ACL

Unanswered Question
Nov 29th, 2008

Hello

iwant to implement ACL in the router to block all ports except FTP.

how it can be done. could some one give example.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
thotsaphon Sat, 11/29/2008 - 03:27

hi Ala,

We need to know more information about your requirements. It also depends on what the direction you're going to implement ACL. Let's say I want to allow users from internal network to use only FTP. I would apply the ACL to the incoming interface.

- Let's say Interface F0/0 is inbound.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data

Interface F0/0

ip access-group ONLYFTP in

In case you're using FTP in PASSIVE mode. That will not help you.

This will help you out.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data

permit tcp any range 1023 65535

Edit : Jon has provided an useful link to you as well. Jon,You've been doing good jobs here!!!

Toshi

Actions

This Discussion