Deny FTP Service
This ACL will deny the FTP service from being used.
EMS Deny FTP Procedure
- Open a Panorama PON (EMS) session, click on the Profile icon button and the ACL tab.
- Select the EMS ACL Create a new profile icon and name the ACL profile to Deny FTP.
- Click on the Create Rule button and perform the following steps:
Step 1: Enter "Deny-FTP" in Filter Name: entry box:
Step 2: Select "Extended ACL" from the ACL Type: Dropdown
Step 3: Select "Deny" from the Action: Dropdown
Step 4: Select "Ipv4" from the Filter Type: Radio Selections
Step 5: Select "Authorized Mac(s)" from the SourceMAC(s): dropdown
Step 6: Click on the Add button to add the MAC address and bit count to the Source Mac(s) window
Step 7: Select the MAC address entry in the Source Mac(s) window
Step 6: Enter "1" in the Max MAC(s) entry box
Step 9: Select "TCP(06)" from the Protocol: Radio Selections
Step 10: Select "Single" from the Distribution: Radio Selections
Step 11: Add "20" in the Distribution Port End: entry box
Step 12: Click on the Save button to save the rule profile
- Click on the Apply button to add the ACL profile to the Profile Name window list.
- After the Profile has been generated, the ACL status is displayed. Click on the Close button to complete the ACL profile.
CLI ACL Deny FTP Procedure
- Open a CLI session and create a Deny FTP ACL profile.
Note: The created ACL profile name is case sensitive.
ESUx> profile acl create name=DenyFTP <enter>
success
ESUx> _
|
- From the ESUx> command line, input profile acl edit name=DenyFTP rule number=1 extended action=deny l2 et=ipv4 sa=any max-macs=1 l3 protocol=tcp l4 destination single port=20, and press Enter. Output similar to the following is displayed:
ESUx> profile acl edit name=DenyFTP rule number=1 extended action=deny l2 et=ipv4 sa=any max-macs=1 l3 protocol=tcp l4 destination single port=20 <enter> success ESUx> _
Verify the CLI entry
- From the ESUx> command line, input profile acl show name=DenyFTP, and press Enter. Output similar to the following is displayed:
ESUx> profile acl show name=DenyFTP <enter> | Access Control List Profile | |============================================================================| | Profile Name : DenyFTP | | | | Rule #1 | | Rule Identifier : Rule-1 | | Type : extended | | Action : deny | | | | Layer 2 | | Ethertype : IPv4 (0x0800) | | 802.1p Priority : n/a | | | | Source MAC(s) | | MAX Source MACs : 1 | | SA #1 : any | | | | Destination MAC(s) | | | | L2 Flags | | DLF : n/a | | | | Layer 3 | | IP TTL : n/a | | IP DSCP : n/a | | IP TOS : n/a | | IP Protocol : tcp (6) | | | | Source IP/Subnet(s) | | | | Destination IP/Subnet(s) | | | | L3 Flags | | DF : n/a | | MF : n/a | | | | Layer 4 | | | | Source | | Type : n/a | | Port : n/a | | Port End : n/a | | | | Destination | | Type : Single | | Port : 20 | | Port End : n/a | | | | L4 Flags | | URG : n/a | | ACK : n/a | | PSH : n/a | | RST : n/a | | SYN : n/a | | FIN : n/a | | | | Meters | | | |============================================================================| ESUx> _
Previous | Next
FEEDBACK: Are you happy with this material?
Thank you Your feedback helps us to continually improve our content.