Port Config

[Netphreak]

I am trying to configure a cisco router to allow access and deny access on certain ports. But there is something I am missing, I set up a access list to deny me access to my system on port 21 and it is not working.
Here is what I entered:
access-list 111 deny tcp any host 200.225.226.6 eq ftp

If you see something that I am missing I would really like some help. And I am willing to help out with any questions anyone else has.
Thank you.

 

[wybnormal]

OK.. with just that you have yourself in a pickle. You need to have a PERMIT statement on the end of your list since there is an IMPLIED DENY ALL there.

Also, you need to apply the list TO the interface you want to filter and have it either on the IN or the OUT side of the interface. See the sample below:

Extended IP access list 107
deny icmp any any echo log (6 matches)
permit ip any any (258287 matches);gets past implied deny all
-------- interface side --------
interface Ethernet1
ip address xxx.xxx.xxx.xxx 255.255.255.0
ip access-group 107 in ; this is where the 107 extended IP access list gets applied.

ip access-group 101 out
no ip directed-broadcast
ip nat outside
no cdp enable