FTP (file transfer protocol) is commonly
used in IP-based networks to transmit files. Before World Wide Web comes into
being, files are transferred through command lines, and the most popular
application is FTP. At present, although E-mail and Web are the usual methods
for file transmission, FTP still has its strongholds.
As an application layer protocol, FTP is
used for file transfer between remote server and local host. FTP uses TCP ports
20 and 21 for data transfer and control command transfer respectively. Basic
FTP operations are described in RFC 959.
FTP-based file transmission is performed in
the following two modes:
l
Binary mode for program file transfer.
l
ASCII mode for text file transfer.
An Ethernet switch can act as an FTP client
or the FTP server in FTP-employed data transmission:
l
FTP server
An Ethernet switch can operate as an FTP
server to provide file transmission services for FTP clients. You can log into a
switch operating as an FTP server by running an FTP client program on your PC to
access files on the FTP server. Before you log into the FTP server, the
administrator must configure an IP address for it.
Table 1-1 describes the configurations needed when a switch operates as an FTP server.
Table 1-1 Configurations
needed when a switch operates as an FTP server
|
Device
|
Configuration
|
Default
|
Description
|
|
Switch
|
Enable the FTP server function
|
The FTP server function is disabled by
default
|
You can run the display ftp-server
command to view the FTP server configuration on the switch.
|
|
Configure the authentication information
on the FTP server
|
—
|
Configure user names and passwords.
|
|
Configure the connection idle time
|
The default idle time is 30 minutes.
|
—
|
|
PC
|
Log into the switch through an FTP client
application.
|
—
|
—
|
Caution:
The FTP-related
functions require that the route between a FTP client and the FTP server is
reachable.
l
FTP client
A switch can operate as an FTP client,
through which you can access files on FTP servers. In this case, you need to
establish a connection between your PC and the switch through a terminal
emulation program or Telnet and then execute the ftp X.X.X.X command on
your PC. (X.X.X.X is the IP address of an FTP server.)
Table 1-2 describes the configurations needed when a switch operates as an FTP client.
Table 1-2 Configurations needed when a
switch operates as an FTP client
|
Device
|
Configuration
|
Default
|
Description
|
|
Switch
|
Run the ftp
command to log into a remote FTP server directly
|
—
|
To log into a remote FTP server and operates
files and directories on it, you need to obtain a user name and password
first.
|
|
FTP server
|
Enable the FTP server and configure the corresponding
information including user names, passwords, and user authorities
|
—
|
—
|
I. Prerequisites
A switch operates as an FTP server. A
remote PC operates as an FTP client. The network operates properly, as shown in
Figure 1-1.
Figure 1-1 Network diagram for FTP
configurations
The following configurations are performed
on the FTP server:
l
Creating local users
l
Setting local user passwords
l
Setting the password display mode for the local
users
l
Configuring service types for the local users
For commands used in these configurations,
refer to the “AAA-RADIUS-HWTACACS” module of this manual for: local-user,
local-user password-display-mode, password, and
service-type.
II. Configuration procedure
Table 1-3 Configure
an FTP server
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable the FTP server function
|
ftp server enable
|
Required
By default, the FTP server function is disabled.
|
|
Set the connection idle time
|
ftp timeout minutes
|
Optional
The default connection idle time is 30
minutes.
|
l
Only one user can access an S3100-52P Ethernet switch
at a given time when the latter operates as an FTP server. FTP services are
implemented in this way: An FTP client sends FTP requests to the FTP server. The
FTP server receives the requests, perform operations accordingly, and return
the results to the FTP client.
l
To prevent unauthorized accesses, an FTP server
disconnects a FTP connection when it does not receive requests from the FTP
client for a specific period of time known as the connection idle time.
l
Operating as an FTP server, an S3100-52P Ethernet
switch cannot receive a file whose size exceeds its storage space. The clients
that attempt to upload such a file will be disconnected with the FTP server due
to lack of storage space on the FTP server.
To use FTP services, a user must provide a
user name and a password for being authenticated by the FTP server.
You can specify the source interface and
source IP address for an FTP server to enhance server security. After this
configuration, FTP clients can access this server only through the IP address
of the specified interface or the specified IP address.
Source interface
refers to the existing VLAN interface or Loopback interface on the device.
Source IP address refers to the IP address configured for the interface on the
device. Each source interface corresponds to a source IP address. Therefore,
specifying a source interface for the FTP server is the same as specifying the
IP address of this interface as the source IP address.
Table 1-4
Specify the source interface and source IP address
for an FTP server
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Specify the source interface for an FTP
server
|
ftp-server
source-interface interface-type
interface-number
|
Optional
|
|
Specifying the source IP address for an
FTP server
|
ftp-server
source-ip ip-address
|
Optional
|
l
The specified interface must be an existing one.
Otherwise a prompt appears to show the configuration fails.
l
The value of argument ip-address must be an
IP address on the device where the configuration is performed. Otherwise a
prompt appears to show the configuration fails.
l
You may specify only one source interface or source
IP address for the FTP at one time. That is, only one of the commands ftp-server
source-interface and ftp-server source-ip can be valid at one time.
If you execute both of them, the new setting will overwrite the original one.
On the FTP server, you can disconnect a
specified user from the FTP server to secure the network.
Table 1-5 Disconnect a specified user
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
On the FTP server, disconnect a specified
user from the FTP server
|
ftp
disconnect user-name
|
Required
|
If you attempt to disconnect
a user that is uploading/downloading data to/from the FTP server that is acted
by an S3100-52P Ethernet switch, the S3100-52P Ethernet switch will disconnect
the user after the data transmission is completed.
V. Displaying FTP server information
After the above
configurations, you can run the display command in any view to display
the running information of the FTP server and verify your configurations.
Table 1-6 Display FTP server information
|
Operation
|
Command
|
Description
|
|
Display
the information about FTP server configurations on a switch
|
display
ftp-server
|
These
commands can be executed in any view.
|
|
Display the
source IP address set for an FTP server
|
display
ftp-server source-ip
|
|
Display the login FTP client on an FTP
server
|
display ftp-user
|
I. Network requirements
A switch operates as an FTP server and a remote
PC as an FTP client.
l
Create a user account on the FTP server with the
user name “switch” and password “hello”.
l
Configure the IP address 1.1.1.1/16 for a VLAN
interface on the switch, and 2.2.2.2/16 for the PC. Ensure the route between
the two is reachable.
The switch application named switch.bin is
stored on the PC. Upload it to the FTP server through FTP to upgrade the
application of the switch, and download the switch configuration file named config.cfg
from the switch to backup the configuration file.
II. Network diagram
Figure
1-2 Network diagram for FTP configurations
III. Configuration procedure
1)
Configure the switch
# Log into the switch. (You can log into a
switch through the Console port or by Telneting to the switch. See the “Login”
module for detailed information.)
<H3C>
# Start the FTP service on the switch and set
the user name and the corresponding password.
<H3C> system-view
[H3C] ftp server enable
[H3C] local-user switch
[H3C-luser-switch] password simple hello
[H3C-luser-switch] service-type ftp
2)
Run an FTP client application on the PC to
connect to the FTP server. Upload the application named switch.bin to the root
directory of the Flash memory of the FTP server, and download the configuration
file named config.cfg from the FTP server. The following takes the command line
window tool provided by Windows as an example:
# Enter the command line window and switch
to the directory where the file switch.bin is located. In this example it is in
the root directory of C:\.
C:\>
# Access the Ethernet switch through FTP.
Input the user name “switch” and password “hello” to
log in and enter FTP view.
C:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User (1.1.1.1:(none)): switch
331 Password required for switch.
Password:
230 User logged in.
ftp>
# Upload the switch.bin file.
ftp> put switch.bin
200 Port command okay.
150 Opening ASCII mode data connection
for switch.bin.
226 Transfer complete.
# Download the config.cfg file.
ftp> get config.cfg
200 Port command okay.
150 Opening ASCII mode data
connection for config.cfg.
226 Transfer complete.
ftp: 3980 bytes received in 8.277
seconds 0.48Kbytes/sec.
This example uses the command line window
tool provided by Windows. When you log into the FTP server through another FTP
client, refer to the corresponding instructions for operation description.
Caution:
l
If available space on the Flash memory of the switch
is not enough to hold the file to be uploaded, you need to delete files from the
Flash memory to make room for the file.
l
H3C series switch is not shipped with FTP client
applications. You need to purchase and install it by yourself.
3)
After uploading the application, you can update
the application on the switch.
# Use the boot boot-loader command to
specify the uploaded file (switch.bin) to be the startup file used when the
switch starts the next time, and restart the switch. Thus the switch application
is upgraded.
<H3C> boot boot-loader switch.bin
<H3C> reboot
For information
about the boot boot-loader command and how to specify the startup file
for a switch, refer to the “System Maintenance and Debugging” module
of this manual.
I. Basic configurations on an FTP
client
The function for a switch to operate as an
FTP client is implemented by an application module built in the switch. Thus a
switch can operate as an FTP client without any configuration. You can perform
FTP-related operations (such as creating/removing a directory) by executing FTP
client commands on a switch operating as an FTP client connecting with the
remote FTP server. Table 1-7 lists the operations that can be performed on an FTP client.
Table 1-7 Basic
configurations on an FTP client
|
Operation
|
Command
|
Description
|
|
Enter FTP
Client view
|
ftp [ cluster | remote-server
[ port-number ] ]
|
—
|
|
Specify to
transfer files in ASCII characters
|
ascii
|
Optional
By
default, files are transferred in ASCII characters.
|
|
Specify to
transfer files in binary streams
|
binary
|
Optional
|
|
Set the
data transfer mode to passive
|
passive
|
Optional
By
default, the passive mode is adopted.
|
|
Change the work directory on the remote
FTP server
|
cd pathname
|
Optional
|
|
Change the work directory to be the
parent directory
|
cdup
|
Optional
|
|
Get the local work path on the FTP client
|
lcd
|
Optional
|
|
Display the work directory on the FTP
server
|
pwd
|
Optional
|
|
Create a directory on the remote FTP
server
|
mkdir pathname
|
Optional
|
|
Remove a directory on the remote FTP
server
|
rmdir pathname
|
Optional
|
|
Delete a specified file
|
delete remotefile
|
Optional
|
|
Query the specified files
|
dir [ filename ] [ localfile ]
|
Optional
|
|
Query a specified remote file
|
ls [ remotefile ] [ localfile ]
|
Optional
|
|
Download a remote file
|
get remotefile [ localfile ]
|
Optional
|
|
Upload a local file to the remote FTP
server
|
put localfile [ remotefile ]
|
Optional
|
|
Rename a file on a remote host.
|
rename remote-source remote-dest
|
Optional
|
|
Switch to another FTP user
|
user username [ password ]
|
Optional
|
|
Connect to a remote FTP server
|
open { ip-address | server-name } [ port
]
|
Optional
|
|
Terminate the current FTP connection without
exiting FTP client view
|
disconnect
|
Optional
|
|
Terminate the current FTP connection without
exiting FTP client view
|
close
|
Optional
|
|
Terminate the current FTP connection and quit
to user view
|
quit
|
Optional
|
|
Terminate the current FTP connection and quit
to user view
|
bye
|
Optional
|
|
Display the on-line help on a specified command
concerning FTP
|
remotehelp [ protocol-command ]
|
Optional
|
|
Enable verbose function
|
verbose
|
Optional
The verbose function is enabled by
default.
|
II. Specifying the source
interface and source IP address for an FTP client
You can specify the source interface and
source IP address for a switch acting as an FTP client, so that it can connect to
a remote FTP server.
Table 1-8
Specify the source interface and source IP address
for an FTP client
|
Operation
|
Command
|
Description
|
|
Specify the source interface only used for
the current connection
|
ftp {
cluster | remote-server } source-interface interface-type
interface-number
|
Optional
|
|
Specify the source IP address only used for
the current connection
|
ftp {
cluster | remote-server } source-ip ip-address
|
Optional
|
|
Enter system view
|
system-view
|
—
|
|
Specify an interface as the fixed source
interface to be used in each connection
|
ftp source-interface interface-type interface-number
|
Optional
|
|
Specify an IP address as the fixed source
IP address to be used in each connection
|
ftp source-ip ip-address
|
Optional
|
|
Display
the fixed source IP address used by a FTP client to connect to a FTP server
|
display
ftp source-ip
|
This command
can be executed in any view.
|
l
The specified interface must be an existing one.
Otherwise a prompt appears to show the configuration fails.
l
The value of argument ip-address must be
the IP address of the device where the configuration is performed. Otherwise a
prompt appears to show the configuration fails.
l
The source interface/source IP address set for
one connection is prior to the fixed source interface/source IP address set for
each connection. That is, for a connection between an FTP client and an FTP
server, if you specify the source interface/source IP address only used for the
connection this time, and the specified source interface/source IP address is
different from the fixed one, the former will be used for the connection this
time.
l
Only one fixed source interface or source IP
address can be set for the FTP client at one time. That is, only one of the commands
ftp source-interface and ftp source-ip can be effective at one
time. If you execute both of them, the new setting will overwrite the original
one.
I. Network requirements
A switch operates as an FTP client and a
remote PC as an FTP server.
l
Create a user account on the FTP server with the
user name “switch” and password “hello”, and authorize
the user “switch” with read and write permissions on the directory
named “Switch” on the PC.
l
Configure the IP address 1.1.1.1/16 for a VLAN
interface on the switch, and 2.2.2.2/16 for the PC. Ensure the route between
the two is reachable.
The switch application named switch.bin is
stored on the PC. Download it to the switch through FTP to upgrade the switch
application, and upload the switch configuration file named config.cfg to the “switch”
directory of the PC to backup the configuration file.
II. Network diagram
Figure 1-3 Network diagram for FTP
configurations
III. Configuration procedure
1)
Perform FTP server–related configurations
on the PC, that is, create a user account on the FTP server with user name “switch”
and password “hello”. (For detailed configuration, refer to the
configuration instruction relevant to the FTP server software.)
2)
Configure the switch.
# Log into the switch. (You can log into a
switch through the Console port or by Telneting to the switch. See the “Login”
module for detailed information.)
<H3C>
Caution:
If available space
on the Flash memory of the switch is not enough to hold the file to be
uploaded, you need to delete files from the Flash memory to make room for the
file.
# Connect to the FTP server using the ftp
command in user view. You need to provide the IP address of the FTP server,
the user name and the password as well.
<H3C> ftp 2.2.2.2
Trying ...
Press CTRL+K to
abort
Connected.
220 WFTPD 2.0 service (by Texas
Imperial Software) ready for new user
User(none):switch
331 Give me your password,
please
Password:*****
230 Logged in successfully
[ftp]
# Enter the authorized directory on the FTP
server.
[ftp] cd switch
# Run the put command to upload the configuration
file named config.cfg to the FTP server.
[ftp] put config.cfg
# Run the get command to download the
file named switch.bin to the Flash memory of the switch.
[ftp] get switch.bin
# Run the quit command to terminate
the FTP connection and quit to user view.
[ftp] quit
<H3C>
# Run the boot boot-loader command
to specify the downloaded file (switch.bin) to be the startup file used when
the switch starts the next time, and then restart the switch. Thus the switch
application is upgraded.
<H3C> boot boot-loader switch.bin
<H3C> reboot
For information
about the boot boot-loader command and how to specify the startup file
for a switch, refer to the “System Maintenance and Debugging”
module of this manual.
1.2 TFTP Configuration
Compared with FTP, TFTP (trivial file transfer
protocol) features simple interactive access interface and no authentication
control. Therefore TFTP is applicable in the networks where client-server
interactions are relatively simple. TFTP is implemented based on UDP. It transfers
data through UDP port 69. Basic TFTP operations are described in RFC1986.
TFTP transmission is initiated by clients,
as described in the following:
l
To download a file, a client sends Read Request
packets to the TFTP server, then receives data from the TFTP server, and sends acknowledgement
packets to the TFTP server.
l
To upload a file, a client sends Write Request
packets to the TFTP server, then sends data to the TFTP server, and receives acknowledgement
packets from the TFTP server.
TFTP-based file transmission can be
performed in the following modes:
l
Binary mode for program files transfer.
l
ASCII mode for text files transfer.
l
Before performing TFTP-related configurations, you
need to configure IP addresses for the TFPT client and the TFTP server, and make
sure the route between the two is reachable.
l
A switch can only operate as a TFTP client.
Figure 1-4 Network diagram for TFTP configuration
Table 1-9 describes the operations needed when a switch operates as a TFTP client.
Table 1-9 Configurations
needed when a switch operates as a TFTP client
|
Device
|
Configuration
|
Default
|
Description
|
|
Switch
|
Configure an IP address for the VLAN
interface of the switch and make sure the route between the IP address of the
VLAN interface and that of the TFTP server is reachable.
|
—
|
TFTP applies to networks where
client-server interactions are comparatively simple. It requires the routes
between TFTP clients and TFTP servers are reachable.
|
|
You can log into a TFTP server directly to
upload or download files through TFTP commands.
|
—
|
—
|
|
TFTP server
|
The TFTP server is started and the TFTP
work directory is configured.
|
—
|
—
|
I. Prerequisites
A switch operates as a TFTP client and a
remote PC as the TFTP server. The network operates properly, as shown in Figure 1-4.
II. Basic TFTP configurations
Table 1-10 Basic TFTP configurations
|
Operation
|
Command
|
Description
|
|
Download a file through TFTP
|
tftp tftp-server get source-file [ dest-file ]
|
Optional
|
|
Upload a file through TFTP
|
tftp tftp-server put source-file [ dest-file ]
|
Optional
|
|
Enter system view
|
system-view
|
—
|
|
Set the TFTP file transmission mode
|
tftp { ascii | binary }
|
Optional
By default, the binary file transmission
mode is adopted.
|
|
Specify the ACL adopted when a switch
attempts to connect a TFTP server
|
tftp-server acl
acl-number
|
Optional
|
III. Specifying the source
interface and source IP address for a TFTP client
You can specify the source interface and
source IP address for a switch operating as a TFTP client, so that it can connect
with a remote TFTP server through the IP address of the specified interface or
the specified IP address.
Table
1-11 Specify the source interface and source IP
address for a TFTP client
|
Operation
|
Command
|
Description
|
|
Specify the source interface only used
for the current connection
|
tftp tftp-server source-interface interface-type
interface-number { get source-file
[ dest-file ] | put source-file-url [ dest-file ]
}
|
Optional
|
|
Specify the source IP address only used for
the current connection
|
tftp tftp-server source-ip ip-address { get source-file [ dest-file ] | put
source-file-url [ dest-file ] }
|
Optional
|
|
Enter system view
|
system-view
|
—
|
|
Specify an interface as the fixed source
interface to be used in each connection
|
tftp source-interface interface-type interface-number
|
Optional
|
|
Specify an IP address as the fixed source
IP address to be used in each connection
|
tftp source-ip ip-address
|
Optional
|
|
Display the fixed source IP address used
by a TFTP client to connect to a TFTP server
|
display tftp source-ip
|
This command can be executed in any view.
|
l
The specified interface must be an existing one,
and otherwise a prompt appears to show the configuration fails.
l
The value of argument ip-address must be
an IP address on the device where the configuration is performed, and otherwise
a prompt appears to show the configuration fails.
l
The source interface/source IP address set for
one connection is prior to the fixed source interface/source IP address set for
each connection. That is, for a connection between a TFTP client and a TFTP
server, if you specify the source interface/source IP address only used for the
connection this time, and the specified source interface/source IP address is
different from the fixed one, the former will be used for the connection this
time.
l
You may specify only one source interface or source
IP address for the TFTP client at one time. That is, only one of the commands tftp
source-interface and tftp source-ip can be effective at one time. If
both commands are configured, the one configured later will overwrite the
original one.
