11-29-2008 03:01 AM - edited 03-04-2019 12:32 AM
Hello
iwant to implement ACL in the router to block all ports except FTP.
how it can be done. could some one give example.
11-29-2008 03:17 AM
Ala
This is a useful document to get you started on acl's on cisco routers. It includes examples for both active and passive ftp -
http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml
Jon
11-29-2008 03:27 AM
hi Ala,
We need to know more information about your requirements. It also depends on what the direction you're going to implement ACL. Let's say I want to allow users from internal network to use only FTP. I would apply the ACL to the incoming interface.
- Let's say Interface F0/0 is inbound.
ip access-list extend ONLYFTP
permit tcp
permit tcp
Interface F0/0
ip access-group ONLYFTP in
In case you're using FTP in PASSIVE mode. That will not help you.
This will help you out.
ip access-list extend ONLYFTP
permit tcp
permit tcp
permit tcp
Edit : Jon has provided an useful link to you as well. Jon,You've been doing good jobs here!!!
Toshi
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: