No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
File Management Modes

File Management Modes

Users can log in to a device or use the FTP, TFTP, SFTP, or SCP mode to manage files.

The device can function as a server or client to manage files.

  • When the device functions as a server, you can access the device on a terminal to manage files on the device and transfer files between the device and the terminal.
  • When the device functions as a client, you can use the device to manage files on other devices and transfer files between the device and other devices.
NOTE:

In TFTP mode, the device can function only as a client. In FTP, SFTP, or SCP mode, the device can function both as a server and a client.

Table 1-51 describes file management modes and their advantages and disadvantages.

Table 1-51 File management modes
Mode Usage Scenario Advantage Disadvantage
Login to the device

In the scenario of managing directories, and files, log in to the device through the console port, Telnet, or STelnet.This login mode is mandatory for storage device management.

You can log in to the device directly to manage directories and files.

Only files on the local device can be managed. File transfer is not supported.

FTP (File Transfer Protocol)

The FTP mode is applicable to the file transfer scenario with low network security requirements. The FTP mode is widely used in version upgrade.

  • The FTP mode is easy to configure and supports file transfer and operations on directories.
  • The FTP mode supports file transfer between two file systems.
  • The authorization and authentication functions are provided.

In FTP mode, data is transmitted in plain text, causing security risks.

TFTP (Trivial File Transfer Protocol)

On the LAN of a lab, the TFTP mode can be used to load or upgrade versions online. The TFTP mode is applicable to the environment without complicated interactions between a client and a server.

The memory usage in TFTP mode is less than that in FTP mode.

  • In TFTP mode, the device can function only as a client.
  • The TFTP mode supports only file transfer, but does not support interaction.
  • In TFTP mode, data is transmitted in plain text, causing security risks, and no authorization or authentication function is provided.
SFTP (Secure File Transfer Protocol) The SFTP mode is applicable to the scenario with high network security requirements. The SFTP mode is widely used in log download and file backup.
  • Data is encrypted and protected.
  • The SFTP mode supports file transfer and operations on directories.
Configurations are complicated.
SCP (Secure Copy Protocol) The SCP mode is applicable to the highly-efficient file upload and download scenarios with high network security requirements.
  • Data is encrypted and protected.
  • In SCP mode, files are uploaded or downloaded when the client is connected to the server, which is efficient.
Configurations are complicated (similar to SFTP configurations), and interactions are not supported.

The first three file management modes are simple to learn and configure. The following describes the SFTP mode, and SCP mode.

SFTP Mode

As a part of SSH, the SFTP protocol allows remote users to securely log in to the device and perform file management and transmission through the security channel provided by SSH. Therefore, SFTP improves data transmission security. In addition, the device can function as the SSH client to connect to the remote SSH server for the secure file transmission.

SSH security features:

  • Encrypted transmission: When an SSH connection is set up, two devices negotiate an encryption algorithm and a session key to ensure secure communications between them.
  • Public key-based authentication: The device supports the RSA, DSA or ECC authentication mode.
  • Server authentication: The SSH protocol authenticates a server based on the public key to defend against attacks from bogus servers.
  • Interaction data check: The SSH protocol uses the CRC (for SSH1.5) or MD5-based MAC algorithm (for SSH2.0) to check the data integrity and authenticity. This mechanism protects the system from man-in-the-middle attacks.

Establishment of an SSH connection:

  1. Negotiate the SSH version.

    The client and the server negotiate an SSH version by exchanging character strings that specify the SSH version.

  2. Negotiate the algorithm.

    The server and the client negotiate the key exchange algorithm, encryption algorithm, and MAC algorithm for subsequent communications.

  3. Exchange keys.

    Based on the key exchange algorithm, the server and the client obtain the same session key and session ID after calculation.

  4. Authenticate users.

    The client sends an authentication request containing the user identity information to the server. If the authentication succeeds or expires, the client is disconnected from the server.

    The public key-based and password-based authentication modes are supported.

    • In public key-based (RSA, DSA or ECC) authentication mode, the client must generate the RSA, DSA or ECC key and send it to the server. When a user initiates an authentication request, the client program randomly generates a text that is encrypted with the private key and sends it to the server. The server decrypts the text by using the public key. If decryption succeeds, the server considers this user trusted and grants this user access rights. If decryption fails, the client is disconnected from the server.
    • Password-based authentication is implemented by the Authentication, Authorization and Accounting (AAA). Similar to Telnet and FTP, SSH supports local database authentication and remote RADIUS server authentication. The SSH server compares the user name and password of an SSH client with the preset ones. If both are matched, authentication succeeds.
  5. Request a session.

    After user authentication is complete, the client sends a session request to the server. After receiving the request, the server processes it.

  6. Enter the interactive session.

    After the session request is accepted, the SSH connection enters the interactive session mode. In this mode, data is transmitted bidirectionally.

NOTE:

Before an SSH connection is set up, the local key pair (RSA, DSA or ECC key pair) must be generated on the server. The key pair is used to generate the session key and session ID and authenticate the server.This step is the key to SSH server configuration.

SCP Mode

SCP, which is based on the SSH remote file copy function, is used to copy, upload, and download files. The SCP commands are easy to use, improving network maintenance efficiency.

Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 57215

Downloads: 3617

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next