Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

CISCO question

The compnay network admin want to prevent computers on the 192.168.23.64/26 subnet from accessing the 192.168.23.128/26 subnet via FTP. All other hosts should be allowed to access. What commands should be entered on the router to accomplish this task?

need some explanation for the answer. thanks for thoses people who answer this question.
0
ittechlab
Asked:
ittechlab
  • 2
1 Solution
 
pjtemplinCommented:
access-list 2101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq 21
access-list 2101 permit ip any any
int (interface where 192.168.23.64/26 sits)
ip access-group 2101 in
0
 
ittechlabLinux SupportAuthor Commented:
I don't why the following answer is right?

access-list 101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group 101 in
0
 
pjtemplinCommented:
ftp is tcp/21; I just specified it explicitly since ftp-data could factor in, etc.

Access-list number doesn't matter, as long as it's not in use for some other purpose and you choose a valid number in the extended IP ACL range.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now