CISCO question

The compnay network admin want to prevent computers on the subnet from accessing the subnet via FTP. All other hosts should be allowed to access. What commands should be entered on the router to accomplish this task?

need some explanation for the answer. thanks for thoses people who answer this question.
ittechlabLinux SupportAsked:
Who is Participating?
pjtemplinConnect With a Mentor Commented:
access-list 2101 deny tcp eq 21
access-list 2101 permit ip any any
int (interface where sits)
ip access-group 2101 in
ittechlabLinux SupportAuthor Commented:
I don't why the following answer is right?

access-list 101 deny tcp eq ftp
Router(config)#access-list 101 permit ip any any
Router(config)#interface fa0/0
Router(config-if)#ip access-group 101 in
ftp is tcp/21; I just specified it explicitly since ftp-data could factor in, etc.

Access-list number doesn't matter, as long as it's not in use for some other purpose and you choose a valid number in the extended IP ACL range.
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.