Thank you, Michael. I have another question. Can I use the same access list group number for another IP address? For example, I want to all the users to access 192.3.11.100 and only allow ftp for 192.3.10.10.
access-list 110 permit ip any host 192.3.11.100 access-list 110 permit tcp any host 192.3.10.10 eq ftp Thanks. Jill ""Michael Williams"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > That would work, although you don't need the "deny ip any any" as there is > always an implied "deny all" at the end of the access list. > > However, to protect yourself from unwanted traffic/attacks, you can changed > your access list to only allow traffic incoming on port 21 (eq ftp): > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > That should do it for ya......... > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24682&t=24525 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
