Allow FTP Service
This ACL will only allow FTP traffic to traverse this port. This will only allow Active FTP sessions to the server. The assumption is that this VLAN is a default deny and only this traffic is permitted.
EMS Allow FTP Procedure
- Open a Panorama PON (EMS) session, click on the Profile icon button and the ACL tab.
- Select the EMS ACL Create a new profile icon and name the ACL profile to FTP Only.
- Click on the Create Rule button and perform the following steps:
Step 1: Enter "FTP-Only" in Filter Name: entry box:
Step 2: Select "Extended ACL" from the ACL Type: Dropdown
Step 3: Select "Permit" from the Action: Dropdown
Step 4: Select "Any Mac(s)" from the SourceMAC(s): dropdown
Step 5: Click on the Add button to add the MAC address and bit count to the Source Mac(s) window
Step 6: Select the MAC address entry in the Source Mac(s) window
Step 7: Enter "1" in the Max MAC(s) entry box
Step 8: Enter "1" in the Max IPs Per MAC entry box
Step 9: Select "TCP(06)" from the Protocol: Radio Selections
Step 10: Select "Single" from the Distribution: Radio Selections
Step 11: Add "20" in the Distribution Port: entry box
Step 12: Click on the Save button to save the rule profile
- Click on the Apply button to add the ACL profile to the Profile Name window list.
- After the Profile has been generated the ACL status is displayed. Click on the Close button to complete the ACL profile.
CLI ACL Allow Only FTP Procedure
- Open a CLI session and create a Only FTP ACL profile.
Note: The created ACL profile name is case sensitive.
ESUx> profile acl create name=OnlyFTP <enter>
success
ESUx> _
|
- From the ESUx> command line, input profile acl edit name=OnlyFTP rule number=1 extended action=permit l2 et=ipv4 sa=any max-macs=1 l3 protocol=tcp l4 destination single port=20, and press Enter. Output similar to the following is displayed:
ESUx> profile acl edit name=OnlyFTP rule number=1 extended action=permit l2 et=ipv4 sa=any max-macs=1 l3 protocol=tcp l4 destination single port=20 <enter> success ESUx> _
Verify the CLI entry
- From the ESUx> command line, input profile acl show name= OnlyFTP , and press Enter. Output similar to the following is displayed:
ESUx> profile acl show name=OnlyFTP <enter>| Access Control List Profile | |============================================================================| | Profile Name : OnlyFTP | | | | Rule #1 | | Rule Identifier : Rule-1 | | Type : extended | | Action : permit | | | | Layer 2 | | Ethertype : IPv4 (0x0800) | | 802.1p Priority : n/a | | | | Source MAC(s) | | MAX Source MACs : 1 | | SA #1 : any | | | | Destination MAC(s) | | | | L2 Flags | | DLF : n/a | | | | Layer 3 | | IP TTL : n/a | | IP DSCP : n/a | | IP TOS : n/a | | IP Protocol : tcp (6) | | | | Source IP/Subnet(s) | | | | Destination IP/Subnet(s) | | | | L3 Flags | | DF : n/a | | MF : n/a | | | | Layer 4 | | | | Source | | Type : n/a | | Port : n/a | | Port End : n/a | | | | Destination | | Type : Single | | Port : 20 | | Port End : n/a | | | | L4 Flags | | URG : n/a | | ACK : n/a | | PSH : n/a | | RST : n/a | | SYN : n/a | | FIN : n/a | | | | Meters | | | |============================================================================| ESUx>_
Previous | Next
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.