Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-FTP and TFTP configuration | 154.08 KB |
Using the device as an FTP client
Establishing an FTP connection
Setting the DSCP value for IP to use for outgoing FTP packets
Managing directories on the FTP server
Working with the files on the FTP server
Switching to another user account
Maintaining and troubleshooting the FTP connection
Terminating the FTP connection
FTP client configuration example
Using the device as an FTP server
Configuring authentication and authorization
FTP server configuration example
Displaying and maintaining FTP
Using the device as a TFTP client
Displaying and maintaining the TFTP client
TFTP client configuration example
File Transfer Protocol (FTP) is an application layer protocol based on the client/server model. It is used to transfer files from one host to another over a TCP/IP network.
FTP server uses TCP port 20 to transfer data and TCP port 21 to transfer control commands. For more information about FTP, see RFC 959.
FTP supports the following transfer modes:
· Binary mode—Used to transfer image files, such as .bin, and .btm files.
· ASCII mode—Used to transfer text files, such as .txt, .bat, and .cfg files.
FTP can operate in either of the following modes:
· Active mode (PORT)—The FTP server initiates the TCP connection. This mode is not suitable when the FTP client is behind a firewall, for example, when the FTP client resides in a private network.
· Passive mode (PASV)—The FTP client initiates the TCP connection. This mode is not suitable when the server does not allow the client to use a random unprivileged port greater than 1024.
The FTP operation mode varies depending on the FTP client program.
The device can act as the FTP client or FTP server.
Figure 1 FTP application scenario
Using the device as an FTP client
To connect to an FTP server or enter FTP client view, make sure the following requirements are met:
· You have level-3 (Manage) user privileges on the device. In FTP client view, whether a directory or file management command can be successfully executed depends on the authorization set on the FTP server.
· The device and the FTP server can reach each other.
· You have a user account (including the username, password, and authorization) on the FTP server. If the FTP server supports anonymous FTP, you can directly access the FTP server without a username and password.
Establishing an FTP connection
To access an FTP server, use the ftp command in user view or use the open command in FTP client view to establish a connection to the FTP server.
You can use the ftp client source command to specify a source IP address or source interface for the FTP packets sent by the device. If a source interface (typically a loopback interface) is specified, its primary IP address is used as the source IP address for the FTP packets sent by the device. The source interface setting and the source IP address setting overwrite each other.
The ftp client source command setting applies to all FTP sessions. When you set up an FTP session using the ftp command, you can also specify a different source IP address for the FTP session.
|
|
IMPORTANT: To avoid FTP connection failures, when you specify a source interface for FTP packets, make sure the interface has been assigned a primary IP address. |
To establish an FTP connection:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Specify a source IP address for outgoing FTP packets. |
ftp client source { interface interface-type interface-number | ip source-ip-address } |
Optional. By default, the primary IP address of the output interface is used as the source IP address. |
|
3. Return to user view. |
quit |
N/A |
|
4. Log in to the FTP server. |
·
(Method 1) Log in to the FTP server in user view: · (Method 2) Log in to the FTP server in FTP client view: a. ftp b. open server-address [ service-port ] |
Use either method. |
Setting the DSCP value for IP to use for outgoing FTP packets
You can set the DSCP value for IP to use for outgoing FTP packets on an FTP client, so outgoing FTP packets are forwarded based on their priorities on transit devices.
To set the DSCP value for IP to use for outgoing FTP packets:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Set the DSCP value for IP to use for outgoing FTP packets. |
ftp client dscp dscp-value |
The default DSCP value is 0. |
Managing directories on the FTP server
After the device establishes a connection to an FTP server, you can create or delete folders in the authorized directory on the FTP server.
To manage the directories on the FTP server:
|
Task |
Command |
|
Display detailed information about files and directories under the current directory on the FTP server. |
dir [ remotefile [ localfile ] ] |
|
Query a directory or file on the FTP server. |
ls [ remotefile [ localfile ] ] |
|
Change the working directory on the FTP server. |
cd { directory | .. | / } |
|
Return to the upper level directory on the FTP server. |
cdup |
|
Display the current directory on the FTP server. |
pwd |
|
Create a directory on the FTP server. |
mkdir directory |
|
Remove the specified working directory on the FTP server. |
rmdir directory |
Working with the files on the FTP server
After you log in to the server, you can upload a file to or download a file from the authorized directory by following these steps:
1. Use the dir or ls command to display the directory and the location of the file on the FTP server.
2. Delete unused files to get more free storage space.
3. Set the file transfer mode. FTP transmits files in two modes: ASCII and binary. Use ASCII mode to transfer text files. Use binary mode to transfer image files.
4. Use the lcd command to display the local working directory of the FTP client. You can upload the file or save the downloaded file in this directory.
5. Upload or download the file.
To work with the files on the FTP server:
|
Task |
Command |
Remarks |
|
Display detailed information about a directory or file on the FTP server. |
dir [ remotefile [ localfile ] ] |
The ls command displays the name of a directory or file only, while the dir command displays detailed information such as the file size and creation time. |
|
Query a directory or file on the FTP server. |
ls [ remotefile [ localfile ] ] |
The ls command displays the name of a directory or file only, while the dir command displays detailed information such as the file size and creation time. |
|
Delete the specified file on the FTP server permanently. |
delete remotefile |
N/A |
|
Set the file transfer mode to ASCII. |
ascii |
By default, ASCII mode is used. |
|
Set the file transfer mode to binary. |
binary |
By default, ASCII mode is used. |
|
Set the FTP operation mode to passive. |
passive |
By default, passive mode is used. |
|
Display the local working directory of the FTP client. |
lcd |
N/A |
|
Upload a file to the FTP server. |
put localfile [ remotefile ] |
N/A |
|
Download a file from the FTP server. |
get remotefile [ localfile ] |
N/A |
Switching to another user account
After you log in to the FTP server with one user account, you can switch to another user account to get a different privilege without reestablishing the FTP connection. You must correctly enter the new username and password. A wrong username or password can cause the FTP connection to disconnect.
To switch to another user account:
|
Task |
Command |
|
Change the username after FTP login. |
user username [ password ] |
Maintaining and troubleshooting the FTP connection
|
Task |
Command |
Remarks |
|
Display the help information of FTP-related commands on the FTP server. |
remotehelp [ protocol-command ] |
N/A |
|
Enable displaying detailed prompt information received from the server. |
verbose |
Enabled by default. |
|
Enable FTP related debugging when the device acts as the FTP client. |
debugging |
Disabled by default. |
Terminating the FTP connection
To terminate an FTP connection, perform one of the following tasks:
|
Task |
Command |
Remarks |
|
Terminate the FTP connection without exiting FTP client view. |
· disconnect · close |
Use either command in FTP client view. |
|
Terminate the FTP connection and return to user view. |
· bye · quit |
Use either command in FTP client view. |
FTP client configuration example
Network requirements
As shown in Figure 2, the PC is an FTP server. The switching engine and the PC can reach each other. An account with the username switch and password hello is already configured on the FTP server. The working directory for the account is /switch.
Use the switching engine as the FTP client to download the file config.cfg from the FTP server. Specify the downloaded configuration file as the main next-startup configuration file.
Configuration procedure
# Log in to the switching engine. (Details not shown.)
# Determine whether the Flash of the switching engine has enough free space for the downloaded file. If the Flash does not have enough free space, delete unused files to release enough space. (Details not shown.)
# Initiate an FTP connection to the FTP server. Enter the username switch and password hello.
<Switch> ftp 2.2.2.2
Trying ...
Press CTRL+K to abort
Connected.
220 FTP service ready.
User(none):switch
331 Password required for switch.
Password:
230 User logged in.
[ftp]
# Enter the authorized working directory.
[ftp] cd switch
# Download the file config.cfg from the PC.
[ftp] get config.cfg
# Terminate the FTP connection.
[ftp] quit
<Switch>
# Specify the downloaded file as the main next-startup configuration file.
<Switch>startup saved-configuration config.cfg main
Please wait ...
Setting the master board ...
... Done!
After the operation is complete, you can reboot the switching engine to use the configuration file.
Using the device as an FTP server
If the device is operating as an FTP server, make sure the following requirements are met to ensure successful FTP operations:
· The device and the FTP server can reach each other.
· Configure a user account (including the username, password, and authorization) on the device or a remote authentication server for an FTP user. This task is required because the device does not support anonymous FTP for security reasons. By default, authenticated users can access the root directory of the device.
· The FTP user provides the correct username and password.
|
|
NOTE: When you use the Internet Explorer browser to log in to the device operating as an FTP server, some FTP functions are not available. This is because multiple connections are required during the login process but the device supports only one connection at a time. |
Configuring basic parameters
The FTP server uses one of the following modes to update a file when you upload the file (use the put command) to the FTP server:
· Fast mode—The FTP server starts writing data to the Flash after a file is transferred to the memory. This prevents the existing file on the FTP server from being corrupted in the event that anomaly, such as a power failure, occurs during a file transfer.
· Normal mode—The FTP server writes data to the Flash while receiving data. This means that any anomaly, such as a power failure, during file transfer might result in file corruption on the FTP server. This mode, however, consumes less memory space than the fast mode.
To configure basic parameters for the FTP server:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Enable the FTP server. |
ftp server enable |
By default, the FTP server is disabled. |
|
3. Set the DSCP value for IPv4 to use for outgoing FTP packets. |
ftp server dscp dscp-value |
Optional. The default is 0. |
|
4. Use an ACL to control FTP access. |
ftp server acl acl-number |
Optional. By default, no ACL is used for access control. |
|
5. Configure the idle-timeout timer. |
ftp timeout minutes |
Optional. The default idle-timeout timer is 30 minutes. If no data is transferred within the idle-timeout time, the connection is terminated. |
|
6. Set the file update mode for the FTP server. |
ftp update { fast | normal } |
Optional. By default, normal update is used. |
|
7. Return to user view. |
quit |
N/A |
|
8. Release the FTP connection established by a specific user. |
free ftp user username |
Optional. |
Configuring authentication and authorization
Perform this task on the FTP server to authenticate FTP clients and specify the directories that authenticated clients can access.
The following authentication modes are available:
· Local authentication—The device looks up the client's username and password in the local user account database. If a match is found, authentication succeeds.
· Remote authentication—The device sends the client's username and password to a remote authentication server for authentication. If this approach is used, the user account is configured on the remote authentication server rather than the device.
To assign an FTP user write access (including upload, delete, and create) to the device, assign level-3 (Manage) user privileges to the user. For read-only access to the file system, any user privilege level is OK.
For more information, see Security Configuration Guide.
To configure authentication and authorization for the FTP server:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Create a local user account and enter its view. |
local-user user-name |
By default, no authorized local user account exists, and the system does not support FTP anonymous user access. |
|
3. Set a password for the user account. |
password { simple | cipher } password |
N/A |
|
4. Assign FTP service to the user account |
service-type ftp |
By default, no service type is specified. If the FTP service is specified, the root directory of the device is by default used. |
|
5. Configure authorization attributes. |
authorization-attribute { acl acl-number | callback-number callback-number | idle-cut minute | level level | user-profile profile-name | user-role { guest | guest-manager | security-audit } | vlan vlan-id | work-directory directory-name } * |
Optional. By default, the FTP users can access the root directory of the device, and the user level is 0. You can change the default configuration using this command. |
For more information about the local-user, password, service-type ftp, and authorization-attribute commands, see Security Command Reference.
FTP server configuration example
Network requirements
As shown in Figure 3, the switching engine and the PC can reach each other.
Enable the FTP server on the switching engine and configure an account with the username switch and password hello on the FTP server. Use the PC to upload the file config.cfg to the FTP server. Specify the uploaded file as the main next-startup configuration file for the switching engine.
Configuration procedure
1. Enable the FTP server and configure an FTP user account on the switching engine:
# Determine whether the Flash of the switching engine has enough free space for the uploaded file. If the Flash does not have enough free space, delete unused files to release enough space. (Details not shown.)
# Enable the FTP server.
<Switch> system-view
[Switch] ftp server enable
# Create a local user account switch, set the password to hello, and specify the service type as FTP.
[Switch] local-user switch
[Switch-luser-switch] password simple hello
[Switch-luser-switch] service-type ftp
2. Use the PC as the FTP client to upload the file config.cfg to the FTP server:
# Install the FTP client on the PC. In this example, the PC is running Windows XP, which has the FTP client by default.
# Open the command line interface and navigate to the directory where the file config.cfg resides. In this example, the file resides in the root directory. If you are using a different operating system or FTP client program, see the FTP client manual.
c:\>
# Log in to the FTP server by using the username switch and password hello.
C:\> ftp 1.1.1.1
Connected to 1.1.1.1.
220 FTP service ready.
User (1.1.1.1:(none)): switch
331 Password required for switch.
Password:
230 User logged in.
ftp>
# Upload the file config.cfg to the FTP server.
ftp> put config.cfg
200 Port command okay.
150 Opening ASCII mode data connection for config.cfg.
226 Transfer complete.
3. Specify the uploaded file as the main next-startup configuration file on the switching engine.
<Switch>startup saved-configuration config.cfg main
Please wait ...
Setting the master board ...
... Done!
Displaying and maintaining FTP
|
Task |
Command |
Remarks |
|
Display the source IP address configuration of the FTP client. |
display ftp client configuration [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
|
Display the FTP server configuration. |
display ftp-server |
Available in any view. |
|
Display online FTP user information. |
display ftp-user |
Available in any view. |
Trivial File Transfer Protocol (TFTP) is a simplified version of FTP for file transfer over secure reliable networks. TFTP uses UDP port 69 for connection establishment and data transmission. In contrast to TCP-based FTP, TFTP requires no authentication or complex message exchanges, and is easier to deploy.
TFTP supports the following transfer modes:
· Binary mode—Used to transfer image files, such as .app, .bin, and .btm files.
· ASCII mode—Used to transfer text files, such as .txt, .bat, and .cfg files.
The device can operate only as a TFTP client (see Figure 4) to upload or download files.
Figure 4 TFTP application scenario
Prerequisites
Run a TFTP server program on the file host and set a TFTP working directory.
Configure IP addresses and routes to make that the device and the TFTP server can reach each other.
Using the device as a TFTP client
The device provides the following modes for downloading a new file from a TFTP server:
· Normal download—The new file is written directly to Flash and overwrites the old file that has the same name as it. If file download is interrupted, both old and new files are lost.
· Secure download—The new file is downloaded to memory and will not be written to Flash until the whole file is obtained. A download failure does not affect the old file that has the same name as the old file.
To avoid undesired file loss, use the secure download mode. If you use the normal download mode because of insufficient memory, assign the new file a file name unique in Flash.
You can use the tftp client source command to specify a source IP address or source interface for the TFTP packets sent by the device. If a source interface (typically, a loopback interface) is specified, its primary IP address is used as the source IP address for the TFTP packets. The source interface setting and the source IP address setting overwrite each other.
The tftp client source command setting applies to all TFTP sessions. When you set up a TFTP session with the tftp command, you can also specify a different source IP address for the TFTP session.
|
|
IMPORTANT: To avoid TFTP connection failures, when you specify a source interface for TFTP packets, make sure the interface has a primary IP address. |
To configure the TFTP client:
|
Step |
Command |
Remarks |
|
1. Enter system view. |
system-view |
N/A |
|
2. Specify a source IP address for outgoing TFTP packets. |
tftp client source { interface interface-type interface-number | ip source-ip-address } |
Optional. By default, the primary IP address of the output interface is used as the source IP address. |
|
3. Set the DSCP value for IP to use for outgoing TFTP packets. |
tftp client dscp dscp-value |
Optional. The default DSCP value is 0. |
|
4. Return to user view. |
quit |
N/A |
|
5. Download or upload a file. |
tftp server-address { get | put | sget } source-filename [ destination-filename ] [ source { interface interface-type interface-number | ip source-ip-address } ] |
Optional. |
Displaying and maintaining the TFTP client
|
Task |
Command |
Remarks |
|
Display the source IP address configuration of the TFTP client. |
display tftp client configuration [ | { begin | exclude | include } regular-expression ] |
Available in any view. |
TFTP client configuration example
Network requirements
As shown in Figure 5, the PC is a TFTP server. The switching engine and the PC can reach each other.
Use the switching engine as the TFTP client to download the file config.cfg from the TFTP server. Specify the downloaded configuration file as the main next-startup configuration file.
Configuration procedure
1. Configure the PC (the TFTP server):
¡ Enable the TFTP server. (Details not shown.)
¡ Configure a TFTP working directory. (Details not shown.)
2. Configure the switching engine (the TFTP client):
# Log in to the switching engine. (Details not shown.)
# Determine whether the Flash of the switching engine has enough free space for the downloaded file. If the Flash does not have enough free space, delete unused files to release enough space. (Details not shown.)
# Enter system view.
<Switch> system-view
[Switch]
# Download the file config.cfg from the TFTP server.
<Switch> tftp 1.1.1.2 get config.cfg config.cfg
# Specify the file config.cfg as the main next-startup configuration file.
<Switch>startup saved-configuration config.cfg main
Please wait ...
Setting the master board ...
... Done!
After the operation is complete, you can reboot the switching engine to use the configuration file.