I have another question. Can I use the same access list group number for another IP address? For example, I want to all the users to access 192.3.11.100 and only allow ftp for 192.3.10.10.
access-list 110 permit ip any host 192.3.11.100 access-list 110 permit tcp any host 192.3.10.10 eq ftp Thanks. Jill > > ""Michael Williams"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > That would work, although you don't need the "deny ip any any" as there is > > always an implied "deny all" at the end of the access list. > > > > However, to protect yourself from unwanted traffic/attacks, you can > changed > > your access list to only allow traffic incoming on port 21 (eq ftp): > > > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > > > That should do it for ya......... > > > > Mike W. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=24950&t=24525 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]