?
Solved

cisco router 7000 --how to block certain services to a single ip

Posted on 2003-03-15
10
Medium Priority
?
240 Views
Last Modified: 2010-04-17
Hi,
iam using a cisco 7000 series router. i have a user in my network, who utilises one of my ip . i want to block all the services (like http,vpn etc) except ftp. i want him to use ftp only. how do i configure in my router for the same to happen?
Poopsi
0
Comment
Question by:poopsi
  • 4
  • 4
  • 2
10 Comments
 
LVL 79

Expert Comment

by:lrmoore
ID: 8142739
with an acl applied to the local ethernet interface:

access-list 101 permit tcp host <ipaddress> any eq ftp
access-list 101 deny ip host <ipaddress> any
access-list 101 permit ip any any

Interface Fast 0/1
 ip access-group 101 in

0
 
LVL 5

Expert Comment

by:epylko
ID: 8154514
You _might_ also need (before the deny statement)

access-list 101 permit tcp host <ipaddress> any eq ftp-data
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8187947
G'day, poopsi
There has not been any comments from you on this question in 7 days.
Do you still need assistance, need more information, or have you solved your problem?
Can you close out this question?

Ways to close your questions:
http://www.apollois.com/EE/Help/Closing_Questions.htm

0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 

Author Comment

by:poopsi
ID: 8193689
Hi Irmoore,
  I have implemented it in the network. I hope this will work. THanks a lot for your help and iam sorry for the delay
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 8233793
Have you been able to test this solution?
0
 

Author Comment

by:poopsi
ID: 8237894
The solution is working. the user is getting connected, but he is unable to view the folders from the ftp server.
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 200 total points
ID: 8237902
Did you add the line that epylko suggested:

access-list 101 permit tcp host <ipaddress> any eq ftp
access-list 101 permit tcp host <ipaddress> any eq ftp-data
access-list 101 deny ip host <ipaddress> any
access-list 101 permit ip any any
0
 

Author Comment

by:poopsi
ID: 8243345
Yes, I added the ftp-data also. But its the same problem. The user is able to connect to the server, but he is getting this message--"could not open directory listings". we changed the ftp software and tried with dos-ftp. but the problem still persists.
0
 
LVL 5

Expert Comment

by:epylko
ID: 8244604
Have his software try a passive ftp connection.
0
 

Author Comment

by:poopsi
ID: 8260622
yes, it is working....and thanks for the wonderful support.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

615 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question