3.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
32

33. How Extended ACL Works ?
10.0.0.1/8
S0
HYD
11.0.0.1/8
S0
S1
10.0.0.2/8
E0
192.168.1.150/24
1.1
1.2
1.3
LAN - 192.168.1.0/24
2.1
CHE
S1
11.0.0.2/8
E0
192.168.2.150/24
2.2
2.3
LAN - 192.168.2.0/24
3.1
BAN
E0
192.168.3.150/2
3.2
3.3
LAN - 192.168.3.0/24
2.1 is accessing 1.1 -- Web Service
2.1 is accessing 1.1 Web Service
33

34. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.1.1
192.168.1.1
Port - 80
1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
34
x

35. How Extended ACL Works ?
2.1
Source IP
192.168.2.1
Destination IP
192.168.1.1
Port - 80
1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
35

36. How Extended ACL Works ?
2.1
Source IP
192.168.1.1
192.168.2.1
Destination IP
192.168.1.1
Port - 80
1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
36

37. Named Access List
• Access-lists are identified using Names
rather than Numbers.
• Names are Case-Sensitive
• No limitation of Numbers here.
• One Main Advantage is Editing of ACL is Possible (i.e)
Removing a specific statement from the ACL is
possible.
(IOS version 11.2 or later allows Named ACL)
37

38. Standard Named Access List
Creation of Standard Named Access List
Creation of Standard Named Access List
Router(config)# ip access-list standard <name>
Router(config)# ip access-list standard <name>
Router(config-std-nacl)# <permit/deny> <source address>
Router(config-std-nacl)# <permit/deny> <source address>
<source wildcard mask>
<source wildcard mask>
Implementation of Standard Named Access List
Implementation of Standard Named Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
Router(config-if)#ip access-group <name> <out/in>
38

39. Extended Named Access List
Creation of Extended Named Access List
Creation of Extended Named Access List
Router(config)# ip access-list extended <name>
Router(config)# ip access-list extended <name>
Router(config-ext-nacl)# <permit/deny> <protocol>
Router(config-ext-nacl)# <permit/deny> <protocol>
<source address> <source wildcard mask> <destination
<source address> <source wildcard mask> <destination
address> < destination wildcard mask> <operator>
address> < destination wildcard mask> <operator>
<service>
<service>
Implementation of Extended Named Access List
Implementation of Extended Named Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
Router(config-if)#ip access-group <name> <out/in>
39

40. 40

41. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.1.150
Connecting .....
================================
Welcome to Hyderabad Router
================================
User Access Verification
password : ****
Hyderabad> enable
password : ****
Hyderabad# show ip route
Gateway of last resort is not set
C
10.0.0.0/8 is directly connected, Serial0
R
11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:25, Serial0
C
192.168.1.0/24 is directly connected, Ethernet0
R
192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:25, Serial0
R
192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:25, Serial0
Hyderabad#
41

42. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.2.150
Connecting .....
================================
Welcome to Chennai Router
================================
User Access Verification
password : ****
Chennai> enable
password : ****
Chennai# show ip route
Gateway of last resort is not set
C
10.0.0.0/8 is directly connected, Serial1
C
11.0.0.0/8 is directly connected, Serial0
R
192.168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, Serial1
C
192.168.2.0/24 is directly connected, Ethernet0
R
192.168.3.0/24 [120/1] via 11.0.0.2, 00:00:12, Serial0
Chennai#
42

43. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.3.150
Connecting .....
================================
Welcome to Banglore Router
================================
User Access Verification
password : ****
Banglore> enable
password : ****
Banglore# show ip route
Gateway of last resort is not set
R
10.0.0.0/8 [120/1] via 11.0.0.1, 00:00:04, Serial1
C
11.0.0.0/8 is directly connected, Serial1
R
192.168.1.0/24 [120/2] via 11.0.0.1, 00:00:04, Serial1
R
192.168.2.0/24 [120/1] via 11.0.0.1, 00:00:04, Serial1
C
192.168.3.0/24 is directly connected, Ethernet0
Banglore#
43

44. Microsoft Windows 2000 [Version 5.00.2195]
(C) Copyright 1985-2000 Microsoft Corp.
C:> telnet 192.168.2.150
Connecting .....
================================
Welcome to Chennai Router
================================
User Access Verification
password : ****
Chennai> enable
password : ****
Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# interface serial 1
Chennai(config-if)# ip address 10.0.0.2 255.0.0.0
Chennai(config-if)# no shut
Chennai(config-if)# encapsulation hdlc
Chennai(config-if)# interface serial 0
Chennai(config-if)# ip address 11.0.0.1 255.0.0.0
Chennai(config-if)# no shut
Chennai(config-if)# encapsulation hdlc
44

45. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0
Chennai(config)# access-list 1 permit any
Creation of Standard Access List
Creation of Standard Access List
Chennai(config)# interface ethernet 0
Router(config)# access-list out
Chennai(config-if)# ip access-group 1 <acl no> <permit/deny>
Router(config)# access-list <acl no> <permit/deny>
<source address> <source wildcard mask>
<source address> <source wildcard mask>
Chennai(config-if)#
Implementation of Standard Access List
Implementation of Standard Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <number> <out/in>
Router(config-if)#ip access-group <number> <out/in>
45

46. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 1 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 1 deny 192.168.1.2 0.0.0.0
Chennai(config)# access-list 1 permit any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 1 out
Chennai(config-if)# ^Z
Chennai# show ip access-list
Standard IP access list 1
deny
192.168.1.1
deny
192.168.1.2
permit any
Chennai#
46

47. Chennai# show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is 1
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled
Chennai#
47

48. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255
Chennai(config)# access-list 5 permit any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 5 out
Chennai(config-if)# ^Z
Chennai# show ip access-list
Standard
deny
deny
permit
Chennai#
IP access list 5
192.168.1.1
192.168.3.0
any
48

49. Chennai# show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is 5
Inbound access list is not set
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled
Chennai#
49

50. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 5 deny 192.168.1.1 0.0.0.0
Chennai(config)# access-list 5 deny 192.168.3.0 0.0.0.255
Chennai(config)# access-list 5 permit any
Creation of Standard Access List
Creation of Standard Access List
Chennai(config)# interface ethernet 0
Router(config)# access-list out
Chennai(config-if)# ip access-group 5 <acl no> <permit/deny>
Router(config)# access-list <acl no> <permit/deny>
<source address> <source wildcard mask>
<source address> <source wildcard mask>
Chennai(config-if)#
Implementation of Standard Access List
Implementation of Standard Access List
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <number> <out/in>
Router(config-if)#ip access-group <number> <out/in>
50

51. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 101 deny tcp 192.168.2.0
0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)# access-list 101 Extended Access List
permit ip any any
Creation of Extended Access List
Creation of
Chennai(config)# interface ethernet 0
Router(config)# access-list <acl no> <permit/deny>
Router(config)# access-list <acl no> <permit/deny>
Chennai(config-if)# ip access-group 101 <source wildcard mask>
<protocol> <source address> in
<protocol> <source address> <source wildcard mask>
Chennai(config-if)#
<destination address> < destination wildcard mask>
<destination address> < destination wildcard mask>
<operator> <service>
Implementation of Extended Access List
<operator> <service> of Extended Access List
Implementation
Router(config)#interface <interface type><interface no>
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <number> <out/in>
Router(config-if)#ip access-group <number> <out/in>
51

52. Chennai# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Chennai(config)# access-list 101 deny tcp 192.168.2.0
0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)# access-list 101 permit ip any any
Chennai(config)# interface ethernet 0
Chennai(config-if)# ip access-group 101 in
Chennai(config-if)# ^Z
Chennai# show ip access-list
Extended IP access list 101
deny
tcp 192.168.2.0 0.0.0.255 host 192.168.3.1 eq www
permit ip any any
Chennai#
52

53. Chennai# show ip int e0
Ethernet0 is up, line protocol is up
Internet address is 192.168.2.150/24
Broadcast address is 255.255.255.255
Address determined by non-volatile memory
MTU is 1500 bytes
Helper address is not set
Directed broadcast forwarding is enabled
Multicast reserved groups joined: 224.0.0.9
Outgoing access list is not set
Inbound access list is 101
Proxy ARP is enabled
Security level is default
Split horizon is enabled
ICMP redirects are always sent
ICMP unreachables are always sent
ICMP mask replies are never sent
IP fast switching is enabled
IP fast switching on the same interface is disabled
IP multicast fast switching is disabled
Router Discovery is disabled
IP output packet accounting is disabled
IP access violation accounting is disabled
TCP/IP header compression is disabled
Probe proxy name replies are disabled
Gateway Discovery is disabled
Policy routing is disabled
Network address translation is disabled
Chennai#
53