Learn how to a build a cloud-first strategyRegister Now

  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 253
  • Last Modified:

CISCO question

The compnay network admin want to prevent computers on the subnet from accessing the subnet via FTP. All other hosts should be allowed to access. What commands should be entered on the router to accomplish this task?

need some explanation for the answer. thanks for thoses people who answer this question.
  • 2
1 Solution
access-list 2101 deny tcp eq 21
access-list 2101 permit ip any any
int (interface where sits)
ip access-group 2101 in
ittechlabLinux SupportAuthor Commented:
I don't why the following answer is right?

access-list 101 deny tcp eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group 101 in
ftp is tcp/21; I just specified it explicitly since ftp-data could factor in, etc.

Access-list number doesn't matter, as long as it's not in use for some other purpose and you choose a valid number in the extended IP ACL range.

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now