thotsaphon Sat, 11/29/2008 - 03:27
User Badges:
  • Gold, 750 points or more

hi Ala,

We need to know more information about your requirements. It also depends on what the direction you're going to implement ACL. Let's say I want to allow users from internal network to use only FTP. I would apply the ACL to the incoming interface.

- Let's say Interface F0/0 is inbound.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data


Interface F0/0

ip access-group ONLYFTP in


In case you're using FTP in PASSIVE mode. That will not help you.


This will help you out.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data

permit tcp any range 1023 65535


Edit : Jon has provided an useful link to you as well. Jon,You've been doing good jobs here!!!

Toshi


Actions

This Discussion