Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
How to configure ACL to permit FTP traffic
To successfully establish an FTP session, the active FTP mode of operation uses control port 21 and the data port of 20.
FTP session failures are due to permitting control port 21 through the Access Control List (ACL) and denying the data port, or denying control port 21 through the ACL, and permitting the data port.
When configuring to permit an FTP connection as well as FTP traffic, use the following ACLs:
access-list 101 permit tcp any any eq 21 !--- The above line permits TCP traffic from any source, such as the FTP client, to any !--- FTP server destination at the FTP control port 21.
access-list 101 permit tcp any eq 20 any !--- The above line permits TCP traffic from any source, such as the FTP server, to any !--- FTP client at FTP data port 20.
When configuring to deny FTP traffic, deny the FTP control traffic at port 21. Since the FTP control traffic cannot reach the FTP server, you do not need to deny the FTP data connection at port 20. This is because the FTP data connection at port 20 never initiates.
To deny FTP traffic, use the following configuration: