Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL problems on an SG-300 20


I'm  setting up an SG-300 and would like to block some traffic with ACLs.  While I'm  new to cisco products, I was able to easily setup an IP based ACL to restrict  certain IPs from accessing specific ports, but my problem is with applying these  ACLs to specific protocols.  When I add them the protocols are blocked  effectively, but I can't seem to allow any traffic to return on a different  port. I can't seem to figure out how to apply the ACL to traffic in one  direction and allow other ports to send the data back on other ports (ie with  ftp).  Service using those ports seem to hang.  I've even put the switch into Layer 3 mode to see if that would change things, with no luck.

Below  is a snippet of my ACL:

ip  access-list extended "Webserver port restrictions"

permit  icmp any any any any

permit  tcp any 20-22 any any


How  can I modify this to allow incoming traffic on port 20 to be returned on other  ports, but still block those other ports from incoming traffic?