Upload
kishore-kumar
View
681
Download
3
Tags:
Embed Size (px)
DESCRIPTION
This study guide is intended to provide those pursuing the CCNA certification with a framework of what concepts need to be studied. This is not a comprehensive document containing all the secrets of the CCNP nor is it a “braindump” of questions and answers. I sincerely hope that this document provides some assistance and clarity in your studies.
Citation preview
1
2
• All deny statements have to be given First
• There should be at least one Permit statement
• An implicit deny blocks all traffic by default when
there is no match (an invisible statement).
• Can have one access-list per interface per direction.
(i.e.) Two access-list per interface, one in inbound
direction and one in outbound direction.
• Works in Sequential order
• Editing of access-lists is not possible (i.e) Selectively
adding or removing access-list statements is not
possible.
Rules of Access List
3
Standard ACL - Network Diagram
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
1.1 & 1.2 should not communicate with 2.0 network1.1 & 1.2 should not communicate with 2.0 network
Creation and
Implementation
is done Closest
to the
Destination.
Creation and
Implementation
is done Closest
to the
Destination.
4
How Standard ACL Works ?
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
1.1 is accessing 2.11.1 is accessing 2.1
1.1
5
1.1 2.1Source IP
192.168.1.1
Destination IP192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
Source IP 192.168.1.1
How Standard ACL Works ?
6
1.1 2.1Source IP
192.168.1.1
Destination IP192.168.2.1
Source IP 192.168.1.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
How Standard ACL Works ?
7
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
1.3 is accessing 2.11.3 is accessing 2.1
1.3
How Standard ACL Works ?
8
1.1 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
Source IP 192.168.1.3
x
How Standard ACL Works ?
9
1.1 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
Source IP 192.168.1.3
xaccess-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
How Standard ACL Works ?
10
1.1 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
Source IP 192.168.1.3
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
How Standard ACL Works ?
11
1.1 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
Source IP 192.168.1.1
access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 deny 192.168.1.2 0.0.0.0
access-list 1 permit any
12
Standard ACL - Network Diagram
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
1.1 & 3.0 should not communicate with 2.0 network1.1 & 3.0 should not communicate with 2.0 network
Creation and
Implementation
is done Closest
to the
Destination.
Creation and
Implementation
is done Closest
to the
Destination.
13
How Standard ACL Works ?
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
1.1 is accessing 2.11.1 is accessing 2.1
1.1
14
1.1 2.1Source IP
192.168.1.1
Destination IP192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
Source IP 192.168.1.1
How Standard ACL Works ?
15
1.1 2.1Source IP
192.168.1.1
Destination IP192.168.2.1
Source IP 192.168.1.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
How Standard ACL Works ?
16
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
1.3 is accessing 2.11.3 is accessing 2.1
1.3
How Standard ACL Works ?
17
1.3 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
Source IP 192.168.1.3
x
How Standard ACL Works ?
18
1.3 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
Source IP 192.168.1.3
xaccess-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
How Standard ACL Works ?
19
1.3 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
Source IP 192.168.1.3
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
How Standard ACL Works ?
20
1.3 2.1Source IP
192.168.1.3
Destination IP192.168.2.1
Source IP 192.168.1.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
21
How Standard ACL Works ?
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
3.1 is accessing 2.13.1 is accessing 2.1
3.1
22
3.1 2.1Source IP
192.168.3.1
Destination IP192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
How Standard ACL Works ?
Source IP 192.168.3.1
x
23
3.1 2.1Source IP
192.168.3.1
Destination IP192.168.2.1
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
How Standard ACL Works ?
Source IP 192.168.3.1
24
3.1 2.1Source IP
192.168.3.1
Destination IP192.168.2.1
How Standard ACL Works ?
access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 deny 192.168.3.0 0.0.0.255
access-list 5 permit any
25
Extended ACL - Network Diagram
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
2.0 should not access with 3.1 (Web Service)2.0 should not access with 3.1 (Web Service)
Creation and
Implementation
is done Closest
to the Source.
Creation and
Implementation
is done Closest
to the Source.
26
How Extended ACL Works ?
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
2.1 is accessing 3.1 - Web Service2.1 is accessing 3.1 - Web Service
2.1
27
2.1 3.1Source IP
192.168.2.1Destination IP192.168.3.1
Port - 80
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
How Extended ACL Works ?
Source IP 192.168.2.1
Destination IP192.168.3.1
Port - 80
28
2.1 3.1Source IP
192.168.2.1Destination IP192.168.3.1
Port - 80
How Extended ACL Works ?
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
29
How Extended ACL Works ?
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
2.1 is accessing 3.1 – Telnet Service2.1 is accessing 3.1 – Telnet Service
2.1
30
2.1 3.1Source IP
192.168.2.1Destination IP192.168.3.1
Port - 23
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
How Extended ACL Works ?
Source IP 192.168.2.1
Destination IP192.168.3.1
Port - 23
x
31
2.1 3.1Source IP
192.168.2.1Destination IP192.168.3.1
Port - 23
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
How Extended ACL Works ?
Source IP 192.168.2.1
Destination IP192.168.3.1
Port - 23
32
2.1 3.1Source IP
192.168.2.1Destination IP192.168.3.1
Port - 23
Source IP 192.168.1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
How Extended ACL Works ?
33
How Extended ACL Works ?
E0 192.168.1.150/24
HYD
LAN - 192.168.1.0/24
E0 192.168.2.150/24
CHE
LAN - 192.168.2.0/24
E0 192.168.3.150/24
BAN
LAN - 192.168.3.0/24
10.0.0.1/8S0
S110.0.0.2/8
11.0.0.1/8S0
S111.0.0.2/8
1.1 1.2 1.3 2.1 2.2 2.3 3.1 3.2 3.3
2.1 is accessing 1.1 - Web Service2.1 is accessing 1.1 - Web Service
2.1
34
2.1 1.1Source IP
192.168.2.1Destination IP192.168.1.1
Port - 80
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
How Extended ACL Works ?
x
Source IP 192.168.2.1
Destination IP192.168.1.1
Port - 80
35
2.1 1.1Source IP
192.168.2.1Destination IP192.168.1.1
Port - 80
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
How Extended ACL Works ?
Source IP 192.168.2.1
Destination IP192.168.1.1
Port - 80
36
2.1 1.1Source IP
192.168.2.1Destination IP192.168.1.1
Port - 80
Source IP 192.168.1.1
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
access-list 101 permit ip any any
How Extended ACL Works ?
37
• Access-lists are identified using Names
rather than Numbers.
• Names are Case-Sensitive
• No limitation of Numbers here.
• One Main Advantage is Editing of ACL is Possible (i.e)
Removing a specific statement from the ACL is
possible.
(IOS version 11.2 or later allows Named ACL)
Named Access List
38
Standard Named Access List
Creation of Standard Named Access List
Router(config)# ip access-list standard <name>
Router(config-std-nacl)# <permit/deny> <source address>
<source wildcard mask>
Implementation of Standard Named Access List
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
Creation of Standard Named Access List
Router(config)# ip access-list standard <name>
Router(config-std-nacl)# <permit/deny> <source address>
<source wildcard mask>
Implementation of Standard Named Access List
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
39
Extended Named Access List
Creation of Extended Named Access List
Router(config)# ip access-list extended <name>
Router(config-ext-nacl)# <permit/deny> <protocol>
<source address> <source wildcard mask> <destination
address> < destination wildcard mask> <operator>
<service>
Implementation of Extended Named Access List
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
Creation of Extended Named Access List
Router(config)# ip access-list extended <name>
Router(config-ext-nacl)# <permit/deny> <protocol>
<source address> <source wildcard mask> <destination
address> < destination wildcard mask> <operator>
<service>
Implementation of Extended Named Access List
Router(config)#interface <interface type><interface no>
Router(config-if)#ip access-group <name> <out/in>
40
41
telnet 192.168.1.150
================================Welcome to Hyderabad Router================================User Access Verificationpassword :****
****enable
show ip route
Hyderabad>password :Hyderabad#
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Serial0R 11.0.0.0/8 [120/1] via 10.0.0.2, 00:00:25, Serial0C 192.168.1.0/24 is directly connected, Ethernet0R 192.168.2.0/24 [120/1] via 10.0.0.2, 00:00:25, Serial0R 192.168.3.0/24 [120/2] via 10.0.0.2, 00:00:25, Serial0Hyderabad#
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.C:\>Connecting .....
42
================================Welcome to Chennai Router================================User Access Verificationpassword :****
****enable
show ip route
Chennai>password :Chennai#
Gateway of last resort is not set
C 10.0.0.0/8 is directly connected, Serial1C 11.0.0.0/8 is directly connected, Serial0R 192.168.1.0/24 [120/1] via 10.0.0.1, 00:00:01, Serial1C 192.168.2.0/24 is directly connected, Ethernet0R 192.168.3.0/24 [120/1] via 11.0.0.2, 00:00:12, Serial0Chennai#
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.C:\>Connecting .....
telnet 192.168.2.150
43
================================Welcome to Banglore Router================================User Access Verificationpassword :****
****enable
show ip route
Banglore>password :Banglore#
Gateway of last resort is not set
R 10.0.0.0/8 [120/1] via 11.0.0.1, 00:00:04, Serial1C 11.0.0.0/8 is directly connected, Serial1R 192.168.1.0/24 [120/2] via 11.0.0.1, 00:00:04, Serial1R 192.168.2.0/24 [120/1] via 11.0.0.1, 00:00:04, Serial1C 192.168.3.0/24 is directly connected, Ethernet0Banglore#
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.C:\>Connecting .....
telnet 192.168.3.150
44
Chennai(config-if)#Chennai(config-if)#
================================Welcome to Chennai Router================================User Access Verificationpassword :****
****enable
configure terminal
ip address 10.0.0.2 255.0.0.0no shutencapsulation hdlcinterface serial 0
Chennai>password :Chennai#Enter configuration commands, one per line. End with CNTL/Z.Chennai(config)#Chennai(config-if)#Chennai(config-if)#Chennai(config-if)#Chennai(config-if)#
Microsoft Windows 2000 [Version 5.00.2195](C) Copyright 1985-2000 Microsoft Corp.C:\>Connecting .....
Chennai(config-if)#
telnet 192.168.2.150
interface serial 1
ip address 11.0.0.1 255.0.0.0no shutencapsulation hdlc
45
configure terminalChennai#Enter configuration commands, one per line. End with CNTL/Z.Chennai(config)#
access-list 1 deny 192.168.1.2 0.0.0.0Chennai(config)#access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 permit anyChennai(config)#Chennai(config)#
ip access-group 1 outChennai(config-if)#interface ethernet 0
Chennai(config-if)#
Creation of Standard Access ListRouter(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask>
Creation of Standard Access ListRouter(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask>
Implementation of Standard Access ListRouter(config)#interface <interface type><interface no>Router(config-if)#ip access-group <number> <out/in>
Implementation of Standard Access ListRouter(config)#interface <interface type><interface no>Router(config-if)#ip access-group <number> <out/in>
46
configure terminalChennai#Enter configuration commands, one per line. End with CNTL/Z.Chennai(config)#
access-list 1 deny 192.168.1.2 0.0.0.0Chennai(config)#access-list 1 deny 192.168.1.1 0.0.0.0
access-list 1 permit anyChennai(config)#Chennai(config)#
ip access-group 1 outChennai(config-if)#interface ethernet 0
Chennai(config-if)#Chennai#
^Zshow ip access-list
Standard IP access list 1 deny 192.168.1.1 deny 192.168.1.2permit anyChennai#
47
Chennai# show ip int e0Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 1 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabledChennai#
48
configure terminalChennai#Enter configuration commands, one per line. End with CNTL/Z.Chennai(config)#
access-list 5 deny 192.168.3.0 0.0.0.255Chennai(config)#access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 permit anyChennai(config)#Chennai(config)#
ip access-group 5 outChennai(config-if)#interface ethernet 0
Chennai(config-if)#Chennai#
^Zshow ip access-list
Standard IP access list 5 deny 192.168.1.1 deny 192.168.3.0 permit anyChennai#
49
Chennai# show ip int e0Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is 5 Inbound access list is not set Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabledChennai#
50
configure terminalChennai#Enter configuration commands, one per line. End with CNTL/Z.Chennai(config)#
access-list 5 deny 192.168.3.0 0.0.0.255Chennai(config)#access-list 5 deny 192.168.1.1 0.0.0.0
access-list 5 permit anyChennai(config)#Chennai(config)#
ip access-group 5 outChennai(config-if)#interface ethernet 0
Chennai(config-if)#
Implementation of Standard Access ListRouter(config)#interface <interface type><interface no>Router(config-if)#ip access-group <number> <out/in>
Implementation of Standard Access ListRouter(config)#interface <interface type><interface no>Router(config-if)#ip access-group <number> <out/in>
Creation of Standard Access ListRouter(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask>
Creation of Standard Access ListRouter(config)# access-list <acl no> <permit/deny> <source address> <source wildcard mask>
51
configure terminalChennai#Enter configuration commands, one per line. End with CNTL/Z.Chennai(config)#
access-list 101 permit ip any anyChennai(config)#
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)#ip access-group 101 inChennai(config-if)#
interface ethernet 0
Chennai(config-if)#
Creation of Extended Access ListRouter(config)# access-list <acl no> <permit/deny> <protocol> <source address> <source wildcard mask> <destination address> < destination wildcard mask> <operator> <service>
Creation of Extended Access ListRouter(config)# access-list <acl no> <permit/deny> <protocol> <source address> <source wildcard mask> <destination address> < destination wildcard mask> <operator> <service>
Implementation of Extended Access ListRouter(config)#interface <interface type><interface no>Router(config-if)#ip access-group <number> <out/in>
Implementation of Extended Access ListRouter(config)#interface <interface type><interface no>Router(config-if)#ip access-group <number> <out/in>
52
configure terminalChennai#Enter configuration commands, one per line. End with CNTL/Z.Chennai(config)#
access-list 101 permit ip any anyChennai(config)#
access-list 101 deny tcp 192.168.2.0 0.0.0.255 192.168.3.1 0.0.0.0 eq 80
Chennai(config)#ip access-group 101 inChennai(config-if)#
interface ethernet 0
Chennai(config-if)#
Chennai#^Z
show ip access-list
Extended IP access list 101 deny tcp 192.168.2.0 0.0.0.255 host 192.168.3.1 eq www permit ip any anyChennai#
53
Chennai# show ip int e0Ethernet0 is up, line protocol is up Internet address is 192.168.2.150/24 Broadcast address is 255.255.255.255 Address determined by non-volatile memory MTU is 1500 bytes Helper address is not set Directed broadcast forwarding is enabled Multicast reserved groups joined: 224.0.0.9 Outgoing access list is not set Inbound access list is 101 Proxy ARP is enabled Security level is default Split horizon is enabled ICMP redirects are always sent ICMP unreachables are always sent ICMP mask replies are never sent IP fast switching is enabled IP fast switching on the same interface is disabled IP multicast fast switching is disabled Router Discovery is disabled IP output packet accounting is disabled IP access violation accounting is disabled TCP/IP header compression is disabled Probe proxy name replies are disabled Gateway Discovery is disabled Policy routing is disabled Network address translation is disabledChennai#