on L3 Switch Ftp port deneid configure

Unanswered Question
Nov 26th, 2009

Dear All,

We having Cat 4000 series Switch ,switch ip address 10.66.1.60,Gigabit eth 2/5 ip 10.66.88.200.in this port connected to ips ip 10.66.88.100,

IPS connected to L2 switch, L2 switch connected to FTP server ip 10.68.9.100 ,i want to block ftp port trough L3 switch.any access list required on L3 switch.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Edison Ortiz Thu, 11/26/2009 - 08:47

ramnetcommunications wrote:

Dear All,

We having Cat 4000 series Switch ,switch ip address 10.66.1.60,Gigabit eth 2/5 ip 10.66.88.200.in this port connected to ips ip 10.66.88.100,

IPS connected to L2 switch, L2 switch connected to FTP server ip 10.68.9.100 ,i want to block ftp port trough L3 switch.any access list required on L3 switch.

In order to filter a port, an ACL is required. Per your description, you must place an inbound ACL on port GE 2/5.


For instance

access-list 101 deny host 10.68.9.100 eq ftp any

access-list 101 deny host 10.68.9.100 eq ftp-data any

access-list 101 permit any any

interface g2/5

ip access-group 101 in

Regards

Edison.

ramnet communic... Fri, 11/27/2009 - 01:10

Dear Edison,

Thanks for support its working fine and same thing i want to block all ports and access given to only http port tell me the acl command.

Edison Ortiz Fri, 11/27/2009 - 10:10

ramnetcommunications wrote:

Dear Edison,

Thanks for support its working fine and same thing i want to block all ports and access given to only http port tell me the acl command.

If you only want HTTP instead of FTP, the syntax is:

access-list 101 permit tcp host 10.68.9.100 eq http any

access-list 101 deny ip host 10.68.9.100 any

access-list 101 permit ip any any

interface g2/5

ip access-group 101 in

Regards,

Edison.

Please, make sure to rate helpful posts - thanks !

ramnet communic... Sun, 11/29/2009 - 21:25

Dear Edison

Thanks for support i nead only HTTP Port allow any other ports are not allow .like this configuration i required.

Actions

This Discussion