ACL

alaeldien · ‎11-29-2008

Hello

iwant to implement ACL in the router to block all ports except FTP.

how it can be done. could some one give example.

Jon Marshall · ‎11-29-2008

Ala

This is a useful document to get you started on acl's on cisco routers. It includes examples for both active and passive ftp -

http://www.cisco.com/en/US/tech/tk648/tk361/technologies_configuration_example09186a0080100548.shtml

Jon

Thotsaphon Lueangwattanaphong · ‎11-29-2008

hi Ala,

We need to know more information about your requirements. It also depends on what the direction you're going to implement ACL. Let's say I want to allow users from internal network to use only FTP. I would apply the ACL to the incoming interface.

- Let's say Interface F0/0 is inbound.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data

Interface F0/0

ip access-group ONLYFTP in

In case you're using FTP in PASSIVE mode. That will not help you.

This will help you out.

ip access-list extend ONLYFTP

permit tcp any eq ftp

permit tcp any eq ftp-data

permit tcp any range 1023 65535

Edit : Jon has provided an useful link to you as well. Jon,You've been doing good jobs here!!!

Toshi