At 12:26 AM 11/2/01, J. Johnson wrote: >I have another question. Can I use the same access list group number for >another IP address? For example, I want to allow the users to access >192.3.11.100 and only allow ftp for 192.3.10.10. > >access-list 110 permit ip any host 192.3.11.100 >access-list 110 permit tcp any host 192.3.10.10 eq ftp
Yes, that should work. It's an Access List because you can have a list of items in it. In fact, because of the implicit deny all at the end of the list, I think you will need something like that first line. I'm not a guru on access lists however. I make liberal use of the ? and do lots of testing when I configure them. Doing them offline is hard for me.... So somebody will correct me if I'm wrong, I'm sure! ;-] Priscilla > Thanks. > > Jill > > > > ""Michael Williams"" wrote in message > > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > > That would work, although you don't need the "deny ip any any" as there >is > > > always an implied "deny all" at the end of the access list. > > > > > > However, to protect yourself from unwanted traffic/attacks, you can > > changed > > > your access list to only allow traffic incoming on port 21 (eq ftp): > > > > > > access-list 110 permit tcp any host 192.3.10.10 eq ftp > > > > > > That should do it for ya......... > > > > > > Mike W. ________________________ Priscilla Oppenheimer http://www.priscilla.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=25096&t=24525 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
