cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1305
Views
0
Helpful
4
Replies

on L3 Switch Ftp port deneid configure

Dear All,

We having Cat 4000 series Switch ,switch ip address 10.66.1.60,Gigabit eth 2/5 ip 10.66.88.200.in this port connected to ips ip 10.66.88.100,

IPS connected to L2 switch, L2 switch connected to FTP server ip 10.68.9.100 ,i want to block ftp port trough L3 switch.any access list required on L3 switch.

4 Replies 4

Edison Ortiz
Hall of Fame
Hall of Fame

ramnetcommunications wrote:

Dear All,

We having Cat 4000 series Switch ,switch ip address 10.66.1.60,Gigabit eth 2/5 ip 10.66.88.200.in this port connected to ips ip 10.66.88.100,

IPS connected to L2 switch, L2 switch connected to FTP server ip 10.68.9.100 ,i want to block ftp port trough L3 switch.any access list required on L3 switch.

In order to filter a port, an ACL is required. Per your description, you must place an inbound ACL on port GE 2/5.


For instance

access-list 101 deny host 10.68.9.100 eq ftp any

access-list 101 deny host 10.68.9.100 eq ftp-data any

access-list 101 permit any any

interface g2/5

ip access-group 101 in

Regards

Edison.

Dear Edison,

Thanks for support its working fine and same thing i want to block all ports and access given to only http port tell me the acl command.

ramnetcommunications wrote:

Dear Edison,

Thanks for support its working fine and same thing i want to block all ports and access given to only http port tell me the acl command.

If you only want HTTP instead of FTP, the syntax is:

access-list 101 permit tcp host 10.68.9.100 eq http any

access-list 101 deny ip host 10.68.9.100 any

access-list 101 permit ip any any

interface g2/5

ip access-group 101 in

Regards,

Edison.

Please, make sure to rate helpful posts - thanks !

Dear Edison

Thanks for support i nead only HTTP Port allow any other ports are not allow .like this configuration i required.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco