06-FTP and TFTP Configuration
Chapters Download (169.3 KB)
Table of Contents
Establishing an FTP Connection
Operating the Directories on an FTP Server
Operating the Files on an FTP Server
Using Another Username to Log In to an FTP Server
Maintaining and Debugging an FTP Connection
FTP Client Configuration Example
Configuring FTP Server Operating Parameters
Configuring Authentication and Authorization on the FTP Server
FTP Server Configuration Example
Displaying and Maintaining FTP
Displaying and Maintaining the TFTP Client
TFTP Client Configuration Example
When configuring FTP, go to these sections for information you are interested in:
l Displaying and Maintaining FTP
The File Transfer Protocol (FTP) is an application layer protocol for sharing files between server and client over a TCP/IP network.
FTP uses TCP ports 20 and 21 for file transfer. Port 20 is used to transmit data, and port 21 to transmit control commands. Refer to RFC 959 for details of FTP basic operation.
FTP transfers files in two modes:
l Binary mode: transfers files as raw data, like .app, .bin, and .btm files.
l ASCII mode: transfers files as text, like .txt, .bat, and .cfg files.
FTP adopts the client/server model. Your device can function either as the client or as the server (as shown in Figure 1-1).
l When the device serves as the FTP client, the user first connects to the device from a PC through Telnet or an emulation program, and then executes the ftp command to establish a connection to the remote FTP server and gain access to the files on the server.
l When the device serves as the FTP server, FTP clients (users running the FTP client program) log in to the device to access files on the device (the administrator must configure the IP address of the device as the FTP server IP address before user login).
Figure 1-1 Network diagram for FTP
When the device serves as the FTP client, you need to perform the following configuration:
Table 1-1 Configuration when the device serves as the FTP client
|
Device |
Configuration |
Remarks |
|
Device (FTP client) |
Use the ftp command to establish the connection to the remote FTP server |
If the remote FTP server supports anonymous FTP, the device can log in to it directly; if not, the device must obtain the FTP username and password first to log in to the remote FTP server. |
|
PC (FTP server) |
Enable FTP server on the PC, and configure the username, password, user privilege level, and so on. |
— |
When the device serves as the FTP server, you need to perform the following configuration:
Table 1-2 Configuration when the device serves as the FTP server
|
Device |
Configuration |
Remarks |
|
Device (FTP server) |
Enable the FTP server function |
Disabled by default. You can use the display ftp-server command to view the FTP server configuration on the device. |
|
Configure authentication and authorization |
Configure the username, password, authorized working directory for an FTP user. The device does not support anonymous FTP for security reasons. Therefore, you must use a valid username and password. By default, authenticated users can access the root directory of the device. |
|
|
Configure the FTP server operating parameters |
Parameters such as the FTP connection timeout time |
|
|
PC (FTP client) |
Use the FTP client program to log in to the FTP server. |
You can log in to the FTP server only after you input the correct FTP username and password. |
l The FTP function is available when a reachable route exists between the FTP server and the FTP client.
l When you use IE to log in to the device serving as the FTP server, part of the FTP functions is not available. This is because multiple connections are established during the login process but the device supports only one connection at a time.
Only users with the manage level can use the ftp command to log in to an FTP server, enter FTP client view, and execute directory and file related commands. However, whether the commands can be executed successfully depends on the authorizations of the FTP server.
To access an FTP server, an FTP client must establish a connection with the FTP server. Two ways are available to establish a connection: using the ftp command to establish the connection directly; using the open command in FTP client view.
Source address binding means to configure an IP address on a stable interface such as a loopback interface or Dialer interface, and then use this IP address as the source IP address of an FTP connection. The source address binding function simplifies the configuration of ACL rules and security policies. You just need to specify the source or destination address argument in an ACL rule as this address to filter inbound and outbound packets on the device, ignoring the difference between interface IP addresses as well as the affect of interface statuses. You can configure the source address by configuring the source interface or source IP address. The primary IP address configured on the source interface is the source address of the transmitted packets. The source address of the transmitted packets is selected following these rules:
l If no source address is specified, the FTP client uses the IP address of the interface determined by the matched route as the source IP address to communicate with an FTP server.
l If the source address is specified with the ftp client source or ftp command, this source address is used to communicate with an FTP server.
l If you use the ftp client source command and the ftp command to specify a source address respectively, the source address specified with the ftp command is used to communicate with an FTP server.
The source address specified with the ftp client source command is valid for all FTP connections and the source address specified with the ftp command is valid only for the current FTP connection.
Follow these steps to establish an FTP connection (In IPv4 networking):
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Configure the source address of the FTP client |
ftp client source { interface interface-type interface-number | ip source-ip-address } |
Optional A device uses the IP address of the interface determined by the matched route as the source IP address to communicate with the FTP server by default. |
|
Exit to system view |
quit |
— |
|
Log in to the remote FTP server directly in user view |
ftp [ server-address [ service-port ] [ source { interface interface-type interface-number | ip source-ip-address } ] ] |
Use either approach. The ftp command is available in user view; and the open command is available in FTP client view. |
|
Log in to the remote FTP server indirectly in FTP client view |
ftp |
|
|
open server-address [ service-port ] |
l If no primary IP address is configured on the specified source interface, no FTP connection can be established.
l If you use the ftp client source command to first configure the source interface and then the source IP address of the transmitted packets, the newly configured source IP address will take effect instead of the current source interface, and vice versa.
After the device serving as the FTP client has established a connection with an FTP server (For how to establish an FTP connection, refer to Establishing an FTP Connection.), you can create or delete folders under the authorized directory of the FTP server.
Follow these steps to operate the directories on an FTP server:
|
To do… |
Use the command… |
Remarks |
|
Display detailed information about a directory or file on the remote FTP server |
dir [ remotefile [ localfile ] ] |
Optional |
|
Query a directory or file on the remote FTP server |
ls [ remotefile [ localfile ] ] |
Optional |
|
Change the working directory of the remote FTP server |
cd { directory | .. | / } |
Optional |
|
Exit the current working directory and return to an upper level directory of the remote FTP server |
cdup |
Optional |
|
Display the working directory that is being accessed |
pwd |
Optional |
|
Create a directory on the remote FTP server |
mkdir directory |
Optional |
|
Remove the specified working directory on the remote FTP server |
rmdir directory |
Optional |
After the device serving as the FTP client has established a connection with an FTP server (For how to establish an FTP connection, refer to Establishing an FTP Connection.), you can upload a file to or download a file from the FTP server under the authorized directory of the FTP server by following these steps:
1) Use the dir or ls command to display the directory and the location of the file on the FTP server.
2) Delete useless files for effective use of the storage space.
3) Set the file transfer mode. FTP transmits files in two modes: ASCII and binary. ASCII mode transfers files as text. Binary mode transfers files as raw data.
4) Use the lcd command to display the local working directory of the FTP client. You can upload the file under this directory, or save the downloaded file under this directory.
5) Upload or download the file.
Follow these steps to operate the files on an FTP server:
|
To do… |
Use the command… |
Remarks |
|
Display detailed information about a directory or file on the remote FTP server |
dir [ remotefile [ localfile ] ] |
Optional The ls command displays the name of a directory or file only, while the dir command displays detailed information such as the file size and creation time. |
|
Query a directory or file on the remote FTP server |
ls [ remotefile [ localfile ] ] |
Optional The ls command displays the name of a directory or file only, while the dir command displays detailed information such as the file size and creation time. |
|
Delete the specified file on the remote FTP server permanently |
delete remotefile |
Optional |
|
Set the file transfer mode to ASCII |
ascii |
Optional ASCII by default. |
|
Set the file transfer mode to binary |
binary |
Optional ASCII by default. |
|
Set the data transmission mode to passive |
passive |
Optional Passive by default. |
|
Display the local working directory of the FTP client |
lcd |
Optional |
|
Upload a file to the FTP server |
put localfile [ remotefile ] |
Optional |
|
Download a file from the FTP server |
get remotefile [ localfile ] |
Optional |
After the device serving as the FTP client has established a connection with the FTP server (For how to establish an FTP connection, refer to Establishing an FTP Connection.), you can use another username to log in to the FTP server.
This feature allows you to switch to different user levels without affecting the current FTP connection (namely, the FTP control connection, data connection and connection status are not changed); if you input an incorrect username or password, the current connection will be terminated, and you must return to user view and log in with the ftp command again.
Follow the step below to use another username to log in to the FTP server:
|
To do… |
Use the command… |
Remarks |
|
Use another username to relog in after successfully logging in to the FTP server |
user username [ password ] |
Optional |
After a device serving as the FTP client has established a connection with the FTP server (For how to establish an FTP connection, refer to Establishing an FTP Connection.), you can perform the following operations to locate and diagnose problems encountered in an FTP connection:
|
To do… |
Use the command… |
Remarks |
|
Display the help information of FTP-related commands supported by the remote FTP server |
remotehelp [ protocol-command ] |
Optional |
|
Enable information display in a detailed manner |
verbose |
Optional Enabled by default |
|
Enable FTP related debugging when the device acts as the FTP client |
debugging |
Optional Disabled by default |
After the device serving as the FTP client has established a connection with the FTP server (For how to establish an FTP connection, refer to Establishing an FTP Connection.), you can use any of the following commands to terminate an FTP connection:
|
To do… |
Use the command… |
Remarks |
|
Terminate the connection to the FTP server without exiting FTP client view |
disconnect |
Optional Equal to the close command. |
|
Terminate the connection to the FTP server without exiting FTP client view |
close |
Optional Equal to the disconnect command. |
|
Terminate the connection to the FTP server and return to user view |
bye |
Optional |
|
Terminate the connection to the FTP server and return to user view |
quit |
Optional Available in FTP client view, equal to the bye command. |
l As shown in Figure 1-2, use Device as an FTP client and PC as the FTP server. Their IP addresses are 10.2.1.1/16 and 10.1.1.1/16 respectively. An available route exists between Device and PC.
l Device downloads a startup file from PC for device upgrade, and uploads the configuration file to PC for backup.
l On PC, an FTP user account has been created for the FTP client, with the username being abc and the password being pwd.
Figure 1-2 Network diagram for FTPing a startup file from an FTP server
If the available memory space of the device is not enough, use the fixdisk command to clear the memory or use the delete /unreserved file-url command to delete the files not in use and then perform the following operations.
# Log in to the server through FTP.
<Sysname> ftp 10.1.1.1
Trying 10.1.1.1
Connected to 10.1.1.1
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(10.1.1.1:(none)):abc
331 Give me your password, please
Password:
230 Logged in successfully
# Set the file transfer mode to binary to transmit startup file.
[ftp] binary
200 Type set to I.
# Download the startup file newest.bin from PC to Device.
[ftp] get newest.bin
# Upload the configuration file config.cfg of Device to the server for backup.
[ftp] ascii
[ftp] put config.cfg back-config.cfg
227 Entering Passive Mode (10,1,1,1,4,2).
125 ASCII mode data connection already open, transfer starting for /config.cfg.
226 Transfer complete.
FTP: 3494 byte(s) sent in 5.646 second(s), 618.00 byte(s)/sec.
[ftp] bye
# Specify newest.bin as the main startup file to be used at the next startup.
<Sysname> boot-loader file newest.bin main
# Reboot the device, and the startup file is updated at the system reboot.
<Sysname> reboot
The startup file used for the next startup must be saved under the root directory of the storage medium. You can copy or move a file to the root directory of the storage medium. For the details of the boot-loader command, refer to Device Management Commands in the System Volume.
The FTP server uses one of the two modes to update a file when you upload the file (use the put command) to the FTP server:
l In fast mode, the FTP server starts writing data to the storage medium after a file is transferred to the memory. This prevents the existing file on the FTP server from being corrupted in the event that anomaly, power failure for example, occurs during a file transfer.
l In normal mode, the FTP server writes data to the storage medium while receiving data. This means that any anomaly, power failure for example, during file transfer might result in file corruption on the FTP server. This mode, however, consumes less memory space than the fast mode.
Follow these steps to configure the FTP server:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Enable the FTP server |
ftp server enable |
Required Disabled by default. |
|
Use an ACL to control FTP clients’ access to the device |
ftp server acl acl-number |
Optional By default, no ACL is used to control FTP clients’ access to the device. |
|
Configure the idle-timeout timer |
ftp timeout minutes |
Optional 30 minutes by default. Within the idle-timeout time, if there is no information interaction between the FTP server and client, the connection between them is terminated. |
|
Set the file update mode for the FTP server |
ftp update { fast | normal } |
Optional Normal update is used by default. |
|
Quit to user view |
quit |
— |
|
Manually release the FTP connection established with the specified username |
free ftp user username |
Optional Available in user view |
To allow an FTP user to access certain directories on the FTP server, you need to create an account for the user, authorizing access to the directories and associating the username and password with the account.
The following configuration is used when the FTP server authenticates and authorizes a local FTP user. If the FTP server needs to authenticate a remote FTP user, you need to configure authentication, authorization and accounting (AAA) policy instead of the local user. For detailed configuration, refer to AAA Configuration in the Security Volume.
Follow these steps to configure authentication and authorization for FTP server:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Create a local user and enter its view |
local-user user-name |
Required No local user exists by default, and the system does not support FTP anonymous user access. |
|
Assign a password to the user |
password { simple | cipher } password |
Required |
|
Assign the FTP service to the user |
service-type ftp |
Required By default, the system does not support anonymous FTP access, and does not assign any service. If the FTP service is assigned, the root directory of the device is used by default. |
|
Configure user properties |
authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | vlan vlan-id | work-directory directory-name } * |
Optional By default, the FTP/SFTP users can access the root directory of the device, and the user level is 0. You can change the default configuration by using this command. |
l For more information about the local-user, password, service-type ftp, and authorization-attribute commands, refer to AAA Commands in the Security Volume.
l When the device serves as the FTP server, if the client is to perform the write operations (upload, delete, create, and delete for example) on the device’s file system, the FTP login users must be level 3 users; if the client is to perform other operations, for example, read operation, the device has no restriction on the user level of the FTP login users, that is, any level from 0 to 3 is allowed.
l As shown in Figure 1-3, use Device as an FTP server, and the PC as the FTP client. Their IP addresses are 1.2.1.1/16 and 1.1.1.1/16 respectively. An available route exists between Device and PC.
l PC keeps the updated startup file of the device. Use FTP to upgrade the device and back up the configuration file.
l Set the username to ftp and the password to pwd for the FTP client to log in to the FTP server.
Figure 1-3 Upgrading using the FTP server
1) Configure Device (FTP Server)
# Create an FTP user account ftp, set its password to pwd and the user privilege level to level 3 (the manage level). Authorize ftp’s access to the root directory of the flash, and specify ftp to use FTP.
<Sysname> system-view
[Sysname] local-user ftp
[Sysname-luser-ftp] password simple pwd
[Sysname-luser-ftp] authorization-attribute level 3
[Sysname-luser-ftp] authorization-attribute work-directory flash:/
[Sysname-luser-ftp] service-type ftp
[Sysname-luser-ftp] quit
# Enable FTP server.
[Sysname] ftp server enable
[Sysname] quit
# Check files on your device. Remove those redundant to ensure adequate space for the startup file to be uploaded.
<Sysname> dir
Directory of flash:/
0 drw- - Dec 07 2005 10:00:57 filename
1 drw- - Jan 02 2006 14:27:51 logfile
2 -rw- 1216 Jan 02 2006 14:28:59 config.cfg
3 -rw- 1216 Jan 02 2006 16:27:26 back.cfg
253568 KB total (2511 KB free)
<Sysname> delete /unreserved flash:/back.cfg
2) Configure the PC (FTP Client)
# Log in to the FTP server through FTP.
c:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User(1.1.1.1:(none)):abc
331 Password required for abc.
Password:
230 User logged in.
# Download the configuration file config.cfg of the device to the PC for backup.
ftp> get config.cfg back-config.cfg
# Upload the configuration file newest.bin to Device.
ftp> put newest.bin
ftp> bye
l You can take the same steps to upgrade configuration file with FTP. When upgrading the configuration file with FTP, put the new file under the root directory of the storage medium.
l After you finish upgrading the Boot ROM program through FTP, you must execute the bootrom update command to upgrade the Boot ROM.
3) Upgrade Device
# Specify newest.bin as the main startup file to be used at the next startup.
<Sysname> boot-loader file newest.bin main
# Reboot the device and the startup file is updated at the system reboot.
<Sysname> reboot
l You can take the same steps to upgrade configuration file with FTP. When upgrading the configuration file with FTP, put the new file under the root directory of the storage medium.
l After you finish upgrading the Boot ROM program through FTP, you must execute the bootrom update command to upgrade the Boot ROM.
|
To do… |
Use the command… |
Remarks |
|
Display the configuration of the FTP client |
display ftp client configuration |
Available in any view |
|
Display the configuration of the FTP server |
display ftp-server |
Available in any view |
|
Display detailed information about logged-in FTP users |
display ftp-user |
Available in any view |
When configuring TFTP, go to these sections for information you are interested in:
l Displaying and Maintaining the TFTP Client
l TFTP Client Configuration Example
The Trivial File Transfer Protocol (TFTP) provides functions similar to those provided by FTP, but it is less complex than FTP in interactive access interface and authentication. Therefore, it is more suitable in environments where complex interaction is not needed between client and server.
TFTP uses the UDP port 69 for data transmission. For TFTP basic operation, refer to RFC 1986.
In TFTP, file transfer is initiated by the client.
l In a normal file downloading process, the client sends a read request to the TFTP server, receives data from the server, and then sends the acknowledgement to the server.
l In a normal file uploading process, the client sends a write request to the TFTP server, sends data to the server, and receives the acknowledgement from the server.
TFTP transfers files in two modes:
l Binary mode for program file transmission, like files with the suffixes .app, .bin, or .btm.
l ASCII mode for text file transmission, like files with the suffixes .txt, .bat, or .cfg.
Only the TFTP client service is available with your device at present.
Figure 2-1 TFTP configuration diagram
Before using TFTP, the administrator needs to configure IP addresses for the TFTP client and server, and make sure that there is a reachable route between the TFTP client and server.
When the device serves as the TFTP client, you need to perform the following configuration:
Table 2-1 Configuration when the device serves as the TFTP client
|
Device |
Configuration |
Remarks |
|
Device (TFTP client) |
l Configure the IP address and routing function, and ensure that the route between the device and the TFTP server is available. l Use the tftp command to establish a connection to the remote TFTP server to upload/download files to/from the TFTP server |
— |
|
PC (TFTP server) |
Enable TFTP server on the PC, and configure the TFTP working directory. |
— |
When a device acts as a TFTP client, you can upload a file on the device to a TFTP server and download a file from the TFTP server to the local device. You can use either of the following ways to download a file:
l Normal download: The device writes the obtained file to the storage medium directly. In this way, if you use a filename that exists in the directory, the original system file will be overwritten and if file download fails (for example, due to network disconnection), the device cannot start up normally because the original system file has been deleted.
l Secure download: The device saves the obtained file to its memory and does not write it to the storage medium until the whole file is obtained. In this way, if file download fails (for example, due to network disconnection), the device can still start up because the original system file is not overwritten. This mode is more secure but consumes more memory.
You are recommended to use the secure mode or, if you use the normal mode, specify a filename not existing in the current directory as the target filename when downloading the startup file or the startup configuration file.
Source address binding means to configure an IP address on a stable interface such as a loopback interface, and then use this IP address as the source IP address of a TFTP connection. The source address binding function simplifies the configuration of ACL rules and security policies. You just need to specify the source or destination address argument in an ACL rule as this address to filter inbound and outbound packets on the device, ignoring the difference between interface IP addresses as well as the affect of interface statuses. You can configure the source address by configuring the source interface or source IP address. The primary IP address configured on the source interface is the source address of the transmitted packets. The source address of the transmitted packets is selected following these rules:
l If no source address of the TFTP client is specified, a device uses the IP address of the interface determined by the matched route as the source IP address to communicate with a TFTP server.
l If the source address is specified with the tftp client source or tftp command, this source address is adopted.
l If you use the tftp client source command and the tftp command to specify a source address respectively, the source address configured with the tftp command is used to communicate with a TFTP server.
The source address specified with the tftp client source command is valid for all TFTP connections and the source address specified with the tftp command is valid only for the current tftp connection.
Follow these steps to configure the TFTP client:
|
To do… |
Use the command… |
Remarks |
|
Enter system view |
system-view |
— |
|
Use an ACL to control the device’s access to TFTP servers |
tftp-server acl acl-number |
Optional By default, no ACL is used to control the device’s access to TFTP servers. |
|
Configure the source address of the TFTP client |
tftp client source { interface interface-type interface-number | ip source-ip-address } |
Optional A device uses the source address determined by the matched route to communicate with the TFTP server by default. |
|
Return to user view |
quit |
— |
|
Download or upload a file in an IPv4 network |
tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ] |
Optional Available in user view |
l If no primary IP address is configured on the source interface, no TFTP connection can be established.
l If you use the ftp client source command to first configure the source interface and then the source IP address of the packets of the TFTP client, the new source IP address will overwrite the current one, and vice versa.
|
To do… |
Use the command… |
Remarks |
|
Display the configuration of the TFTP client |
display tftp client configuration |
Available in any view |
l As shown in Figure 2-2, use a PC as the TFTP server and Device as the TFTP client. Their IP addresses are 1.2.1.1/16 and 1.1.1.1/16 respectively. An available route exists between Device and PC.
l Device downloads a startup file from PC for upgrading and uploads a configuration file named config.cfg to PC for backup.
Figure 2-2 Smooth upgrading using the TFTP client function
1) Configure PC (TFTP Server), the configuration procedure is omitted.
l On the PC, enable the TFTP server
l Configure a TFTP working directory
2) Configure Device (TFTP Client)
If the available memory space of the device is not enough, use the fixdisk command to clear the memory or use the delete /unreserved file-url command to delete the files not in use and then perform the following operations.
# Enter system view.
<Sysname> system-view
# Download application file newest.bin from PC.
<Sysname> tftp 1.2.1.1 get newest.bin
# Upload a configuration file config.cfg to the TFTP server.
<Sysname> tftp 1.2.1.1 put config.cfg configback.cfg
# Specify newest.bin as the main startup file to be used at the next startup.
<Sysname> boot-loader file newest.binbbb.bin main
# Reboot the device and the software is upgraded.
<Sysname> reboot
The startup file used for the next startup must be saved under the root directory of the storage medium. You can copy or move a file to the root directory of the storage medium. For the details of the boot-loader command, refer to Device Management Commands in the System Volume.
