CISCO question

The compnay network admin want to prevent computers on the 192.168.23.64/26 subnet from accessing the 192.168.23.128/26 subnet via FTP. All other hosts should be allowed to access. What commands should be entered on the router to accomplish this task?

need some explanation for the answer. thanks for thoses people who answer this question.
ittechlabLinux SupportAsked:
Who is Participating?
 
pjtemplinConnect With a Mentor Commented:
access-list 2101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq 21
access-list 2101 permit ip any any
int (interface where 192.168.23.64/26 sits)
ip access-group 2101 in
0
 
ittechlabLinux SupportAuthor Commented:
I don't why the following answer is right?

access-list 101 deny tcp 192.168.23.64 0.0.0.63 192.168.23.128 0.0.0.63 eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group 101 in
0
 
pjtemplinCommented:
ftp is tcp/21; I just specified it explicitly since ftp-data could factor in, etc.

Access-list number doesn't matter, as long as it's not in use for some other purpose and you choose a valid number in the extended IP ACL range.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.