You could use nmap -P0 -p 21 10.1.1.0/24, it will scan the whole 10.1.1.0 range for any machines with port 21 open.
Just keep in mind if an FTP server DOES have critical stuff on it, its probably set to run on a different port, but you may be lucky.
The real way to do it would be to do a full port scan of everything, concentrate on 21 first, but then look at all the other ports (responses). I hope your intents are not malicious as I dont support that. But a simple port scan is not malicious in itself, just depends what you do with the results after. (well a port scan COULD be harmful, and seen as a DoS attack, depending on the settings)