Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL

Hello

iwant to implement ACL in the router to block all ports except FTP.

how it can be done. could some one give example.

2 REPLIES
Hall of Fame Super Blue

Re: ACL

Ala

This is a useful document to get you started on acl's on cisco routers. It includes examples for both active and passive ftp -

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

Jon

Re: ACL

hi Ala,

We need to know more information about your requirements. It also depends on what the direction you're going to implement ACL. Let's say I want to allow users from internal network to use only FTP. I would apply the ACL to the incoming interface.

- Let's say Interface F0/0 is inbound.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data

Interface F0/0

ip access-group ONLYFTP in

In case you're using FTP in PASSIVE mode. That will not help you.

This will help you out.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data

permit tcp any range 1023 65535

Edit : Jon has provided an useful link to you as well. Jon,You've been doing good jobs here!!!

Toshi

101
Views
0
Helpful
2
Replies