When configuring FTP and SFTP, go to these
sections for information you are interested in:
l
Introduction
to FTP and SFTP
l
FTP
Configuration
l
SFTP
Configuration
File Transfer Protocol (FTP) is commonly
used in IP-based networks to transmit files. Before World Wide Web comes into
being, files are transferred through command lines, and the most popular
application is FTP. At present, although E-mail and Web are the usual methods
for file transmission, FTP still has its strongholds.
As an application layer protocol, FTP is
used for file transfer between remote server and local client. FTP uses TCP
ports 20 and 21 for data transfer and control command transfer respectively. Basic
FTP operations are described in RFC 959.
FTP-based file transmission is performed in
the following two modes:
l
Binary mode for program file transfer
l
ASCII mode for text file transfer
An H3C S5600 series Ethernet switch can act
as an FTP client or the FTP server in FTP-employed data transmission:
Table 1-1
Roles that an H3C S5600 series Ethernet switch acts
as in FTP
|
Item
|
Description
|
Remarks
|
|
FTP server
|
An
Ethernet switch can operate as an FTP server to provide file transmission
services for FTP clients. You can log in to a switch operating as an FTP
server by running an FTP client program on your PC to access files on the FTP
server.
|
The prerequisite is that a route exists
between the switch and the PC.
|
|
FTP client
|
In this
case, you need to establish a connection between your PC and the switch
through a terminal emulation program or Telnet, execute the ftp X.X.X.X
command on your PC. (X.X.X.X is the IP address of an FTP server or a host
name), and enter your user name and password in turn. A switch can operate as
an FTP client, through which you can access files on the FTP server.
|
l
With an S5600 series Ethernet switch serving as an
FTP server, the seven-segment digital LED on the front panel of the switch
rotates clockwise when an FTP client is uploading files to the FTP server (the
S5600 switch), and stops rotating when the file uploading is finished, as shown
in Figure 1-1.
l
With an S5600 series Ethernet switch serving as
an FTP client, the seven-segment digital LED on the front panel of the switch
rotates clockwise when the FTP client (the S5600 switch) is downloading files from
an FTP server, and stops rotating when the file downloading is finished, as
shown in Figure 1-1.
Figure 1-1 Clockwise rotating of the
seven-segment digital LED
Secure FTP (SFTP) is established based on
an SSH2 connection. It allows a remote user to log in to a switch to manage and
transmit files, providing a securer guarantee for data transmission. In
addition, since the switch can be used as a client, you can log in to remote
devices to transfer files securely.
Complete the following tasks to configure FTP:
Configure the user
name and password for the FTP user and set the service type to FTP. To use FTP
services, a user must provide a user name and password for being authenticated
by the FTP server. Only users that pass the authentication have access to the
FTP server.
Follow these steps to create an FTP user:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Add a local user and enter local user
view
|
local-user user-name
|
Required
By default, no local user is configured.
|
|
Configure a password for the specified
user
|
password {
simple | cipher } password
|
Optional
By default, no password is configured.
|
|
Configure the service type as FTP
|
service-type ftp
|
Required
By default, no service is configured.
|
Follow these steps to enable an FTP
server:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter
system view
|
system-view
|
—
|
|
Enable the
FTP server function
|
ftp
server enable
|
Required
Disabled by
default.
|
l
Only one user can access an H3C S5600 series Ethernet
switch at a given time when the latter operates as an FTP server.
l
Operating as an FTP server, an H3C S5600 series Ethernet
switch cannot receive a file whose size exceeds its storage space. The clients
that attempt to upload such a file will be disconnected with the FTP server due
to lack of storage space on the FTP server.
l
When you log in to a Fabric consisting of
multiple switches through an FTP client, after the FTP client passes
authentication, you can log in to the master device of the Fabric.
l
You cannot access an H3C S5600 series switch
operating as an FTP server through Microsoft Internet Explorer. To do so, use
other client software.
To protect unused
sockets against attacks, the S5600 Ethernet switch provides the following
functions:
l
TCP 21 is enabled only when you start the FTP
server.
l
TCP 21 is disabled when you shut down the FTP
server.
After the idle time is configured, if the
server does not receive service requests from a client within a specified time period,
it terminates the connection with the client, thus preventing a user from occupying
the connection for a long time without performing any operation.
Follow these
steps to configure connection idle time:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter
system view
|
system-view
|
—
|
|
Configure
the connection idle time for the FTP server
|
ftp timeout minutes
|
Optional
30 minutes
by default
|
You can specify the source interface and
source IP address for an FTP server to enhance server security. After this
configuration, FTP clients can access this server only through the IP address
of the specified interface or the specified IP address.
Source interface
refers to the existing VLAN interface or Loopback interface on the device.
Source IP address refers to the IP address configured for the interface on the
device. Each source interface corresponds to a source IP address. Therefore,
specifying a source interface for the FTP server is the same as specifying the
IP address of this interface as the source IP address.
Follow these steps to specify the source
interface and source IP address for an FTP server:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Specify the source interface for an FTP
server
|
ftp-server
source-interface interface-type
interface-number
|
Use either command
Not specified by default.
|
|
Specifying the source IP address for an
FTP server
|
ftp-server
source-ip ip-address
|
l
The specified interface must be an existing one.
Otherwise a prompt appears to show that the configuration fails.
l
The value of the ip-address argument must
be an IP address on the device where the configuration is performed. Otherwise a
prompt appears to show that the configuration fails.
l
You can specify only one source interface or source
IP address for the FTP at one time. That is, only one of the commands ftp-server
source-interface and ftp-server source-ip can be valid at one time.
If you execute both of them, the new setting will overwrite the original one.
l
If the switch (FTP server) is the command switch
or member switch in a cluster, do not use the ftp-server source-ip
command to specify the private IP address of the cluster as the source IP address
of the FTP server. Otherwise, FTP does not take effect.
On the FTP server, you can disconnect a
specified user from the FTP server to secure the network.
Follow these steps
to disconnect a specified user:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
On the FTP server, disconnect a specified
user from the FTP server
|
ftp
disconnect user-name
|
Required
|
With an H3C S5600
series Ethernet switch acting as the FTP server, if a network administrator attempts
to disconnect a user that is uploading/downloading data to/from the FTP server the
S5600 Ethernet switch will disconnect the user after the data transmission is
completed.
Displaying a banner: With a banner
configured on the FTP server, when you access the FTP server through FTP, the
configured banner is displayed on the FTP client. Banner falls into the
following two types:
l
Login banner: After the connection between an
FTP client and an FTP server is established, the FTP server outputs the
configured login banner to the FTP client terminal.
Figure 1-2 Process of displaying a login
banner
l
Shell banner: After the connection between an
FTP client and an FTP server is established and correct user name and password
are provided, the FTP server outputs the configured shell banner to the FTP
client terminal.
Figure 1-3 Process of displaying a shell
banner
Follow these steps to configure the banner
display for an FTP server:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure a login banner
|
header login text
|
Required
Use either command or both.
By default, no banner is configured.
|
|
Configure a shell banner
|
header shell text
|
For details about
the header command, refer to the Login part of the manual.
|
To do…
|
Use the command…
|
Remarks
|
|
Display
the information about FTP server configurations on a switch
|
display
ftp-server
|
Available
in any view
|
|
Display the
source IP address set for an FTP server
|
display
ftp-server source-ip
|
|
Display
the login FTP client on an FTP server
|
display
ftp-user
|
By default a switch can operate as an FTP
client. In this case, you can connect the switch to the FTP server to perform
FTP-related operations (such as creating/removing a directory) by executing
commands on the switch.
Follow these steps to perform basic configurations
on an FTP client:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter FTP client view
|
ftp [ cluster | remote-server [ port-number
] ]
|
—
|
|
Specify to transfer files in ASCII
characters
|
ascii
|
Use either command.
By default, files are transferred in
ASCII characters.
|
|
Specify to transfer files in binary
streams
|
binary
|
|
Set the data transfer mode to passive
|
passive
|
Optional
passive by
default.
|
|
Change the
working directory on the remote FTP server
|
cd pathname
|
Optional
|
|
Change the
working directory to be the parent directory
|
cdup
|
|
Get the
local working path on the FTP client
|
lcd
|
|
Display
the working directory on the FTP server
|
pwd
|
|
Create a
directory on the remote FTP server
|
mkdir pathname
|
|
Remove a
directory on the remote FTP server
|
rmdir pathname
|
|
Delete a
specified file
|
delete remotefile
|
|
Query a specified file on the FTP server
|
dir [ remotefile ] [ localfile
]
|
Optional
If no file name is specified, all the
files in the current directory are displayed.
The difference between these two commands
is that the dir command can display the file name, directory as well
as file attributes; while the Is command can display only the file
name and directory.
|
|
ls [ remotefile ] [ localfile ]
|
|
Download a
remote file from the FTP server
|
get remotefile
[ localfile ]
|
Optional
|
|
Upload a
local file to the remote FTP server
|
put localfile
[ remotefile ]
|
|
Rename a
file on the remote server
|
rename remote-source
remote-dest
|
|
Log in
with the specified user name and password
|
user username
[ password ]
|
|
Connect to
a remote FTP server
|
open { ip-address | server-name
} [ port ]
|
|
Terminate
the current FTP connection without exiting FTP client view
|
disconnect
|
|
close
|
|
Terminate
the current FTP connection and return to user view
|
quit
|
|
bye
|
|
Display
the online help about a specified command concerning FTP
|
remotehelp [ protocol-command
]
|
|
Enable the verbose function
|
verbose
|
Optional
Enabled by default.
|
You can specify the source interface and
source IP address for a switch acting as an FTP client, so that it can connect to
a remote FTP server.
Follow these steps to specify the source
interface and source IP address for an FTP client:
|
To do…
|
Use the command…
|
Remarks
|
|
Specify the source interface used for the
current connection
|
ftp {
cluster | remote-server } source-interface interface-type
interface-number
|
Optional
|
|
Specify the source IP address used for
the current connection
|
ftp {
cluster | remote-server } source-ip ip-address
|
Optional
|
|
Enter system view
|
system-view
|
—
|
|
Specify an
interface as the source interface the FTP client uses every time it connects
to an FTP server
|
ftp
source-interface interface-type
interface-number
|
Use either
command
Not
specified by default
|
|
Specify an
IP address as the source IP address the FTP client uses every time it
connects to an FTP server
|
ftp
source-ip ip-address
|
|
Display the source IP address used by an
FTP client every time it connects to an FTP server
|
display
ftp source-ip
|
Available
in any view
|
l
The specified interface must be an existing one.
Otherwise a prompt appears to show that the configuration fails.
l
The value of the ip-address argument must
be the IP address of the device where the configuration is performed. Otherwise
a prompt appears to show that the configuration fails.
l
The source interface/source IP address set for
one connection is prior to the fixed source interface/source IP address set for
each connection. That is, for a connection between an FTP client and an FTP
server, if you specify the source interface/source IP address used for the
connection this time, and the specified source interface/source IP address is
different from the fixed one, the former will be used for the connection this
time.
l
Only one fixed source interface or source IP
address can be set for the FTP client at one time. That is, only one of the
commands ftp source-interface and ftp source-ip can be valid at
one time. If you execute both of them, the new setting will overwrite the
original one.
I. Network requirements
A switch operates as an FTP server and a remote
PC as an FTP client. The application switch.bin of the switch is stored
on the PC. Upload the application to the remote switch through FTP and use the boot
boot-loader command to specify switch.bin as the application for
next startup. Reboot the switch to upgrade the switch application and download
the configuration file config.cfg from the switch, thus to back up the
configuration file.
l
Create a user account on the FTP server with the
username switch and password hello.
l
The IP addresses 1.1.1.1 for a VLAN interface on
the switch and 2.2.2.2 for the PC have been configured. Ensure that a route exists
between the switch and the PC.
II. Network diagram
Figure
1-4 Network diagram for FTP configurations: a
switch operating as an FTP server
III. Configuration procedure
1)
Configure Switch A (the FTP server)
# Log in to the switch and enable the FTP
server function on the switch. Configure the user name and password used to
access FTP services, and specify the service type as FTP (You can log in to a
switch through the Console port or by telnetting the switch. See the Login
module for detailed information.)
# Configure the FTP username as switch,
the password as hello, and the service type as FTP.
<Sysname>
<Sysname> system-view
[Sysname] ftp server enable
[Sysname] local-user switch
[Sysname-luser-switch] password
simple hello
[Sysname-luser-switch] service-type
ftp
2)
Configure the PC (FTP client)
Run an FTP client application on the PC to
connect to the FTP server. Upload the application named switch.bin to
the root directory of the Flash memory of the FTP server, and download the
configuration file named config.cfg from the FTP server. The following
takes the command line window tool provided by Windows as an example:
# Enter the command line window and switch
to the directory where the file switch.bin is located. In this example
it is in the root directory of C:\.
C:\>
# Access the Ethernet switch through FTP.
Input the username switch and password hello to log in and enter
FTP view.
C:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User (1.1.1.1:(none)): switch
331 Password required for switch.
Password:
230 User logged in.
ftp>
# Upload file switch.bin.
ftp> put switch.bin
200 Port command okay.
150 Opening ASCII mode data
connection for switch.bin.
226 Transfer complete.
ftp: 75980 bytes received in 5.55
seconds 13.70Kbytes/sec.
# Download file config.cfg.
ftp> get config.cfg
200 Port command okay.
150 Opening ASCII mode data
connection for config.cfg.
226 Transfer complete.
ftp: 3980 bytes received in 8.277
seconds 0.48Kbytes/sec.
This example uses the command line window
tool provided by Windows. When you log in to the FTP server through another FTP
client, refer to the corresponding instructions for operation description.
Caution:
l
If available space on the Flash memory of the
switch is not enough to hold the file to be uploaded, you need to delete files not
in use from the Flash memory to make room for the file, and then upload the
file again. The files in use cannot be deleted. If you have to delete the files
in use to make room for the file to be uploaded, you can only delete/download them
through the Boot ROM menu.
l
H3C series switch is not shipped with FTP client
application software. You need to purchase and install it by yourself.
3)
Configure Switch A (FTP server)
# After uploading the application, use the boot
boot-loader command to specify the uploaded file (switch.bin) to be
the startup file used when the switch starts the next time, and restart the
switch. Thus the switch application is upgraded.
<Sysname> boot boot-loader switch.bin
<Sysname>
reboot
For information about the boot boot-loader command and how to
specify the startup file for a switch, refer to the System Maintenance and
Debugging part of this manual.
I. Network requirements
Configure the Ethernet switch as an FTP
server and the remote PC as an FTP client. After a connection between the FTP
client and the FTP server is established and login succeeds, the banner is
displayed on the FTP client.
l
An FTP user with username switch and the
password hello has been configured on the FTP server.
l
The IP addresses 1.1.1.1 for a VLAN interface on
the switch and 2.2.2.2 for the PC have been configured. Ensure that a route exists
between the switch and the PC.
l
Configure the login banner of the switch as
“login banner appears” and the shell banner as “shell banner
appears”.
II. Network diagram
Figure
1-5 Network diagram for FTP banner display configuration
III. Configuration procedure
1)
Configure the switch (FTP server)
# Configure the login banner of the switch
as “login banner appears” and the shell banner as “shell
banner appears”. For detailed configuration of other network
requirements, see section Configuration
Example: A Switch Operating as an FTP Server.
<Sysname> system-view
