asked on

cisco router 7000 --how to block certain services to a single ip

Hi,
iam using a cisco 7000 series router. i have a user in my network, who utilises one of my ip . i want to block all the services (like http,vpn etc) except ftp. i want him to use ftp only. how do i configure in my router for the same to happen?
Poopsi

Les Moore

with an acl applied to the local ethernet interface:

access-list 101 permit tcp host <ipaddress> any eq ftp
access-list 101 deny ip host <ipaddress> any
access-list 101 permit ip any any

Interface Fast 0/1
ip access-group 101 in

epylko

You _might_ also need (before the deny statement)

access-list 101 permit tcp host <ipaddress> any eq ftp-data

Les Moore

G'day, poopsi
There has not been any comments from you on this question in 7 days.
Do you still need assistance, need more information, or have you solved your problem?
Can you close out this question?

Ways to close your questions:
http://www.apollois.com/EE/Help/Closing_Questions.htm

poopsi

ASKER

Hi Irmoore,
I have implemented it in the network. I hope this will work. THanks a lot for your help and iam sorry for the delay

Les Moore

Have you been able to test this solution?

poopsi

ASKER

The solution is working. the user is getting connected, but he is unable to view the folders from the ftp server.

ASKER CERTIFIED SOLUTION

Les Moore

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

poopsi

ASKER

Yes, I added the ftp-data also. But its the same problem. The user is able to connect to the server, but he is getting this message--"could not open directory listings". we changed the ftp software and tried with dos-ftp. but the problem still persists.

epylko

Have his software try a passive ftp connection.

poopsi

ASKER

yes, it is working....and thanks for the wonderful support.