Login
- Table of Contents
-
- 01-Fundamentals Configuration Guide
- 00-Preface
- 01-CLI configuration
- 02-RBAC configuration
- 03-Login management configuration
- 04-FTP and TFTP configuration
- 05-File system management configuration
- 06-Configuration file management configuration
- 07-Software upgrade configuration
- 08-ISSU configuration
- 09-Emergency shell configuration
- 10-Automatic configuration
- 11-Device management configuration
- 12-MDC configuration
- 13-TCL configuration
- 14-License management
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 04-FTP and TFTP configuration | 185.26 KB |
Contents
Using the device as an FTP server
Configuring authentication and authorization
Manually releasing FTP connections
Displaying and maintaining the FTP server
FTP server configuration example in standalone mode
FTP server configuration example in IRF mode
Using the device as an FTP client
Establishing an FTP connection
Managing directories on the FTP server
Working with files on the FTP server
Switching to another user account
Maintaining and troubleshooting the FTP connection
Terminating the FTP connection
Displaying command help information
Displaying and maintaining FTP client
FTP client configuration example in standalone mode
FTP client configuration example in IRF mode
Configuring the device as an IPv4 TFTP client
Configuring the device as an IPv6 TFTP client
File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over an IP network.
FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
FTP supports the following transfer modes:
· Binary mode—Used to transfer image files, such as .app, .bin, and .btm files.
· ASCII mode—Used to transfer text files, such as .txt, .bat, and .cfg files.
By default, the FTP server uses ASCII mode.
FTP can operate in either of the following modes:
· Active mode (PORT)—The FTP server initiates the TCP connection. This mode is not suitable when the FTP client is behind a firewall, for example, when the FTP client resides in a private network.
· Passive mode (PASV)—The FTP client initiates the TCP connection. This mode is not suitable when the server does not allow the client to use a random unprivileged port greater than 1024.
The device can act as the FTP server or FTP client. Make sure the FTP server and the FTP client can reach each other before establishing the FTP connection.
Figure 1 FTP application scenario
Using the device as an FTP server
Perform the configuration tasks in this section to configure the device as an FTP server.
Configuring basic parameters
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable the FTP server. |
ftp server enable |
By default, the FTP server is disabled. |
|
3. (Optional.) Use an ACL to control access to the FTP server. |
ftp server acl { acl-number | ipv6 acl-number6 } |
By default, no ACL is used for access control. |
|
4. (Optional.) Configure the idle-timeout interval. |
ftp timeout minutes |
The default idle-timeout interval is 30 minutes. If no data is transferred between the FTP server and FTP client within the idle-timeout interval, the connection is terminated. |
Configuring authentication and authorization
Perform this task on the FTP server to authenticate FTP clients and set the authorized directories that authenticated clients can access.
The following authentication modes are available:
· Local authentication—The device looks up the client's username and password in the local user account database. If a match is found, authentication succeeds.
· Remote authentication—The device sends the client's username and password to a remote authentication server for authentication. The user account is configured on the remote authentication server rather than the device.
The following authorization modes are available:
· Local authorization—The device assigns authorized directories to FTP clients based on the locally configured authorization attributes.
· Remote authorization—A remote authorization server assigns authorized directories on the device to FTP clients.
For information about configuring authentication and authorization, see Security Configuration Guide.
Manually releasing FTP connections
|
Task |
Command |
|
Manually release FTP connections. |
·
Release the FTP connection established
using a specific user account: ·
Release the FTP
connection to a specific IP address: |
Displaying and maintaining the FTP server
Execute display commands in any view.
|
Task |
Command |
|
Display FTP server configuration and status information. |
display ftp-server |
|
Display detailed information about online FTP users. |
display ftp-user |
FTP server configuration example in standalone mode
Network requirements
Create a local user account with username abc and password 123456 on the FTP server. Use the user account to log in to the FTP server from the FTP client, upload the file temp.bin from the FTP client to the FTP server, and download the configuration file startup.cfg from the FTP server to the FTP client for backup.
Configuration procedure
1. Configure IP addresses as shown in Figure 2, and make sure the device and PC can reach other. (Details not shown.)
2. Configure the device (FTP server):
# Create a local user account abc, set the password to 123456, the user role to network-admin, the working directory to the Flash root directory of the active MPU, and the service type to FTP.
<Sysname> system-view
[Sysname] local-user abc class manage
[Sysname-luser-manage-abc] password simple 123456
[Sysname-luser-manage-abc] authorization-attribute work-directory flash:/
[Sysname-luser-manage-abc] authorization-attribute user-role network-admin
[Sysname-luser-manage-abc] service-type ftp
[Sysname-luser-manage-abc] quit
// To set the working directory to the Flash root directory of the standby MPU, replace flash:/ in the authorization-attribute command with slot1#flash:/. For more information about user roles, see Security Configuration Guide.
# Enable the FTP server.
[Sysname] ftp server enable
[Sysname] quit
# Examine the storage space for space insufficiency and delete unused files for more free space.
<Sysname> dir
Directory of flash:
0 -rw- 0 Sep 27 2010 14:43:34 kernel.bin
1 -rw- 0 Sep 27 2010 14:43:34 base.bin
2 drw- - Jun 29 2011 18:30:38 logfile
3 drw- - Jun 21 2011 14:51:38 diagfile
4 drw- - Jun 21 2011 14:51:38 seclog
5 -rw- 2943 Jul 02 2011 08:03:08 startup.cfg
6 -rw- 63901 Jul 02 2011 08:03:08 startup.mdb
7 -rw- 716 Jun 21 2011 14:58:02 hostkey
8 -rw- 572 Jun 21 2011 14:58:02 serverkey
9 -rw- 6541264 Aug 04 2011 20:40:49 backup.bin
473664 KB total (467080 KB free)
<Sysname> delete /unreserved flash:/backup.bin
3. Perform FTP operations from the PC (FTP client):
# Log in to the FTP server at 1.1.1.1 using the username abc and password 123456.
c:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
331 Password required for abc.
Password:
230 User logged in.
# Use the ASCII mode to download the configuration file startup.cfg from the device to the PC for backup.
ftp> ascii
200 TYPE is ASCII
ftp> get startup.cfg back-startup.cfg
# Use the binary mode to upload the file temp.bin from the PC to the Flash root directory of the active MPU.
ftp> binary
200 Type is Image (Binary)
ftp> put temp.bin
# Exit FTP.
ftp> bye
FTP server configuration example in IRF mode
Network requirements
An IRF fabric that comprises two member devices acts as the FTP server. The slot numbers of the active and standby MPUs on the master and subordinate members are 0 and 1.
Create a local user account with username abc and password 123456 on the FTP server. Use the user account to log in to the FTP server from the FTP client, upload the file temp.bin from the FTP client to the FTP server, and download the configuration file config.cfg from the FTP server to the FTP client for backup.
Configuration procedure
1. Configure IP addresses as shown in Figure 3, and make sure the IRF fabric and the PC can reach each other. (Details not shown.)
2. Configure the FTP server:
# Examine the storage space on the member devices. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files. (Details not shown.)
# Create a local user account abc, set the password to 123456, the user role to network-admin, the working directory to the Flash root directory of the IRF fabric's active MPU, and the service type to FTP.
<Sysname> system-view
[Sysname] local-user abc class manage
[Sysname-luser-manage-abc] password simple 123456
[Sysname-luser-manage-abc] authorization-attribute work-directory flash:/
[Sysname-luser-manage-abc] authorization-attribute user-role network-admin
[Sysname-luser-manage-abc] service-type ftp
[Sysname-luser-manage-abc] quit
// To set the working directory to the Flash root directory of one of the IRF fabric's standby MPU, replace flash:/ in the authorization-attribute command with, for example, chassis2#slot1#flash:/. For more information about user roles, see Security Configuration Guide.
# Enable the FTP server.
[Sysname] ftp server enable
[Sysname] quit
3. Perform FTP operations from the FTP client:
# Log in to the FTP server at 1.1.1.1 using the username abc and password 123456.
c:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User(1.1.1.1:(none)):abc
331 Password required for abc.
Password:
230 User logged in.
# Use the ASCII mode to download the configuration file startup.cfg from the server to the client for backup.
ftp> ascii
200 TYPE is ASCII
ftp> get startup.cfg back-config.cfg
# Use the binary mode to upload the file temp.bin to the Flash root directory of the active MPU of the IRF fabric.
ftp> binary
200 Type is Image (Binary)
ftp> put temp.bin
# Exit FTP.
ftp> bye
Using the device as an FTP client
Perform the configuration in this section to use the device as an FTP client.
Establishing an FTP connection
To access the FTP server, you must establish a connection from the FTP client to the FTP server.
To establish an IPv4 FTP connection:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. (Optional.) Specify a source IP address for outgoing FTP packets. |
ftp client source { interface interface-type interface-number | ip source-ip-address } |
By default, no source IP address is specified, and the primary IP address of the output interface is used as the source IP address. |
|
3. Return to user view. |
quit |
N/A |
|
4. Log in to the FTP server. |
·
(Approach 1) Log in to the FTP
server directly in user view: · (Approach 2) Log in to the FTP server in FTP client view: a. ftp b. open server-address [ service-port ] |
Use either approach. The source IP address specified in the ftp command takes precedence over the one set by the ftp client source command. |
To establish an IPv6 FTP connection:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. (Optional.) Specify the source IPv6 address for FTP packets sent by the FTP client. |
ftp client ipv6 source { interface interface-type interface-number | ipv6 source-ipv6-address } |
By default, no source IPv6 address is specified. The source address is automatically selected as defined in RFC 3484. |
|
3. Return to user view. |
quit |
N/A |
|
4. Log in to the FTP server. |
·
Log in to the FTP server
directly in user view: · Log in to the FTP server in FTP client view: a. ftp ipv6 b. open server-address [ service-port ] |
Use either approach. The source IP address specified in the ftp ipv6 command takes precedence over the one set by the ftp client ipv6 source command. |
Managing directories on the FTP server
|
Task |
Command |
|
Display directory and file information on the FTP server. |
·
Display the detailed information
of a directory or file on the FTP server: ·
Display the name of a directory
or file on the FTP server: |
|
Change the working directory on the FTP server. |
cd { directory | .. | / } |
|
Return to the upper level directory on the FTP server. |
cdup |
|
Display the working directory that is being accessed. |
pwd |
|
Create a directory on the FTP server. |
mkdir directory |
|
Remove the specified working directory on the remote FTP server. |
rmdir directory |
Working with files on the FTP server
After you log in to the server, you can upload a file to or download a file from the authorized directory by following these steps:
1. Use the dir or ls command to display the directory and location of the file on the FTP server.
2. Delete unused files to get more free storage space.
3. Set the file transfer mode to ASCII for text files or binary for image files.
4. Use the lcd command to change the local working directory of the FTP client. You can upload the file or save the downloaded file in this directory.
5. Upload or download the file.
To work with files on an FTP server, execute the following commands in FTP client view:
|
Task |
Command |
Remarks |
|
Display directory or file information on the FTP server. |
·
Display the
detailed information of a directory or file on the FTP server: ·
Display the name of a directory
or file on the FTP server: |
N/A |
|
Delete the specified file on the FTP server permanently. |
delete remotefile |
N/A |
|
Set the file transfer mode to ASCII. |
ascii |
The default file transfer mode is ASCII. |
|
Set the file transfer mode to binary. |
binary |
The default file transfer mode is ASCII. |
|
Set the FTP operation mode to passive. |
passive |
The default mode is passive. |
|
Display or change the local working directory of the FTP client. |
lcd [ directory | / ] |
N/A |
|
Upload a file to the FTP server. |
put localfile [ remotefile ] |
N/A |
|
Download a file from the FTP server. |
get remotefile [ localfile ] |
N/A |
|
Add the content of a file on the FTP client to a file on the FTP server. |
append localfile [ remotefile ] |
N/A |
|
Specify the retransmit marker. |
restart marker |
Use this command together with the put, get, or append command. |
|
Update the local file. |
newer remotefile |
N/A |
|
Get the missing part of a file. |
reget remotefile [ localfile ] |
N/A |
|
Rename the file. |
rename [ oldfilename [ newfilename ] ] |
N/A |
Switching to another user account
After you log in to the FTP server with one user account, you can switch to another user account to get a different privilege without reestablishing the FTP connection. You must correctly enter the new username and password. A wrong username or password can cause the FTP connection to disconnect.
To switch to another user account, execute the following command in user view:
|
Task |
Command |
|
Switch to another user account. |
user username [ password ] |
Maintaining and troubleshooting the FTP connection
|
Task |
Command |
Remarks |
|
Display FTP commands on the FTP server. |
rhelp |
N/A |
|
Display FTP commands help information on the FTP server. |
rhelp protocol-command |
N/A |
|
Display FTP server status. |
rstatus |
N/A |
|
Display the detailed information of a specified directory or file on the FTP server. |
rstatus remotefile |
N/A |
|
Display FTP connection status. |
status |
N/A |
|
Display the system information of the FTP server. |
system |
N/A |
|
Enable or disable FTP operation information display. |
verbose |
By default, this function is enabled. |
|
Enable or disable FTP client debugging. |
debug |
By default, FTP client debugging is disabled. |
|
Clear the reply information in the buffer. |
reset |
N/A |
Terminating the FTP connection
|
Task |
Command |
Remarks |
|
Terminate the connection to the FTP server without exiting FTP client view. |
· disconnect · close |
Use either command in FTP client view. |
|
Terminate the connection to the FTP server and return to user view. |
· bye · quit |
Use either command in FTP client view. |
Displaying command help information
To display command help information after you log in to the server:
|
Task |
Command |
Remarks |
|
Display command help information |
· help [ command-name ] · ? [ command-name ] |
Use either command. |
Displaying and maintaining FTP client
Execute the display command in any view.
|
Task |
Command |
|
Display source IP address information on the FTP client |
display ftp client source |
FTP client configuration example in standalone mode
Network requirements
· Use the device as the FTP client and the PC as the FTP server.
· Log in to the FTP server from the FTP client using the user account with username abc and password 123456 (which has been created on the PC).
· Download the file temp.bin from the PC to the device, and upload the configuration file startup.cfg from the device to the PC for backup.
Configuration procedure
# Configure IP addresses as shown in Figure 4 and make sure the device and PC can reach each other. (Details not shown.)
# Examine the storage space of the device. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files. (Details not shown.)
# Log in to the FTP server at 10.1.1.1 using the username abc and password 123456.
<Sysname> ftp 10.1.1.1
Connected to 10.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User (10.1.1.1:(none)): abc
331 Give me your password, please
Password:
230 Logged in successfully
Remote system type is MSDOS.
ftp>
# Set the file transfer mode to binary.
ftp> binary
200 Type is Image (Binary)
# Download the file temp.bin from the PC to the Flash root directory of the active MPU.
ftp> get temp.bin
227 Entering Passive Mode (192,168,3,51,6,167)
150 "D:\TEST\temp.bin" file ready to send (439291 bytes) in IMAGE / Binary mode
226 Transfer finished successfully.
439291 bytes received in 1.08 seconds (395.6 kbyte/s)
# Download the file temp.bin from the PC to the Flash root directory of the standby MPU (in slot 1).
ftp> get temp.bin slot1#flash:/temp.bin
# Set the file transfer mode to ASCII and upload the configuration file startup.cfg from the device to the PC for backup.
ftp> ascii
200 TYPE is ASCII
ftp> put startup.cfg back-startup.cfg
227 Entering Passive Mode (192,168,3,51,7,100)
150 "D:\test\startup.cfg" file ready to receive in ASCII mode
226 Transfer finished successfully.
2749 bytes sent in 0.000284 seconds (9.23 Mbyte/s)
ftp> bye
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
<Sysname>
FTP client configuration example in IRF mode
Network requirements
· Use the IRF fabric that comprises two member devices as the FTP client and the PC as the FTP server.
· Log in to the FTP server from the FTP client using the user account with username abc and password 123456 (which has been created on the PC).
· Download the file temp.bin from the FTP server to the FTP client, and upload the configuration file config.cfg from the FTP client to the FTP server for backup.
Configuration procedure
# Configure IP addresses for devices and make sure they can reach other. (Details not shown.)
# Examine the storage space on the member devices. If the free space is insufficient, use the delete/unreserved file-url command to delete unused files. (Details not shown.)
# Log in to the FTP server using the username abc and password 123456.
<Sysname> ftp 10.1.1.1
Connected to 10.1.1.1.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User (10.1.1.1:(none)): abc
331 Give me your password, please
Password:
230 Logged in successfully
Remote system type is MSDOS.
ftp>
# Set the file transfer mode to binary.
ftp> binary
200 Type is Image (Binary)
# Download the file temp.bin from the PC to the Flash root directory of the IRF fabric's active MPU.
ftp> get temp.bin
227 Entering Passive Mode (192,168,3,51,6,167)
150 "D:\TEST\temp.bin" file ready to send (439291 bytes) in IMAGE / Binary mode
226 Transfer finished successfully.
439291 bytes received in 1.08 seconds (395.6 kbyte/s)
# Download the file temp.bin from the PC to the Flash root directory of the IRF fabric's standby MPUs. (In this example the IRF fabric has three standby MPUs: one in slot 1 of member device 1, one in slot 0 of member device 2, and one in slot 1 of member device 2.)
ftp> get temp.bin chassis1#slot1#flash:/temp.bin
ftp> get temp.bin chassis2#slot0#flash:/temp.bin
ftp> get temp.bin chassis2#slot1#flash:/temp.bin
# Upload the configuration file startup.cfg from the IRF fabric to the PC for backup.
ftp> ascii
200 Type is ASCII
ftp> put startup.cfg back-config.cfg
227 Entering Passive Mode (192,168,3,51,7,100)
150 "D:\test\startup.cfg" file ready to receive in ASCII mode
226 Transfer finished successfully.
2749 bytes sent in 0.000284 seconds (9.23 Mbyte/s)
ftp> bye
221 Windows FTP Server (WFTPD, by Texas Imperial Software) says goodbye
<Sysname>
Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy. TFTP is suited for reliable network environments.
The device can only operate as a TFTP client. You can upload a file from the device to the TFTP server or download a file from the TFTP server to the device. If you download a file with a file name that exists in the target directory, the device deletes the existing file and saves the new one. If file download fails due to network disconnection or other reasons, the original file cannot be restored. Therefore, use a nonexistent file name instead.
Figure 6 TFTP application scenario
Configuring the device as an IPv4 TFTP client
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. (Optional.) Use an ACL to control the client's access to TFTP servers. |
tftp-server acl acl-number |
By default, no ACL is used for access control. |
|
3. Specify the source IP address for TFTP packets sent by the TFTP client. |
tftp client source { interface interface-type interface-number | ip source-ip-address } |
By default, no source IP address is specified, and the primary IP address of the output interface is used as the source IP address. |
|
4. Return to user view. |
quit |
N/A |
|
5. Download or upload a file in an IPv4 network. |
tftp server-address { get | put } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ip source-ip-address } ] |
The source IP address specified in this command takes precedence over the one set by the tftp client source command. Use this command in user view. |
Configuring the device as an IPv6 TFTP client
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. (Optional.) Use an ACL to control the client's access to TFTP servers. |
tftp-server ipv6 acl acl-number |
By default, no ACL is used for access control. |
|
3. Specify the source IPv6 address for TFTP packets sent by the TFTP client. |
tftp client ipv6 source { interface interface-type interface-number | ipv6 source-ip-address } |
By default, no source IPv6 address is specified. The source address is automatically selected as defined in RFC 3484. |
|
4. Return to user view. |
quit |
N/A |
|
5. Download or upload a file in an IPv6 network. |
tftp ipv6 tftp-ipv6-server [ -i interface-type interface-number ] { get | put } source-filename [ destination-filename ] [ vpn-instance vpn-instance-name ] [ source { interface interface-type interface-number | ipv6 source-ipv6-address } ] |
The source IP address specified in this command takes precedence over the one set by the tftp client ipv6 source command. Use this command in user view. |
