on L3 Switch Ftp port deneid configure

Unanswered Question
Nov 26th, 2009
User Badges:

Dear All,


We having Cat 4000 series Switch ,switch ip address 10.66.1.60,Gigabit eth 2/5 ip 10.66.88.200.in this port connected to ips ip 10.66.88.100,

IPS connected to L2 switch, L2 switch connected to FTP server ip 10.68.9.100 ,i want to block ftp port trough L3 switch.any access list required on L3 switch.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Thu, 11/26/2009 - 08:47
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

ramnetcommunications wrote:


Dear All,


We having Cat 4000 series Switch ,switch ip address 10.66.1.60,Gigabit eth 2/5 ip 10.66.88.200.in this port connected to ips ip 10.66.88.100,

IPS connected to L2 switch, L2 switch connected to FTP server ip 10.68.9.100 ,i want to block ftp port trough L3 switch.any access list required on L3 switch.

In order to filter a port, an ACL is required. Per your description, you must place an inbound ACL on port GE 2/5.



For instance


access-list 101 deny host 10.68.9.100 eq ftp any

access-list 101 deny host 10.68.9.100 eq ftp-data any

access-list 101 permit any any


interface g2/5

ip access-group 101 in



Regards


Edison.

ramnet communic... Fri, 11/27/2009 - 01:10
User Badges:

Dear Edison,


Thanks for support its working fine and same thing i want to block all ports and access given to only http port tell me the acl command.

Edison Ortiz Fri, 11/27/2009 - 10:10
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

ramnetcommunications wrote:


Dear Edison,


Thanks for support its working fine and same thing i want to block all ports and access given to only http port tell me the acl command.


If you only want HTTP instead of FTP, the syntax is:


access-list 101 permit tcp host 10.68.9.100 eq http any

access-list 101 deny ip host 10.68.9.100 any

access-list 101 permit ip any any



interface g2/5

ip access-group 101 in


Regards,


Edison.


Please, make sure to rate helpful posts - thanks !

ramnet communic... Sun, 11/29/2009 - 21:25
User Badges:

Dear Edison


Thanks for support i nead only HTTP Port allow any other ports are not allow .like this configuration i required.

Actions

This Discussion