Administrator Guide
686 Access Control Lists
console#show ip access-lists web-limit
IP ACL Name: web-limit
Rule Number: 1000
Action......................................... deny
Match All...................................... FALSE
Protocol....................................... 6(tcp)
Source IP Address.............................. any
Destination IP Address......................... any
Destination Layer 4 Operator................... Equal To
Destination L4 Port Keyword.................... 80(www/http)
Rule Number: 1010
Action......................................... permit
Match All...................................... TRUE
Denying FTP Traffic
This example filters (drops) ingress FTP setup and data traffic on interfaces
gi1/0/24 to 48. This example is suitable for configuration on a switch or a
router where it is desirable to eliminate FTP data traffic on certain interfaces:
console#config
console(config)#ip access-list deny-ftp
console(config-ip-acl)#deny tcp any any eq ftp
console(config-ip-access-list)#deny tcp any any eq ftp-data
console(config-ip-access-list)#2147483647 permit every
console(config-ip-access-list)#exit
console(config)#interface range gi1/0/24-48
console(config-if)#ip access-list deny-ftp in
console(config-if)#exit