No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
File Management Commands

File Management Commands

activate ftp server ip-block ip-address

Function

The activate ftp server ip-block ip-address command unlocks the IP address of a user that fails the FTP authentication.

Format

activate ftp server ip-block ip-address ip-address [ vpn-instance vpn-name ]

Parameters

Parameter Description Value
ip-address

Specifies a locked IP address.

  • For IPv4 address, the value is in the decimal format.
  • For IPv6 address, the value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
vpn-instance vpn-name

Specifies the name of a VPN to which the locked user belongs.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported. In addition, the VPN instance name must not be _public_. When double quotation marks are used around the string, spaces are allowed in the string.

Views

User view

Default Level

3: Management level

Usage Guidelines

In an FTP connection, if a user enters incorrect passwords for the consecutive times in specified minutes, the IP address of this user will be locked. Run the ftp server ip-block reactive command to set lock period. To unlock the IP address of this user in advance, run activate ftp server ip-block ip-address command.

Example

# Unlock the IP address 10.1.2.3.

<HUAWEI> activate ftp server ip-block ip-address 10.1.2.3

append

Function

The append command adds local file data to the end of a file on the FTP server.

Format

append local-filename [ remote-filename ]

Parameters

Parameter Description Value
local-filename Specifies the local file name. The value is a string of 1 to 128 characters.
remote-filename Specifies the name of a file on the FTP server. If the specified file does not exist on the FTP server, create the file. The value is a string of 1 to 128 characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

If the file specified in the remote-filename parameter does not exist when you run the append command, create the file and add local file data to the end of the created file.

Example

# Add the data of local file sample2.txt to the end of file sample1.txt on the FTP server.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] append sample2.txt sample1.txt
200 Port command okay.                             
150 Opening ASCII mode data connection for /sample1.txt.                             
226 Transfer complete.                                                          
\     100% [***********]                                                        
FTP: 35 byte(s) send in 1.443522666 second(s) 23byte(s)/sec. 

# Add the data of local file a.txt to the end of file a.txt on the FTP server.

[ftp] append a.txt
200 Port command okay.                      
150 Opening ASCII mode data connection for /a.txt.                             
226 Transfer complete.                                                          
\     100% [***********]                                                        
FTP: 35 byte(s) send in 1.443522666 second(s) 23byte(s)/sec. 

ascii

Function

The ascii command sets the file transfer mode to ASCII on an FTP client.

The default file transfer mode is ASCII.

Format

ascii

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Files can be transferred in ASCII or binary mode.

ASCII mode is used to transfer plain text files, and binary mode is used to transfer application files, such as system software, images, video files, compressed files, and database files.

Example

# Set the file transfer mode to ASCII.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] ascii
200 Type set to A.
Related Topics

binary

Function

The binary command sets the file transmission mode to binary on an FTP client.

The default file transfer mode is ASCII.

Format

binary

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Files can be transferred in ASCII or binary mode.

ASCII mode is used to transfer plain text files, and binary mode is used to transfer application files, such as system software, images, video files, compressed files, and database files.

NOTE:

The binary mode can be set to transfer ASCII and binary files.

Example

# Set the file transmission mode to binary.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] binary
200 Type set to I
Related Topics

bye

Function

The bye command terminates the connection with the remote FTP server and enters the user view.

Format

bye

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

This command is equivalent to the quit command.

You can use the close and disconnect commands to terminate the connection with the remote FTP server and retain the FTP client view.

Example

# Terminate the connection with the remote FTP server and enter the user view.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] bye
221 server closing.
<HUAWEI>
Related Topics

bye/exit

Function

The bye/exit command enables the system to disconnect from the remote SFTP server and return to the SFTP client view.

Format

bye

exit

Parameters

None

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

You can use this command to return to the system view from the SFTP client view.

Example

# Disconnect from SFTP server using bye command.

<HUAWEI> system-view
[~HUAWEI] sftp 10.1.1.1
sftp 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
Please input the username: sftp
sftp-client> bye
[~HUAWEI]

# Disconnect from SFTP server using exit command.

[~HUAWEI] sftp 10.1.1.1
sftp 10.1.1.1
Trying 10.1.1.1 ...
Press CTRL+K to abort
Connected to 10.1.1.1 ...
Please input the username: sftp
sftp-client> exit
[~HUAWEI]

cd (FTP client view)

Function

The cd command changes the working directory of the FTP server.

Format

cd remote-directory

Parameters

Parameter Description Value
remote-directory Specifies the name of a working directory on the FTP server.

The value is a string of 1 to 128 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

The FTP server authorizes users to access files in certain directories and their subdirectories.

Example

# Change the working directory to d:/temp.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] cd d:/temp
250 "D:/temp" is current directory.

cd (SFTP client view)

Function

The cd command changes the working directory of the SFTP server.

Format

cd [ remote-directory ]

Parameters

Parameter Description Value
remote-directory Specifies the name of a directory on the SFTP server. The value is a string of 1 to 128 case-insensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • The SFTP server authorizes users to access files in certain directories and their subdirectories.

  • The specified working directory must exist on the SFTP server. If the remote-directory parameter is not included in the cd command, only the current working directory of an SSH user is displayed as the command output.

Example

# Change the current working directory of the SFTP server to /bill.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> cd bill
Current directory is:
/bill  

cd (user view)

Function

The cd command changes the current working directory of a user.

By default, the current working directory is flash:/.

Format

cd [ directory ]

Parameters

Parameter Description Value
directory Specifies the current working directory of a user.

The value is a string of 1 to 255 case-sensitive characters without spaces in the [ drive ] path format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

For example, a directory name is flash:/selftest/test/.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.
  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

For example, if you change the current working directory flash:/selftest/ to the logfile directory in flash, the absolute path is flash:/logfile/, and the relative path is /logfile/. The logfile directory is not logfile/ because it is not in the current working directory selftest.

Precautions
  • The directory specified in the cd command must exist; otherwise, the error messages will be displayed:

    You can perform the following operations to rectify faults:
    1. Run the pwd command to view the current working directory.
    2. Run the dir command to view the current working directory and verify that the directory specified in the cd command exists.
  • If you run the cd command without specifying the directory parameter, the system returns to the root directory.

Example

# Change the current working directory from flash:/temp to flash:.

<HUAWEI> pwd
flash:/temp/
<HUAWEI> cd flash:
<HUAWEI> pwd
flash:/

# Change the current working directory from flash: to flash:/t1/t2.

<HUAWEI> pwd
flash:/
<HUAWEI> cd flash:/t1/t2
<HUAWEI> pwd
flash:/t1/t2/

# Change the current working directory from flash:/selftest to flash:/logfile.

<HUAWEI> pwd
flash:/selftest/
<HUAWEI> cd /logfile/
<HUAWEI> pwd
flash:/logfile/

# Change the current working directory from flash:/selftest to flash:/selftest/test.

<HUAWEI> pwd
flash:/selftest/
<HUAWEI> cd test/
<HUAWEI> pwd
flash:/selftest/test/
Related Topics

cdup (SFTP client view)

Function

The cdup command changes the current working directory of an SSH user to its parent directory.

Format

cdup

Parameters

None

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

You can run the cdup command to change the current working directory to its parent directory.

Example

# Change the current working directory to its parent directory.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> cd dhcp
Current directory is:
/dhcp 
sftp-client> cdup
Current directory is:
/
sftp-client>

cdup (FTP client view)

Function

The cdup command enables you to return to the upper-level directory.

Format

cdup

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To exit from the current directory and return to the upper-level directory, run the cdup command.

Precautions

The directories accessible to an FTP user are restricted by the authorized directories configured for the user.

Example

# Exit from the current directory and return to the upper-level directory.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] cd security
250 CWD command successful.
[ftp] cdup
200 CDUP command successful.

close

Function

The close command terminates the connection with the remote FTP server and retains the FTP client view.

Format

close

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command is equivalent to the disconnect command.

You can run the bye and quit commands to terminate the connection with the remote FTP server and enter the user view.

Precautions

To enter the user view from the FTP client view, you can run the bye or quit command.

Example

# Terminate the connection with the remote FTP server and enter the FTP client view.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] close
221 Server closing.


[ftp]
Related Topics

copy

Function

The copy command copies a file.

Format

copy source-filename destination-filename [ all ]

Parameters

Parameter

Description

Settings

source-filename

Specifies the path and the name of a source file.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

destination-filename

Specifies the path and the name of a destination file.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

all

Copies a file to all member devices.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions
  • If the destination file name is not specified, the designation file and the source file have the same name. If the source file and the destination file are in the same directory, you must specify the destination file name. If the destination file name is not specified, you cannot copy the source file.

Example

# Copy the newbasicsoft.cc file from the master device in a stack to other member devices.

<HUAWEI> copy newbasicsoft.cc 1#flash:/newbasicsoft.cc
Info: Are you sure to copy flash:/newbasicsoft.cc to 1#flash:/newbasicsoft.cc? [Y/N]:y
100%  complete
Info: Copying file flash:/newbasicsoft.cc to 1#flash:/newbasicsoft.cc...Done.

# Copy the file config.cfg from the root directory of the flash card to flash:/temp. The destination file name is temp.cfg.

<HUAWEI> copy flash:/config.cfg flash:/temp/temp.cfg
Info: copy flash:/config.cfg to flash:/temp/temp.cfg?[Y/N]:y
100%  complete
Info: Copied file flash:/config.cfg to flash:/temp/temp.cfg...Done.

# If the current directory is the root directory of the flash card, you can perform the preceding configuration using the relative path.

<HUAWEI> pwd
flash:/
<HUAWEI> dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName 
   0   -rw-      6,721,804  Mar 19 2012 12:31:58   devicesoft.cc
   1   -rw-            910  Mar 19 2012 12:32:58   config.cfg
   2   drw-              -  Mar 05 2012 09:54:34   temp
...
670,092 KB total (569,904 KB free)
<HUAWEI> copy config.cfg temp/temp.cfg
Info: copy flash:/config.cfg to flash:/temp/temp.cfg?[Y/N]:y
100%  complete
Info: Copied file flash:/config.cfg to flash:/temp/temp.cfg...Done.

# Copy the file config.cfg from the root directory of the flash card to flash:/temp. The destination file name is config.cfg.

<HUAWEI> pwd
flash:/
<HUAWEI> dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName 
   0   -rw-      6,721,804  Mar 19 2012 12:31:58   devicesoft.cc
   1   -rw-            910  Mar 19 2012 12:32:58   config.cfg
   2   drw-              -  Mar 05 2012 09:54:34   temp
...
670,092 KB total (569,904 KB free)
<HUAWEI> copy config.cfg temp
Info: copy flash:/config.cfg to flash:/temp/config.cfg?[Y/N]:y
100%  complete
Info: Copied file flash:/config.cfg to flash:/temp/config.cfg...Done.

# Copy the file backup.zip to backup1.zip in the test directory from the current working directory flash:/test/.

<HUAWEI> pwd
flash:/test/
<HUAWEI> copy backup.zip backup1.zip
Info: copy flash:/test/backup.zip to flash:/test/backup1.zip?[Y/N]:y
100%  complete
Info: Copied file flash:/test/backup.zip to flash:/test/backup1.zip...Done. 
Related Topics

compare configuration

Function

The compare configuration compares whether the current configurations are identical with the next startup configuration file.

Format

compare configuration [ configuration-file ]

Parameters

Parameter Description Value
configuration-file Specifies the name of the configuration file to be compared with the current configurations.
NOTE:

If this parameter is not specified, the current configurations and the next startup configuration file are compared.

The name of the configuration file must already exist.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After completing a series of operations, you can compare whether the current configurations are the same as the configurations in the next startup configuration file or a specified configuration file starting from the first line of the current configurations. You can determine whether to save the current configurations based on the comparison result and specify the current configurations as the next startup configuration file.

After you run this command to compare the current configurations with the next startup configuration file or a specified configuration file, the system displays the different content starting from the first different line to the ninth different line. If the different content contains fewer than nine lines, the system displays only the content from the first different line to the end of the file.

NOTE:

You can run this command to compare whether the current configurations are the same as the configurations in the next startup configuration file or a specified configuration file in VSn.

Precautions

The file name extension of the configuration file must be .cfg or .zip.

After this command is run once, only the first difference between the two configuration files is displayed. To compare all differences, modify the difference recognized to be the same and run the compare configuration command repeatedly.

Example

# Compare whether the current configurations are identical with the next startup configuration file.

<HUAWEI> compare configuration
Building configuration...                                                       
Warning: The current configuration is not the same as the next startup configuration file. There may be several differences, and the
 following are some configurations beginning from the first: 
 ====== Current configuration line 9 ======                                     
loopback-detect packet-interval 10                                             
#                                                                               
drop-profile default                                                            
#                                                                               
vlan batch 10                                                                   
#                                                                               
dldp enable                                                                     
#                                                                               
lldp enable                                                                     
                                                                                
 ====== Configuration file line 7 ======                                        
drop-profile default                                                            
#                                                                               
vlan batch 10                                                                   
#                                                                               
lldp enable                                                                     
#                                                                               
diffserv domain default                                                         
#                                                                               
mpls  
Related Topics

delete (FTP client view)

Function

The delete command deletes a file from the FTP server.

Format

delete remote-filename

Parameters

Parameter Description Value
remote-filename Specifies the name of a file to be deleted. The value is a string of 1 to 128 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

The permission to delete the file completely depends on the access rights configuration on the remote server system. By executing the dir command displays the list of directories and files in the specified directory.

A file deleted in the FTP client view cannot be restored.

Example

# Delete the file temp.c.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] delete temp.c
Warning: File temp.c will be deleted. Continue? [Y/N]:y
250 File deleted from remote host.

delete (user view)

Function

The delete command deletes a specified file in the storage device.

Format

delete [ /unreserved ] [ /quiet ] { filename | devicename } [ all ]

Parameters

Parameter Description Value
/unreserved

Deletes a specified file. The deleted file cannot be restored.

-
/quiet

Deletes a file directly without any confirmation.

-
filename

Specifies the name of a file to be deleted.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

devicename

Deletes all the files in the storage device.

-

all

Deletes files in the specified directory in a batch from all storage devices.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • The wildcard (*) character can be used in the delete command.
  • If the parameter /unreserved is not included, the file is stored in the recycle bin. To display all files including deleted files that are displayed in square brackets ([ ]), run the dir /all command. To restore these files that are displayed in square brackets ([ ]), run the undelete command. To clear these files from the recycle bin, run the reset recycle-bin command.

    If you delete a file using the /unreserved parameter, the file cannot be restored.

  • If the recycle bin is full, files cannot be deleted using the delete command without the parameter /unreserved configured. In this case, delete unnecessary files permanently using the delete command with the parameter /unreserved configured.
  • If you delete two files with the same name from different directories, the last file deleted is kept in the recycle bin.

  • If you attempt to delete a protected file, such as a configuration file, or patch filer, a system prompt is displayed.

  • You cannot delete a directory by running the delete command. To delete a directory, run the rmdir (user view) command.

Example

# Delete the file test.txt from the current working directory flash:/selftest.

<HUAWEI> delete test.txt
Info: Are you sure to delete flash:/selftest/test.txt? [Y/N]:y

dir (user view)

Function

The dir command displays information about files and directories in the storage medium.

Format

dir [ /all ] [ filename | directory | /all-filesystems ]

Parameters

Parameter

Description

Value

/all

Displays information about all files and directories in the current directory, including files and directories moved to the recycle bin from the current directory.

-

filename

Specifies the file name.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

directory

Specifies the file directory.

The value is a string of 1 to 255 case-sensitive characters without spaces in the [ drive ] path format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

/all-filesystems

Display information about files and directories in the root directories of all the storage media on the device.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

The wildcard character (*) can be used in this command. If no parameter is specified, this command displays information about files and directories in the current directory.

The following describes the drive name:

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

You can run the dir /all command to view information about all files and directories of the storage medium, including those moved to the recycle bin. The name of a file in the recycle bin is placed in square brackets ([]), for example, [test.txt].

Table 3-37 lists information about some files queried through the dir command.
Table 3-37  File information

Item

Description

$_checkpoint

Directory for storing configuration rollback point information.

**.cc

Software version file.

POST

Directory for storing hardware self-test information when the system starts.

SysResTemplate.ini

System forwarding resource template, which exists in the user directory after the forwarding mode is set in the system.

device.sys

System hardware configuration file.

logfile

Directory for storing log information:
  • diag.log: detailed logs of key events and exceptions
  • log.log: logs of operations and key events

You can run the display logbuffer command to view event logs and other logs.

lost+found

Directory for storing information about the damaged file in the file management module recovered by the system during abnormal restart.

**.zip/**.cfg/**.dat

System configuration file. For details, see the save command.

The file name extension of compressed log files is also .zip.

  • log_slot ID_time.log.zip: a common log file that reaches a specified size
  • diaglog_slot ID_time.log.zip: a diagnostic log file that reaches a specified size

You can run the info-center logfile size command to set the size of a log file.

*.ztbl

File for saving security MAC address information after port security is configured.

*.cap

File for saving captured packets after packet capture is configured on the device.

*.MOD/*.mod

Modules that are not running can be dynamically loaded to the system using a file. The file must be uploaded to the directory flash:/$_install_mod/.

Example

# Display information about all files and directories in the current directory.

<HUAWEI> dir /all
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName                     
    0  drwx              -  Mar 03 2013 03:44:28   $_checkpoint                 
    1  -rw-    104,517,153  Mar 02 2013 18:22:18   devicesoft.cc                
    2  drwx              -  Mar 03 2013 03:42:52   POST                     
    3  -rw-             14  Mar 03 2013 03:45:32   SysResTemplate.ini           
    4  -rw-         16,781  Mar 03 2013 03:41:39   device.sys                   
    5  drwx              -  Jan 19 2012 09:54:13   logfile                      
    6  drwx              -  Feb 27 2013 04:44:53    lost+found
    7  -rw-         33,036  Mar 03 2013 03:41:39   vrpcfg.cfg                   
    8  -rw-          6,311  Feb 25 2012 17:22:30   [vrpcfg1.cfg]
    9  lrwx    164,169,606  Jul 08 2015 20:48:21   link.cc -> flash:/home/CE5810-V100R006C00.cc   
   10  lrwx          6,632  Jul 13 2015 20:19:02   link.txt -> system file
670,092 KB total (569,904 KB free)

# Display information about the file in the current directory.

<HUAWEI> dir vrpcfg.cfg
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    8  -rw-         33,036  Jan 22 2012 16:35:31   vrpcfg.cfg

670,092 KB total (569,904 KB free)

# Display information about all .ini files in the current directory.

<HUAWEI> dir *.ini
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    1  -rw-             14  Jan 10 2012 10:39:27   SysResTemplate.ini           

670,092 KB total (569,904 KB free)
Table 3-38  Description of the dir command output

Item

Description

Directory of flash

Flash memory directory.

Idx

File index.

Attr

File attributes:
  • d: indicates a directory. If this item is not displayed, the corresponding FileName field displays a file. For example, devicesoft.cc is a file and logfile is a directory.

  • r: indicates that the file or directory is readable.

  • w: indicates that the file or directory is writable.

  • x: indicates that the file or directory is executable.

  • l: indicates that the file is a link file.

Size(Byte)

File size.

Date

Date when the file is generated.

Time

Time when the file is generated.

FileName

File name.
  • vrpcfg.cfg: configuration file. The file name extension of the configuration file must be .cfg or .zip.
  • devicesoft.cc: system software. The file name extension of the system software must be .cc.

Some software sub-systems store necessary data in other files in the file system when the device is running properly. The name of a file in the recycle bin is placed in square brackets ([]).

dir/ls (FTP client view)

Function

The dir and ls commands display all files or specified files that are stored on the FTP server, and save them to a local disk.

Format

dir [ remote-filename [ local-filename ] ]

ls [ remote-filename [ local-filename ] ]

Parameters

Parameter Description Value
remote-filename Specifies the name and directory of a file stored on the FTP server. The value is a string of 1 to 128 case-sensitive characters without spaces. The remote-filename must already exist.
local-filename Specifies the name of the local file that saves the FTP server file information. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes differences between the dir and ls commands.

  • When you run the dir command, detailed file information is displayed, including the file size, date when the file was created, whether the file is a directory, and whether the file can be modified. When you run the ls command, only the file name is displayed.
  • The dir command is used to save detailed file information, while the ls command is used to save only the file name even if the file is specified and saved in a local directory.

Precautions

The wildcard (*) character can be used in commands dir and ls.

Example

# Display the name or detailed information about a file that is saved in the test directory.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] cd test 
250 CWD command successful.

[ftp] dir
200 Port command okay.
150 Opening ASCII mode data connection for /test.
drwxrwxrwx   1 noone    nogroup         0 Mar 23 16:04 yourtest
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 10:38 backup.txt
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 10:38 backup1.txt 
226 Transfer complete.
[ftp] ls
200 Port command okay.
150 Opening ASCII mode data connection for /test.
yourtest
backup.txt
backup1.txt
226 Transfer complete.

# Display the detailed information for the file temp.c, and save the displayed information in file temp1.

[ftp] dir temp.c temp1
200 Port command okay.
150 Opening ASCII mode data connection for /temp.c.

226 Transfer complete.

[ftp] quit

221 Server closing.
<HUAWEI> more temp1
-rwxrwxrwx  1  noone   nogroup  3929  Apr 27 18:13  temp.c

# Display the name of file test.bat, and save the displayed information in file test.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] ls test.bat test
200 Port command okay.
150 Opening ASCII mode data connection for /test.bat.

226 Transfer complete.

[ftp] quit

221 Server closing.
<HUAWEI> more test
test.bat
Table 3-39  Description of the dir/Is command output

Item

Description

d

Indicates a directory. If this parameter is not present, the command output indicates a file.

r

Indicates that the file or directory can be read.

w

Indicates that the file or directory can be modified.

x

Indicates that the file or directory is executable.

dir/ls (SFTP client view)

Function

The dir and ls commands display a list of specified files that are stored on the SFTP server.

Format

dir [ -l | -a ] [ remote-directory ]

ls [ -l | -a ] [ remote-directory ]

Parameters

Parameter Description Value
-l Displays detailed information about all files and directories in a specified directory. -
-a Displays names of all files and directories in a specified directory. -
remote-directory Specifies the name of a directory on the SFTP server. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

The dir and ls commands are equivalent.
  • If -l and -a parameters are not specified, detailed information about all files and directories in a specified directory is displayed when you run the dir or ls command. The effect is the same as the dir -l command output.
  • By default, if the remote-directory parameter is not specified, the list of current directory files is displayed when you run the dir or ls command.

Example

# Display a list of files in the test directory of the SFTP server.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> dir test
-rwxrwxrwx   1 noone    nogroup         0 Mar 24 00:04 yourtest
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 18:38 backup.txt
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 18:38 backup1.txt
sftp-client> dir -a test
yourtest
backup.txt
backup1.txt
sftp-client> ls test
-rwxrwxrwx   1 noone    nogroup         0 Mar 24 00:04 yourtest
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 18:38 backup.txt
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 18:38 backup1.txt
sftp-client> ls -a test
yourtest
backup.txt
backup1.txt

disconnect

Function

The disconnect command terminates the connection with the remote FTP server and displays the FTP client view.

Format

disconnect

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

This command is equivalent to the close command.

You can run the bye and quit commands to terminate the connection with the remote FTP server and enter the user view.

To enter the user view from the FTP client view, you can run the bye or quit command.

Example

# Terminate the connection with the remote FTP server and enter the FTP client view.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] disconnect

221 Server closing.

[ftp]
Related Topics

display ftp client

Function

The display ftp client command displays the source IP address configured for the FTP client.

Format

display ftp client

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

The default source IP address 0.0.0.0 is used if ftp client source is not configured.

Example

# Display the source IP address of the FTP client.

<HUAWEI> display ftp client
SrcIPv4Addr         : 10.18.26.233
Table 3-40  Description of the display ftp client command output

Item

Description

SrcIPv4Addr

IPv4 address of an FTP client.

You can run the ftp client source command to change the IPv4 address of the FTP client.

If the IP address is configured for the source port, the message "Interface Name" is displayed.

Related Topics

display ftp server

Function

The display ftp server command displays FTP server parameter settings.

Format

display ftp server

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run this command to display FTP server parameter settings.

Example

# Display FTP server parameter settings.

<HUAWEI> display ftp server
Server state              : Disabled
IPv6 server state         : Disabled
Timeout value (mins)      : 10
IPv6 Timeout value (mins) : 10
Listen port               : 21
IPv6 listen port          : 21
ACL name                  :
IPv6 ACL name             :
ACL number                :
IPv6 ACL number           :
Current user count        : 0
Max user number           : 15
Source IPv4 address       : 0.0.0.0
Source IPv6 Address       : ::
Source IPv6 VpnName       :
Table 3-41  Description of the display ftp server command output

Parameter

Description

Server state

FTP server status.
  • Enabled
  • Disabled

By default, the FTP server is disabled.

You can run the ftp server enable command to start the FTP server.

IPv6 server state

FTP IPv6 server status.
  • Enabled
  • Disabled

By default, the FTP IPv6 server is disabled.

You can run the ftp ipv6 server enable command to start the FTP server.

Timeout value (mins)

Idle timeout duration of FTP users.

The default idle timeout duration is 30 minutes.

You can run the ftp server timeout command to set the idle timeout duration of FTP users.

IPv6 Timeout value (mins)

Idle timeout duration of FTP users.

The default idle timeout duration is 30 minutes.

You can run the ftp ipv6 server timeout command to set the idle timeout duration of FTP users.

Listen Port

Number of the listening port on the FTP server.

The default value is 21.

If the value is not 21, you can run the ftp server port command to configure the listening port number.

IPv6 listen port

Number of the listening port on the FTP IPv6 server.

The default value is 21.

If the value is not 21, you can run the ftp ipv6 server port command to configure the listening port number.

ACL name

Name of the ACL for the IPv4 address.

If no ALC is configured, the ACL name is unavailable. You can run the ftp server acl acl-name command to change the ACL name.

IPv6 ACL name

Name of the ACL for the IPv6 address.

If no ALC is configured, the ACL name is unavailable. You can run the ftp ipv6 server acl acl-name command to change the ACL name.

ACL number

ACL number.

If no ALC is configured, the ACL number is unavailable. You can run the ftp server acl acl-number command to change the ACL number.

IPv6 ACL number

ACL6 number.

If no ALC is configured, the ACL number is unavailable. You can run the ftp ipv6 server acl acl-number command to change the ACL6 number.

Current user count

Number of current users who has logged in to the FTP server.

Max user number

Maximum number of users allowed to log in to the FTP server.

The default value is 15.

Source IPv4 address

Source IPv4 address.

The default source IPv4 address is 0.0.0.0.

You can run the ftp server source -a command to configure the source IPv4 address.

Source IPv6 Address

Source IPv6 address.

The default source IPv6 address is 0.0.0.0.

You can run the ftp ipv6 server source -a ipv6-address command to configure the source IPv6 address.

Source IPv6 VpnName

Name of the source IPv6 VPN instance.

You can run the ftp ipv6 server source -a -vpn-instance vpn-instance-name command to configure the name of the source IPv6 VPN instance.

display ftp server ip auth-fail information

Function

The display ftp server ip auth-fail information command displays the information of the FTP auth–failed IP addresses of user.

Format

display ftp server ip auth-fail information

Parameters

None

Views

All view

Default Level

3: Management Level

Usage Guidelines

The display ftp server ip auth-fail information command displays the information of the FTP auth–failed IP addresses. The command output includes the names of VPN instances to which the IP addresses belong, IP address status, numbers of authentication failures, and the IP addresses that fails to pass FTP authentication will not be adopted to make invalid authentication.

Example

# Display information about the IP addresses of all the clients that fail to pass FTP authentication.

<HUAWEI> display ftp server ip auth-fail information
--------------------------------------------------------------------------------------------------------------------------------
IP Address                                     VPN Name                         First Time Auth-fail             Auth-fail Count
--------------------------------------------------------------------------------------------------------------------------------
10.0.0.1                                       _public_                         2016-09-05 11:19:28                            1
--------------------------------------------------------------------------------------------------------------------------------
Table 3-42  Description of the display ftp server ip-block all command output

Item

Description

IP Address

Locked client IP address

VPN Name

Name of a VPN instance to which a locked client IP address belongs

First Time Auth-fail

Time when the first authentication fails

Auth-fail Count

Number of consecutive client authentication failures in the latest authentication period

display ftp server ip-block list

Function

The display ftp server ip-block list command displays information about client IP addresses that are locked because of FTP authentication failures.

Format

display ftp server ip-block list

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

To check information about client IP addresses that are locked because of FTP authentication failures, run the display ftp server ip-block list command. The command output includes the names of VPN instances to which the locked client IP addresses belong and the remaining locking period.

Example

# Display information about client IP addresses that are locked because of FTP authentication failures.

<HUAWEI> display ftp server ip-block list
----------------------------------------------------------------------------------------------------------
IP Address                                     VPN Name                         UnBlock Interval (Seconds)
----------------------------------------------------------------------------------------------------------
10.0.0.1                                       _public_                         294                       
----------------------------------------------------------------------------------------------------------
Table 3-43  Description of the display ftp server ip-block list command output

Item

Description

IP Address

Locked client IP address

VPN Name

Name of a VPN instance to which a locked client IP address belongs

UnBlock Interval(Seconds)

Remaining locking period, in seconds

display ftp server users

Function

The display ftp server users command displays FTP user parameters on the FTP server.

Format

display ftp server users

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can check FTP user parameters on the FTP server, such as the FTP user name, IP address of the client host, port number, idle duration, and the authorized directories.

Example

# Display FTP user parameters.

<HUAWEI> display ftp server users
User Name        : root
Host Address     : 10.18.26.139
Control Port     : 20465
Idle Time (mins) : 1
Root Directory   : flash:
Table 3-44  Description of the display ftp-users command output

Item

Description

User Name

FTP user name.

Host Address

IP address of the client host.

Control Port

Port number of the client host.

Idle Time (mins)

Idle duration.

Root Directory

Authorized directory of a user.

You can run the local-user ftp-directory command to configure the authorized directory.

display scp client

Function

The display scp client command displays source parameters of the current SCP client.

Format

display scp client

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run the display scp client command to check source parameters of the SCP client.

Example

# Display source parameters of the SCP client.

<HUAWEI> display scp client
The source address of SCP client is 10.1.1.1.
Table 3-45  Description of the display scp client command output

Item

Description

The source address of SCP client is 10.1.1.1.

The source address of the SCPclient. By default, the source address of the SCP client is 0.0.0.0.

Related Topics

display snmp-agent trap feature-name sysom all

Function

The display snmp-agent trap feature-name sysom all command displays all trap information about the SYSOM module.

Format

display snmp-agent trap feature-name sysom all

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. After that, the network administrator immediately takes measures to resolve the problem.

The display snmp-agent trap feature-name sysom all command can be used to display all traps on the SYSOM module.
  • Name of a trap supported on the SYSOM module: The trap name must be the same as that specified by the snmp-agent trap enable feature-name sysom trap-name trap-name command. The name of each trap indicates a fault on the network element.

  • Trap status on the SYSOM module: The trap name shows whether sending a trap is enabled.

Prerequisites

The SNMP function has been enabled on the network element. For the relevant command, see snmp-agent.

Example

# Display all trap information about the sysom module.

<HUAWEI> display snmp-agent trap feature-name sysom all
------------------------------------------------------------------------------
Feature name: SYSOM
Trap number : 1
------------------------------------------------------------------------------
Trap name                      Default switch status   Current switch status
hwFlhOperNotification          off                     off
Table 3-46  Description of the display snmp-agent trap feature-name sysom all command output

Item

Description

Feature name

Name of the module that the trap message belongs

Trap number

Number of trap messages

Trap name

Alarm name.

hwFlhOperNotification: the alarm is implemented through huaweiFlhOpTable operations.

Default switch status

Status of the trap function by default:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

Current switch status

Current status of the trap function:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

display snmp-agent trap feature-name vfs all

Function

The display snmp-agent trap feature-name vfs all command displays all trap information about the VFS module.

Format

display snmp-agent trap feature-name vfs all

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. After that, the network administrator immediately takes measures to resolve the problem.

The display snmp-agent trap feature-name vfs all command can be used to display all traps on the VFS module.
  • Name of a trap supported on the VFS module: The trap name must be the same as that specified by the snmp-agent trap enable feature-name vfs trap-name trap-name command. The name of each trap indicates a fault on the network element.

  • Trap status on the VFS module: The trap name shows whether sending a trap is enabled.

Prerequisites

The SNMP function has been enabled on the network element. For the relevant command, see snmp-agent.

Example

# Display all trap information about the VFS module.

<HUAWEI> display snmp-agent trap feature-name vfs all
------------------------------------------------------------------------------
Feature name: VFS
Trap number : 2
------------------------------------------------------------------------------
Trap name                      Default switch status   Current switch status
hwFlhSyncFailNotification      off                     off
hwFlhSyncSuccessNotification   off                     off  
Table 3-47  Description of the display snmp-agent trap feature-name vfs all command output

Item

Description

Feature name

Name of the module that the trap message belongs

Trap number

Number of trap messages

Trap name

Alarm name:
  • hwflhsyncfailnotification: a failure notification about file copying operation.

  • hwflhsyncsuccessnotification: the file copying operation is successful.

Default switch status

Status of the trap function by default:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

Current switch status

Current status of the trap function:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

display sftp client

Function

The display sftp client command displays the source IP address configured for the SFTP client.

Format

display sftp client

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run the display sftp client command to display the source IP address of the SFTP client. The default source IP address 0.0.0.0 is used if sftp client-source is not configured.

Example

# Display the source IP address configured for the SFTP client.

<HUAWEI> display sftp client
The source address of SFTP client is 10.1.1.1.
Table 3-48  Description of the display sftp client command output

Item

Description

The source address of SFTP client is 10.1.1.1.

10.1.1.1 is the source IP address of the SFTP client.

You can run the sftp client-source command to configure the source IP address for the SFTP client.

If an IP address has been configured for the source port, the message "The source interface of SFTP client is LoopBack0" is displayed.

display tftp client

Function

The display tftp client command displays the source IP address configured for the TFTP client.

Format

display tftp client

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run the display tftp client command to query source IP address of the TFTP client. The default source IP address is 0.0.0.0 if tftp client source is not configured.

Example

# Display the source IP address configured for the TFTP client.

<HUAWEI> display tftp client
--------------------------------------------------------------------------------
ACL name             :
ACL number           :
IPv6 ACL name        :
IPv6 ACL number      :  
Source IPv4 address  :  0.0.0.0
--------------------------------------------------------------------------------
Table 3-49  Description of the display tftp client command output

Item

Description

ACL name

Name of the ACL that specifies the IPv4 address the TFTP client can access.

ACL number

Number of the ACL that specifies the IPv4 address the TFTP client can access.

IPv6 ACL name

Name of the ACL that specifies the IPv6 address the TFTP client can access.

IPv6 ACL number

Number of the ACL that specifies the IPv6 address the TFTP client can access.

Source IPv4 address

Source IPv4 address of the TFTP client.

The source IPv4 address is configured using the tftp client source -a source-ip-address command.

Interface Name

Source interface of the TFTP client.

The source interface is configured using the tftp client source -i interface-type interface-number command. This field is displayed only when the source interface is configured using this command.

execute

Function

The execute command executes a specified batch file or VRP Shell Languages (VSL) script.

Format

execute batch-filename [ parameter&<1-8> ]

Parameters

Parameter Description Value
batch-filename

Specifies the name and path of a batch file.

The name and path of a batch file must already exist. If the batch file to be processed is in the current directory; you can only input the name of a batch file.
parameter Specifies a VSL parameter. The value is a string of 1 to 32 case-sensitive characters.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The commands in a batch file are run one by one. A batch file cannot contain any invisible character. If an invisible character is detected, the execute command exits from the current process and no rollback is performed.

NOTE:
Whether a character is invisible is determined based on the ASCII character table. Characters whose ASCII character value ranges from 32 to 126 are visible (the ASCII character value 32 indicates spaces). Other characters are invisible.

The execute command does not ensure that all commands can be run. The execute command is not hot backed up, and no restriction is on the format or contents of the command.

Running the execute command functions the same as running the commands one by one manually.

Precautions

  • The commands in a batch file are run one by one. A batch file cannot contain invisible characters (control characters or escape characters, such as \r, \n, and \b). If any invisible character is detected, the execute command exits from the current process and no rollback is performed.

  • The execute command does not ensure that all commands can be run. If the system runs a wrong or immature command, it displays the error and goes to next command. The execute command does not perform the hot backup operation, and the command format or content is not restricted.

  • When a .bat file is a VSL script, the execute command configures services automatically and commands in the batch file as well as performs configurations for services specified by parameter at a time.

Example

# Execute the test.bat file in the directory flash:/. The test.bat file contains four commands: system-view, aaa, local-user huawei password irreversible-cipher Helloworld@6789, and commit.

<HUAWEI> system-view
[~HUAWEI] execute test.bat
[*HUAWEI] system-view
           ^
Error: Unrecognized command found at '^' position.
[*HUAWEI] aaa
[*HUAWEI-aaa] local-user huawei password irreversible-cipher Helloworld@6789
[*HUAWEI-aaa] commit
[~HUAWEI-aaa] 

When the system runs the first command system-view in current system view, it displays an error and continues to run the following commands.

The system displays the execution of a batch file in AAA view.

[~HUAWEI-aaa] display this 
 local-user huawei password irreversible-cipher $1c$g8wLJ`LjL!$CyE(V{3qg5DdU:PM[6=6O$UF-.fQ,Q}>^)OBzgoU$

format

Function

The format command formats a storage device.

Format

format device-name [ file-type ]

Parameters

Parameter Description Value
device-name Specifies the device name such as USB. -
file-type Specifies the file type that to be formatted. The value is a string and its format depends on file formats supported by devices.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When the file system fault cannot be rectified or the data on the storage device is unnecessary, the storage device can be formatted. When you run the format command, all files and directories are cleared from the storage device.

Precautions

After the format command is run, files and directories are cleared from the specified storage device and cannot be restored. Therefore, this command should be used with caution.

If the storage device is still unavailable after the format command is run, a physical exception may have occurred.

Example

# Format the storage device.

<HUAWEI> format usb_sda1: vfat
Info: Format disk usb_sda1:/? [Y/N]:y

ftp

Function

The ftp command connects the FTP client to the FTP server and enters the FTP client view.

Format

# Connect the FTP client to the FTP server based on the IPv4 address.

ftp [ [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-number ] [ public-net | vpn-instance vpn-instance-name ] ]

# Connect the FTP client to the FTP server based on the IPv6 address.

ftp ipv6 host-ipv6 [ public-net | vpn-instance vpn-instance-name ] [ port-number | -oi interface-type interface-number ]

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address for connecting to the FTP client. You are advised to use the loopback interface IP address.

The value is in dotted decimal notation.

-i interface-type interface-number

Specifies the source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-
host-ip

Specifies the IP address or host name of the remote IPv4 FTP server.

NOTE:

You can run the display dns dynamic-host or display ip host command to view the mapping between the IP address and host name.

The value is in dotted decimal notation.

port-number

Specifies the port number of the FTP server.

The value is an integer that ranges from 1 to 65535. The default value is the standard port number 21.
public-net

Specifies the FTP server on the public network.

You must set the public-net parameter when the FTP server IP address is a public network IP address.

-
public-net

Specifies the FTP server on the public network.

You must set the public-net parameter when the FTP server IP address is a public network IP address.

-
vpn-instance vpn-instance-name

Specifies the name of the VPN instance where the FTP server is located.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
host-ipv6 Specifies the IP address of the remote IPv6 FTP server.

The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.

-oi interface-type interface-number

Specifies the source interface for the IPv6 FTP client, including the type and number of the interface. The IPv6 address configured in this interface view is the source IPv6 address of the packet. If no IPv6 address is configured for the source interface, the FTP connection cannot be set up.

Setting the loopback interface as the source IPv6 address is recommended.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Before accessing the FTP server on the FTP client, you must first run the ftp command to connect the FTP client to the FTP server.

On an IPv4 network, the source IP address specified using the ftp command takes precedence over the source IP address specified using the ftp client-source command. If the ftp command is run after a source IP address has been specified using the ftp client-source command, the source IP address specified using the ftp command is used for communication.

The source IP address specified using the ftp client-source command is available for all FTP connections; the source IP address specified using the ftp command is available only for the current FTP connection.

Prerequisites

An FTP connection can establish if the following conditions are met:
  • FTP server function on a device is enabled by executing the ftp server enable command on the FTP server to allow FTP users to log in.
  • The FTP server and FTP client are routable.

Precautions

  • You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified on the IPv4 network. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.
  • You can run the set net-manager vpn-instance command to configure the NMS management VPN instance before running the open command to connect the FTP client and server.
    • If public-net or vpn-instance is not specified, the FTP client accesses the FTP server in the VPN instance managed by the NMS.

    • If public-net is specified, the FTP client accesses the FTP server on the public network.

    • If vpn-instance vpn-instance-name is specified, the FTP client accesses the FTP server in a specified VPN instance.

  • If no parameter is set in the ftp command, only the FTP view is displayed, and no connection is set up between the FTP server and client.
  • If the port number that the FTP server uses is non-standard, you must specify a standard port number; otherwise, the FTP server and client cannot be connected.
  • When you run the ftp command, the system prompts you to enter the user name and password for logging in to the FTP server. You can log in to the FTP server if the user name and password are correct.
  • If the number of login users exceeds the maximum value that the FTP server allows, other authorized users cannot log in to the FTP server. To allow news authorized users to log in to the FTP server, users who have performed FTP services must disconnect their clients from the FTP server. You can run the bye or quit command to disconnect the FTP client from the FTP server and return to the user view, or run the close or disconnect command to disconnect the FTP client from the FTP server and retain in the FTP client view.

Example

# Connect to the FTP server whose IP address is 10.137.217.201.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp]
# Connect to the remote IPv6 FTP server whose address is fc00:2001:db8::1.
<HUAWEI> ftp ipv6 fc00:2001:db8::1
Trying fc00:2001:db8::1
Press CTRL + K to abort
Connected to ftp fc00:2001:db8::1
220 FTP service ready.
User(fc00:2001:db8::1:(none)):huawei
331 Password required for huawei
Enter Password:
230 User logged in.
[ftp]
Related Topics

ftp server acl

Function

The ftp server acl command specifies an ACL number or ACL name for the current FTP server so that the FTP client with the same ACL number or ACL name can access the FTP server.

The undo ftp server acl command deletes an ACL number or ACL name of the current FTP server.

By default, no ACL is configured for FTP server.

Format

ftp [ ipv6 ] server acl { acl-number | acl-name }

undo ftp [ ipv6 ] server acl

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -
acl-number Specifies the number of the ACL. The value is an integer that ranges from 2000 to 3999.
acl-name Specifies the ACL name. The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To ensure the security of an FTP server, you need to configure an ACL for it to specify FTP clients that can access the current FTP server.

Precautions

If no rule is configured, the incoming and outgoing calls are not restricted after the command ftp server acl is run.

The ftp server acl command takes effect only after you run the rule command to configure the ACL rule.

The command ftp server acl { acl-number | acl-name } only takes effect for ipv4 client.

Example

# Allow the client whose ACL number is 2000 to log in to the FTP server.

<HUAWEI> system-view
[~HUAWEI] acl 2000
[*HUAWEI-acl4-basic-2000] rule permit source 10.10.10.1 0
[*HUAWEI-acl4-basic-2000] quit
[*HUAWEI] ftp server acl 2000
Related Topics

ftp client source

Function

The ftp client source command specifies the source IP address for the FTP client to send packets.

The undo ftp client source command restores the default source IP address for the FTP client to send packets.

The default source IP address for the FTP client to send packets is 0.0.0.0.

Format

ftp client source { -a source-ip-address | -i interface-type interface-number }

undo ftp client source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address. You are advised to use the loopback interface IP address.

The value is in dotted decimal notation.
-i interface-type interface-number

Specifies the source interface, including the interface type and number. You are advised to use the loopback interface.

The IP address configured for the source interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Precautions

  • You can also run the ftp command to configure the source IP address whose priority is higher than that of the source IP address specified by the ftp client source command. If you specify the source IP addresses by running the ftp client source and ftp commands, the source IP address specified by the ftp command is used for data communication and is available only for the current FTP connection, while the source IP address specified by the ftp client source command is available for all FTP connections.

  • The IP address that a user displays on the FTP server is the specified source IP address or source interface IP address.
  • After a bound source interface is deleted, the interface configuration specified using the ssh server-source command will not be cleared but does not take effect. If you configure the source interface with the same name again, the interface configuration specified using the ssh server-source command is updated and the function restores.

  • This command takes effect for ipv4 client.

  • If the specified source interface has been bound to a VPN instance, the client is automatically bound to the same VPN instance.

Example

# Set the source IP address of the FTP client to 10.1.1.1.

<HUAWEI> system-view
[~HUAWEI] ftp client source -a 10.1.1.1

ftp get/put

Function

The ftp get/put command uploads a source file to the FTP server or downloads a source file from the FTP server to a host.

Format

# IPv4 address

ftp { put | get } [ -a source-ip-address | -i interface-type interface-number ] host-ip host-ip [ port portnumber ] [ public-net | vpn-instance vpn-instance-name ] username username sourcefile local-filename [ destination remote-filename ]

# IPv6 address

ftp { put | get } ipv6 host-ip host-ipv6 [ public-net | vpn-instance vpn-instance-name ] [ port portnumber ] username username sourcefile local-filename [ destination remote-filename ]

Parameters

Parameter Description Value
-a source-ip-address Specifies the IP address for establishing the FTP connection. The value is in dotted decimal notation.
-i interface-type interface-number Specifies the interface for establishing the FTP connection. -
host-ip host-ip

Specifies the IPv4 address or host name of the FTP server.

NOTE:

You can run the display dns dynamic-host or display ip host command to view the mapping between the IP address and host name.

The value is in dotted decimal notation.
host-ip host-ipv6

Specifies the IPv6 address or host name of the FTP server.

NOTE:

You can run the display dns dynamic-host or display ip host command to view the mapping between the IP address and host name.

The value is a 32-digit hexadecimal number, in the format X:X:X:X:X:X:X:X.
put Saves local files to the FTP server. -
get Saves the files on the FTP server to the local host. -
port portnumber Specifies the port number of the FTP server. The value is an integer that ranges from 1 to 65535. The default value is 21.
public-net

Specifies the FTP server on the public network.

You must set the public-net parameter when the FTP server IP address is a public network IP address.

-
vpn-instance vpn-instance-name Specifies the name of a VPN instance. The VPN must already exist.
username username Specifies a user name. The value is a string of 1 to 255 case-insensitive characters that can contain letters, digits, and special characters.
sourcefile local-filename Specifies the name of the source file to be uploaded or downloaded.

The value is a string of 1 to 128 characters, which can contain digits, letters, and special characters.

destination remote-filename Specifies the name of the destination file to be uploaded or downloaded.

The value is a string of 1 to 128 characters, which can contain digits, letters, and special characters.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the device only needs to upload files to or download files from the FTP server, you can use this command to complete a file transfer at one time.

Prerequisites

Ensure that the VPN has been configured when you specify vpn-instance vpn-instance-name in the command.

Precautions

  • After this command is executed, the device (FTP client) establishes a connection with the FTP server before starting the file transfer.

  • If the server monitors the FTP connection through default port, you need not specify port number, else specify the port number.

  • This command does not support resumable upload or download. If the uploading or downloading process is interrupted due to a fault, the previously generated file (which includes only part of the source file) will be replaced by a new file after the fault is removed and the uploading or downloading task resumes.

Example

# Upload the source file sample.txt to the FTP server.

<HUAWEI> ftp put -a 10.1.1.10 host-ip 10.1.1.1 username huawei sourcefile sample.txt
Trying 10.1.1.1 ...        
Press CTRL + K to abort          
Connected to 10.1.1.1.       
220 FTP service ready.           
331 Password required for huawei.          
Enter password: 
200 Type set to I.                   
200 Port command okay.               
150 Opening BINARY mode data connection for /sample.txt.            
/     100% [***********]             
226 Transfer complete.   
                                     
FTP: 4860 byte(s) send in 0.134 second(s) 35.417Kbyte(s)/sec.

# Upload the source file sample.txt to the FTP server 10.1.1.1 through an interface.

<HUAWEI> ftp put -i 10ge 1/0/1 host-ip 10.1.1.1 username huawei sourcefile sample.txt
Trying 10.1.1.1 ...             
Press CTRL + K to abort                   
Connected to 10.1.1.1.                                         
220 FTP service ready.                                    
331 Password required for huawei.                
Enter password: 
200 Type set to I.                                
200 Port command okay.               
150 Opening BINARY mode data connection for /sample.txt.            
/     100% [***********]                      
226 Transfer complete.                             
                                     
FTP: 4860 byte(s) send in 0.134 second(s) 35.417Kbyte(s)/sec.

ftp server default-directory

Function

The ftp server default-directory command configures the default FTP working directory.

The undo ftp server default-directory command disables the default FTP working directory.

By default, no default FTP working directory is configured.

Format

ftp server default-directory directory

undo ftp server default-directory

Parameters

Parameter Description Value
directory Specify the default FTP working directory. The value is a string of 1 to 255 case-sensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the set default ftp-directory command to configure a default FTP working directory for all FTP users at one time.

The command takes effect for both ipv4 and ipv6 users.

Precautions

  • The ftp server default-directory command takes effect only when the device functions as an FTP server and the user function as an FTP client.
  • You can run the local-user ftp-directory command to configure an authorized working directory for a local user.

  • If you have configured the FTP working directory by running the local-user ftp-directory command, you must use this FTP working directory.

  • You can run the lcd command to view the working directory of FTP users.
  • If no FTP working directory is specified on the device, FTP users cannot log in to the device, and are prompted that the working directory is unauthorized.

Example

# Set the default FTP working directory to flash:/.

<HUAWEI> system-view
[~HUAWEI] ftp server default-directory flash:/

ftp server enable

Function

The ftp server enable command enables the FTP server function to allow FTP users to log in to the FTP server.

The undo ftp server command disables the FTP server function so that FTP users cannot log in to the FTP server.

By default, the FTP function is disabled.

Format

ftp [ ipv6 ] server enable

undo ftp [ ipv6 ] server [ enable ]

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To manage FTP server files on a client, you must run the ftp server enable command to enable the FTP server function to allow FTP users to log in to the FTP server.

Precautions

If the FTP server function is disabled, no user can log in to the FTP server, and users who have logged in to the FTP server cannot perform any operation except logout.

The ftp server enable command can enable IPv4 function. However, the ftp ipv6 server enable command enables only the IPv6 function.

The FTP protocol compromises device security. SFTP V2 mode is recommended.

Example

# Enable the FTP server function.

<HUAWEI> system-view
[~HUAWEI] ftp server enable
Related Topics

ftp server ip-block disable

Function

The ftp server ip-block disable command disables an FTP server from locking client IP addresses.

The undo ftp server ip-block disable command enables an FTP server to lock client IP addresses.

By default, an FTP server is enabled to lock client IP addresses.

Format

ftp server ip-block disable

undo ftp server ip-block disable

Parameters

None

Views

System view

Default Level

3: Management level

Usage Guidelines

If an FTP server is enabled to lock client IP addresses, a client IP address is locked when the number of FTP authentication failures reaches the upper limit in a specific period of time. Client IP addresses being locked fail the authentication and are displayed in the display ftp server ip-block list command output.

If an FTP server is disabled from locking client IP addresses, the display ftp server ip-block list command does not display any client IP address that is locked because of authentication failures.

IP addresses being locked are unlocked immediately after the FTP server is disabled from locking client IP addresses.

You are advised to enable the FTP server to lock client IP addresses to ensure security.

Example

# Disable an FTP server from locking client IP addresses.

<HUAWEI> system-view
[~HUAWEI] ftp server ip-block disable

# Enable an FTP server to lock client IP addresses.

<HUAWEI> system-view
[~HUAWEI] undo ftp server ip-block disable

ftp server ip-block failed-times

Function

The ftp server ip-block failed-times command sets the maximum number of consecutive FTP authentication failures within a specified period. If the number is reached, the system locks out the IP address of user.

The undo ftp server ip-block failed-times command restores the maximum number of consecutive FTP authentication failures and the period in which consecutive authentication failures are counted to default values.

By default, the maximum number of consecutive FTP authentication failures before the IP address of user lockout is 6, and the period is 5 minutes.

Format

ftp server ip-block failed-times failed-times period period

undo ftp server ip-block failed-times failed-times period period

Parameters

Parameter Description Value
failed-times Specifies the maximum number of consecutive FTP authentication failures before the IP address of user lockout. The value is an integer ranging from 1 to 10.
period period Specifies a period in which consecutive FTP authentication failures are counted. The value is an integer ranging from 1 to 120, in minutes.

Views

System view

Default Level

3: Management level

Usage Guidelines

To set the maximum number of consecutive authentication failures within a specified period, run the ftp server ip-block failed-times command. If the number is reached, the system locks out the IP address of user, which prevents the user from accessing the device through FTP. The system automatically unlocks the IP address of user until the unlocking period expires. This improves device security.

To manually unlock the IP address of user, run the activate ftp server ip-block ip-address command.

Example

# Set the maximum number of consecutive authentication failures before the IP address of user lockout to 3 and the period in which consecutive FTP authentication failures are counted to 6 minutes.

<HUAWEI> system-view
[~HUAWEI] ftp server ip-block failed-times 3 period 6

ftp server ip-block reactive

Function

The ftp server ip-block reactive command sets a period after which the system automatically unlocks an IP address of user.

The undo ftp server ip-block reactive command restores the default period.

By default, the period is 5 minutes.

Format

ftp server ip-block reactive reactive-period

undo ftp server ip-block reactive [ reactive-period ]

Parameters

Parameter Description Value
reactive-period Specifies a period after which the system automatically unlocks an IP address of user. The value is an integer ranging from 1 to 1000, in minute.

Views

System view

Default Level

3: Management level

Usage Guidelines

To set a period after which the system automatically unlocks an IP address of user, run the ftp server ip-block reactive command. A locked IP address of user cannot access the device through FTP. The system automatically unlocks the IP address of user until the unlocking period expires. This improves device security.

To manually unlock the IP address of user, run the activate ftp server ip-block ip-address command.

Example

# Set the period after which the system automatically unlocks the IP address of user to 50 minutes.

<HUAWEI> system-view
[~HUAWEI] ftp server ip-block reactive 50

ftp server port

Function

The ftp server port command specifies the listening port number of the FTP server.

The undo ftp server port command restores the default value of the listening port number.

The default value is 21.

Format

ftp [ ipv6 ] server port port-number

undo ftp [ ipv6 ] server port

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -
port port-number Specifies the listening port number of the FTP server. The value is 21 or an integer that ranges from 1025 to 65535.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

By default, the listening port number of the FTP server is 21. Attackers may frequently access the default listening port, which wastes bandwidth, deteriorates server performance, and prevents authorized users from accessing the FTP server through the listening port. You can run the ftp [ ipv6 ] server port command to specify another listening port number to prevent attackers from accessing the listening port.

The command ftp server port port-number sets the FTP server ipv4 listen port.

Prerequisites

Before running the ftp [ ipv6 ] server port command to specify the listening port number, you must first run the undo ftp server command to disable FTP services.

Precautions

  • After the listening port number is changed, the FTP server disconnects all FTP connections and uses the new listening port.

  • If the current listening port number is 21, FTP client users do not need to specify the port number for logging in to the FTP server. If the current listening port number is not 21, FTP client users must use the FTP server's listening port number to log in to the FTP server.

  • After the listening port number is changed, you must run the ftp server enable command to enable FTP services to make the configuration take effect.

Example

# Change the port number of the FTP server to 1028.
<HUAWEI> system-view
[~HUAWEI] undo ftp server
[*HUAWEI] ftp server port 1028
Related Topics

ftp server source

Function

The ftp server source command sets the specific source IP address of the FTP server to establish the connection, including the source IP address and source interface.

The undo ftp server source command cancels the configuration of FTP server source configuration.

By default, the source IP address and source interface of the FTP server are not specified, and the source IP address for the FTP server to send packets is 0.0.0.0.The IPv6 source address of packet sent by the FTP server is ::.

Format

ftp server source { -a source-ip-address | -i interface-type interface-number }

undo ftp server source

ftp ipv6 server source -a ipv6-address [ -vpn-instance vpn-instance-name ]

undo ftp ipv6 server source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address for the FTP server to send packets. The loopback IP address is recommended.

The value is in dotted decimal notation.

-i interface-type interface-number

Specifies the loopback interface of the FTP server as the source interface.

The primary IP address of the source interface is the source IP address for sending packets. If no IP address is configured for the source IP address, the FTP connection cannot be set up.

-
ipv6 Specifies the FTP IPv6 server. -
-a ipv6-address Specifies the source IPv6 address. The value consists of 128 octets, which are classified into 8 groups. Each group contains 4 hexadecimal numbers in the format X:X:X:X:X:X:X:X.
-vpn-instance vpn-instance-name Specifies the VPN. The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the FTP server uses the source IP address specified by routes to send packets. The source IP address must be configured for an interface with stable performance, such as the loopback interface. Using the loopback interface as the source IP address simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Before specifying a loopback interface as the source interface of the FTP server, the loopback interface must have been created successfully; otherwise, the command cannot be run successfully.

Before specifying a VPN instance for the FTP server, the VPN must have been created successfully; otherwise, the command cannot be run successfully.

Precautions

  • After the source IP address is specified for the FTP server, you must use the specified IP address to log in to the FTP server.
  • After running the ftp server-source command, you can only use the specified IP address or loopback interface of the FTP server for login. You need to restart the FTP service to activate the configuration.
  • If the ftp server-source command is not configured, all users can log in to the FTP server by default.
  • If the FTP service has been enabled, the FTP service restarts after the ftp server source command is executed.
  • If the specified source interface has been bound to a VPN instance, the server is automatically bound to the same VPN instance.

  • After a bound VPN instance is deleted, the VPN configuration specified using the ftp server-source command will not be cleared but does not take effect. In this case, the FTP server uses a public IP address. If you configure the VPN instance with the same name again, the VPN function restores.

  • After a bound source interface is deleted, the interface configuration specified using the ssh server-source command will not be cleared but does not take effect. If you configure the source interface with the same name again, the interface configuration specified using the ssh server-source command is updated and the function restores.

Example

# Set the source IP address of the FTP server to Loopback0.

<HUAWEI> system-view
[~HUAWEI] ftp server source -i loopback0
Warning: To make the server source configuration take effect, the FTP server will be restarted. Continue? [Y/N]: y
Info: Succeeded in setting the source interface of the FTP server to LoopBack0.
Info: Succeeded in starting the FTP server.

ftp server timeout

Function

The ftp server timeout command configures the idle timeout duration of the FTP server.

The undo ftp server timeout command restores the default idle timeout duration.

By default, the idle timeout duration of the FTP server is 10 minutes.

Format

ftp [ ipv6 ] server timeout minutes

undo ftp [ ipv6 ] server timeout

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -
minutes Specifies idle timeout duration. The value is an integer that ranges from 1 to 35791, in minutes.

Views

System view

Default Level

3: Management level

Usage Guidelines

After a user logs in to the FTP server, a connection is set up between the FTP server and the user's client. The idle timeout duration is configured to release the connection when the connection is interrupted or when the user performs no operation for a specified time.

The command ftp server timeout minutes only takes effect for ipv4 connection.

Example

# Set the idle timeout duration to 36 minutes.

<HUAWEI> system-view
[~HUAWEI] ftp server timeout 36
Related Topics

get (SFTP client view)

Function

The get command downloads a file from the SFTP server and saves the file to the local device.

Format

get remote-filename [ local-filename ]

Parameters

Parameter Description Value
remote-filename Specifies the name of the file to be downloaded from the SFTP server. The value is a string of 1 to 128 case-sensitive characters without spaces. The remote-filename must already exist.
local-filename Specifies the name of a downloaded file to be saved to the local device. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the get command to download files from the FTP server to upgrade devices.

Precautions

  • If local-filename is not specified on the local device, the original file name is used.

  • If the name of the downloaded file is the same as that of an existing local file, the system prompts you whether to overwrite the existing file.

Example

# Download a file from the SFTP server.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> get test.txt
Remote file: / test.txt --->  Local file: test.txt
Downloading the file. Please wait.../
Downloading file successfully ended.
File download is completed in 1 seconds. 

get (FTP client view)

Function

The get command downloads a file from the FTP server and saves the file to the local device.

Format

get remote-filename [ local-filename ]

Parameters

Parameter Description Value
remote-filename Specifies the name of the file to be downloaded from the FTP server. The value is a string of 1 to 128 case-sensitive characters without spaces. The remote-filename must already exist.
local-filename Specifies the name of a downloaded file to be saved to the local device. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the get command to download system software, backup configuration files, and patch files from the FTP server to upgrade devices.

Precautions

  • If the downloaded file name is not specified on the local device, the original file name is used.

  • If the name of the downloaded file is the same as that of an existing local file, the system prompts you whether to overwrite the existing file.

Example

# Download the system software devicesoft.cc from the FTP server.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] get devicesoft.cc
200 Port command okay.
150 Opening ASCII mode data connection for /devicesoft.cc.
\    6482944 bytes transferred 
226 Transfer complete.
FTP: 6482944 byte(s) received in 54.500 second(s) 1117.40Kbyte(s)/sec.
Related Topics

help (SFTP client view)

Function

The help command displays the help information in the SFTP client view.

Format

help [ command-name ]

Parameters

Parameter Description Value
command-name Displays the format and parameters of a specified command in the SFTP client view. The value is a string of 1 to 255 characters.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the help command to obtain the help information and display all commands or a command format in the SFTP client view.

Precautions

If you specify no parameter when running the help command, all commands in the SFTP client view are displayed.

Example

# Display the format of the command get.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> help get
get Remote file name STRING<1-128>   [Local file name STRING<1-128>]  Download file
Default local file name is the same with remote file.
Related Topics

lcd

Function

The lcd command displays and changes the local working directory of the FTP client in the FTP client view.

Format

lcd [ local-directory ]

Parameters

Parameter Description Value
local-directory Specifies the local working directory of the FTP client. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the lcd command to display the local working directory of the FTP client when uploading or downloading files, and set the upload or download path to the path of the local working directory.

Precautions

The lcd command displays the local working directory of the FTP client, while the pwd command displays the working directory of the FTP server. If you specify the parameter local-directory in the lcd command, you can directly change the local working directory in the FTP client view.

Example

# Change the local working directory to flash:/test.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] lcd
The current local directory is flash:/.
[ftp] lcd flash:/test/
The current local directory is flash:/test/.
Related Topics

mget

Function

The mget command downloads multiple files from the remote FTP server to the local device.

Format

mget remote-filenames

Parameters

Parameter Description Value
remote-filenames Specifies multiple files to download to the local device. File names are separated using spaces, and the wildcard (*) is supported. The value is a string of 1 to 254 characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the mget command to download multiple files at the same time.

Precautions

  • The command cannot download all files in a directory or subdirectory.

  • If the name of the downloaded file is the same as that of an existing local file, the system prompts you whether to overwrite the existing file.

Example

# Download files 1.txt, 2.txt, and vrp221.cfg from the remote FTP server.

<HUAWEI> ftp 10.10.10.1
Trying 10.10.10.1 ...
Press CTRL+K to abort
Connected to 10.10.10.1.
220 FTP service ready.
User(10.10.10.1:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.  

[ftp]mget 1.txt 2.txt vrp221.cfg 
200 Port command okay.
150 Opening ASCII mode data connection for 1.txt.

226 Transfer complete.
FTP: 3885 byte(s) received in 0.174 second(s) 22.32Kbyte(s)/sec.

200 Port command okay.
150 Opening ASCII mode data connection for 2.txt.

226 Transfer complete.
FTP: 8721 byte(s) received in 0.179 second(s) 48.72Kbyte(s)/sec.

200 Port command okay.
150 Opening ASCII mode data connection for vrp221.cfg.

226 Transfer complete.
FTP: 6700 byte(s) received in 0.151 second(s) 44.37Kbyte(s)/sec.   

[ftp]  
Related Topics

mkdir (FTP client view)

Function

The mkdir command creates a directory on the remote FTP server.

Format

mkdir remote-directory

Parameters

Parameter Description Value
remote-directory Specifies the directory to be created. The value is a string of case-sensitive characters without spaces. The absolute path length ranges from 1 to 128.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

  • You can run the mkdir command to create a subdirectory in a specified directory, and the subdirectory name must be unique.

  • If no path is specified when you create a subdirectory, the subdirectory is created in the current directory.

  • The created directory is stored on the FTP server.

Example

# Create a directory test on the remote FTP server.

<HUAWEI> ftp 172.16.104.110
Trying 172.16.104.110 ...
Press CTRL+K to abort
Connected to 172.16.104.110.
220 FTP service ready.
User(172.16.104.110:(none)):huawei
331 Password required for huawei
Enter password:
230 User logged in.
[ftp] mkdir test
257 "test" new directory created.

mkdir (SFTP client view)

Function

The mkdir command creates a directory on the remote SFTP server.

Format

mkdir remote-directory

Parameters

Parameter Description Value
remote-directory Specifies the directory to be created. The value is a string of case-sensitive characters without spaces. The absolute path length ranges from 1 to 128.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • You can run the mkdir command to create a subdirectory in a specified directory, and the subdirectory name must be unique.

  • If no path is specified when you create a subdirectory, the subdirectory is created in the current directory.

  • The created directory is stored on the SFTP server.

  • After a directory is created, you can run the dir/ls (SFTP client view) command to view the directory.

Example

# Create a directory on the SFTP server.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> mkdir ssh
Info: Succeeded in creating a directory.

mkdir (User view)

Function

The mkdir command creates a directory in the current storage device.

Format

mkdir directory

Parameters

Parameter

Description

Settings

directory

Specifies a directory or directory and its path.

The value is a string of case-sensitive characters in the [ drive ] [ path ] directory format. The absolute path length ranges from 1 to 255, while the directory name length ranges from 1 to 128. Up to 8 levels of directories are supported.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

Characters such as ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.
  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

If you only the subdirectory name is specified, a subdirectory is created in the current working directory. You can run the pwd (user view) command to query the current working directory. If the subdirectory name and directory path are specified, the subdirectory is created in the specified directory.

Precautions

  • The subdirectory name must be unique in a directory; otherwise, the message "Error: Directory with same name already exists" is displayed.

  • A maximum of eight directory levels are supported when you create a directory.

Example

# Create the subdirectory new in the flash card.

<HUAWEI> mkdir flash:/new
Info: Create directory flash:/new......Done.
Related Topics

more

Function

The more command displays the content of a specified file.

Format

more filename [ offset ]

Parameters

Parameter Description Value
filename Specifies the file name.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

offset Specifies the file offset. The value is an integer that ranges from 0 to 2147483647, in bytes.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the more command to display the file content directly on a device.

  • The following describes the drive name.

    • drive is the storage device and is named as flash:.

    • If devices are stacked, drive can be named as:

      • flash: root directory of the flash memory of the master switch in the stack.
      • chassis ID#flash: root directory of the flash memory on a device in the stack.

      For example, slot2#flash: indicates the flash memory in slot 2.

  • The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
    • flash:/my/test/ is an absolute path.

    • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

    • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • You are not advised to use this command to display non-text files; otherwise, the terminal is shut down or displays garbled characters, which is harmless to the system.

  • Files are displayed in text format.

  • You can display the file content flexibly by specifying parameters before running the more command:
    • You can run the more filename command to view a specified text file. The content of the specified text file is displayed on multiple screens. You can press the spacebar consecutively on the current session GUI to display all content of the file.

      To display the file content on multiple screens, you must ensure that:
      • The number of lines that can be displayed on a terminal screen is greater than 0. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)
      • The total number of file lines is greater than the number of lines that can be displayed on a terminal screen. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)
    • You can run the more filename offset command to view a specified file. The content of the specified text file starting from offset is displayed on multiple screens. You can press the spacebar consecutively on the current session GUI to display all content of the file.

      To display the file content on multiple screens, you must ensure that:
      • The number of lines that can be displayed on a terminal screen is greater than 0. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)
      • The number of lines starting from offset in the file is greater than the number of lines that can be displayed on a terminal screen. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)

Example

# Display the content of the file test.bat.

<HUAWEI> more test.bat
rsa local-key-pair create
user-interface vty 12 14
authentication-mode aaa
protocol inbound ssh
user privilege level 5
commit
quit
ssh user sftpuser authentication-type password
ssh user sftpuser service-type all
sftp server enable
commit
# Display the content of the file log.txt and set the offset to 100.
<HUAWEI> more log.txt 100
:                CHINA HUAWEI TECHNOLOGY LIMITTED CO.,LTD
#   FILE NAME:                  Product Adapter File(PAF)
#   PURPOSE:                    MAKE VRPV5 SUITABLE FOR DIFFERENT PRODUCT IN LIB
#   SOFTWARE PLATFORM:          V6R2C00
#   DETAIL VERSION:             B283
#   DEVELOPING GROUP:            8090 SYSTEM MAINTAIN GROUP
#   HARDWARE PLATFORM:          8090 (512M Memory)
#   CREATED DATE:               2003/05/10
#   AUTH:                        RAINBOW
#   Updation History:           Kelvin dengqiulin update for 8090(2004.08.18)
#                               lmg update for R3(2006.11.7)
#                               fsr update for R5 (2008.1.18)
#                               qj update for R6 (2008.08.08)
#   COPYRIGHT:                           2003---2008
#----------------------------------------------------------------------------------


#BEGIN FOR RESOURCE DEFINATION
[RESOURCE]
FORMAT: SPECS RESOURCE NAME STRING = CONTROLLABLE(1 : ABLE , 0: NOT ABLE),DEFAUL
T VALUE , MAX VALUE , MIN VALUE
#BEGIN  SPECS RESOURCE FOR TE tunnel Nto1 PS MODULE
PAF_LCS_TUNNEL_SPECS_TE_PS_MAX_PROTECT_NUM = 1, 8, 16, 1
PAF_LCS_TUNNEL_SPECS_TE_PS_REBOOT_TIME     = 1, 180000, 3600000, 60000
  ---- More ----                                                               

move

Function

The move command moves the source file from a specified directory to a destination directory.

Format

move source-filename destination-filename

Parameters

Parameter

Description

Settings

source-filename

Specifies the directory and name of a source file.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

destination-filename

Specifies the directory and name of a destination file.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • The move and copy commands have different effects:

    • The move command moves the source file to the destination directory.
    • The copy command copies the source file to the destination directory.

Example

# Move the file test from the root directory to the directory new.

<HUAWEI> move test new/
Warning: Move file flash:/test to flash:/new/test? [Y/N]:y
100%  complete
Info: Move file flash:/test to flash:/new/test...Done.
Related Topics

mput

Function

The mput command uploads multiple files from the local device to the remote FTP server.

Format

mput local-filenames

Parameters

Parameter Description Value
local-filenames Specifies files to be uploaded. File names are separated using spaces, and the wildcard (*) is supported. The value is a string of 1 to 256 characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the mput command to upload multiple files to the remote FTP server at the same time, especially in the upgrade scenario.

System prompts a confirmation message to the user before file transfer. You can disable the prompt message using undo prompt command.

Precautions

If the name of the uploaded file is the same as that of an existing file on the FTP server, the system overwrites the existing file.

Example

# Upload two local files 111.text and vrp222.cfg to the remote FTP server.

<HUAWEI> ftp 10.10.10.1
Trying 10.10.10.1 ...
Press CTRL+K to abort
Connected to 10.10.10.1.
220 FTP service ready.
User(10.10.10.1:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 

[ftp] mput 111.txt vrp222.cfg 
200 Port command successful. 
150 Opening ASCII mode data connection for file transfer.
226 Transfer complete.
FTP: 6556 byte(s) sent in 0.231 second(s) 28.38Kbyte(s)/sec.

200 Port command successful. 
150 Opening ASCII mode data connection for file transfer.
226 Transfer complete.
FTP: 4198 byte(s) sent in 0.171 second(s) 24.54Kbyte(s)/sec.

[ftp]
Related Topics

open

Function

The open command connects the FTP client and server.

Format

# Connect the FTP client to the FTP server based on the IPv4 address.

open [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-number ] [ public-net | vpn-instance vpn-instance-name ]

# Connect the FTP client to the FTP server based on the IPv6 address.

open ipv6 host-ipv6 [ -oi interface-type interface-number ] [ port-number ] [ public-net | vpn-instance vpn-instance-name ]

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address for connecting to the FTP client. You are advised to use the loopback interface IP address.

-
-i interface-type interface-number

Specifies the source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-
host-ip

Specifies the IP address or host name of the remote IPv4 FTP server.

NOTE:

You can run the display dns dynamic-host or display ip host command to view the mapping between the IP address and host name.

The IPv4 address is in dotted decimal notation. The host name is a string of 1 to 255 characters.

host-ipv6

Specifies the IP address or host name of the remote IPv6 FTP server.

NOTE:

You can run the display dns dynamic-host or display ip host command to view the mapping between the IP address and host name.

The IPv6 address is a 32-digit hexadecimal number in the X:X:X:X:X:X:X:X format. The host name is a string of 1 to 255 characters.

port-number Specifies the port number of the FTP server. The value is an integer that ranges from 1 to 65535. The default value is the standard port number 21.
public-net

Specifies the FTP server on the public network.

You must set the public-net parameter when the FTP server IP address is a public network IP address.

-
vpn-instance vpn-instance-name

Specifies the name of the VPN instance where the FTP server is located.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
host-ipv6 Specifies the IP address of the remote IPv6 FTP server.

The value is a 32-digit hexadecimal number in the X:X:X:X:X:X:X:X format.

-oi interface-type interface-number Specifies the source interface type and ID. -

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the open command in the FTP client view to connect the FTP client to the server to transmit files and manage files and directories of the FTP server.

Precautions

  • You can run the ftp command in the user view to connect the FTP client and server and enter the FTP client view.

  • You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified on the IPv4 network. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.
  • You can run the set net-manager vpn-instance command to configure the NMS management VPN instance before running the open command to connect the FTP client and server.
    • If public-net or vpn-instance is not specified, the FTP client accesses the FTP server in the VPN instance managed by the NMS.

    • If public-net is specified, the FTP client accesses the FTP server on the public network.

    • If vpn-instance vpn-instance-name is specified, the FTP client accesses the FTP server in a specified VPN instance.

  • If the port number that the FTP server uses is non-standard, you must specify a standard port number; otherwise, the FTP server and client cannot be connected.

  • When you run the open command, the system prompts you to enter the user name and password for logging in to the FTP server. You can log in to the FTP client and enter the FTP client view if the user name and password are correct.

Example

# Connect the FTP client with the FTP server whose IP address is 10.137.217.204.

<HUAWEI> ftp
[ftp] open 10.137.217.204 
Trying 10.137.217.204 ...
Press CTRL + K to abort
Connected to 10.137.217.204.
220 FTP service ready.
User(10.137.217.204:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.

[ftp]
# Connect the FTP client with the FTP server whose IP address is fc00:2001:db8::1.
<HUAWEI> ftp
[ftp] open ipv6 fc00:2001:db8::1
Trying fc00:2001:db8::1 ...
Press CTRL + K to abort
Connected to fc00:2001:db8::1
220 FTP service ready.
User(fc00:2001:db8::1:(none)):huawei
331 Password required for huawei
Enter Password:
230 User logged in.

[ftp]
Related Topics

passive

Function

The passive command sets the data transmission mode to passive.

The undo passive command sets the data transmission mode to active.

By default, the data transmission mode is active.

Format

passive

undo passive

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

The device supports the active and passive data transmission modes. In active mode, the server initiates a connection request, and the client and server need to enable and monitor a port to establish a connection. In passive mode, the client initiates a connection request, and only the server needs to monitor the corresponding port. This command is used together with the firewall function. When the client is configured with the firewall function, FTP connections are restricted between internal clients and external FTP servers if the FTP transmission mode is active. If the FTP transmission mode is passive, FTP connections between internal clients and external FTP servers are not restricted.

Example

# Set the data transmission mode to passive.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] passive
Info: Succeeded in switching passive on.

prompt

Function

The prompt command enables the prompt function when files are transmitted between the FTP client and server.

The undo prompt command disables the prompt function.

By default, the prompt function is disabled.

Format

prompt

undo prompt

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can enable the prompt function as required when transmitting files between the FTP client and server.

Precautions

  • The prompt command can be used when you run the put, mput, get, and mget commands.
  • The prompt function can be enabled only for confirming service upload and download.
    • When you run the put or mput command, the system always overwrites the existing file if the name of the uploaded file is the same as that of an existing file on the FTP server.
    • When you run the get or mget command, the system always prompts you whether to overwrite the existing file if the name of the uploaded file is the same as an existing file name in the specified directory.

Example

# Enable the FTP message prompt function.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] prompt
Info: Succeeded in switching prompt on.

# Disable the FTP message prompt function.

[ftp] undo prompt
Info: Succeeded in switching prompt off.

put (FTP client view)

Function

The put command uploads a local file to the remote FTP server.

Format

put local-filename [ remote-filename ]

Parameters

Parameter Description Value
local-filename Specifies the local file name of the FTP client. The value is a string of 1 to 128 case-sensitive characters without spaces. The local-filename must already exist.
remote-filename Specifies the name of the file to be uploaded to the remote FTP server. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the put command to upload a local file to the remote FTP server for further check and backup. For example, you can upload the local log file to the FTP server for other users to check, and upload the configuration file to the FTP server as a backup before upgrading the device.

Precautions

  • If the file name is not specified on the remote FTP server, the local file name is used.

  • If the name of the uploaded file is the same as that of an existing file on the FTP server, the system overwrites the existing file.

Example

# Upload the configuration file vrpcfg.zip to the remote FTP server as a backup, and save it as backup.zip.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] put vrpcfg.zip backup.zip 
200 Port command okay.
150 Opening ASCII mode data connection for /backup.zip.
/     100% [***********] 
226 Transfer complete.
FTP: 1098 byte(s) sent in 0.131 second(s) 8.38Kbyte(s)/sec.
Related Topics

put (SFTP client view)

Function

The put command uploads a local file to a remote SFTP server.

Format

put local-filename [ remote-filename ]

Parameters

Parameter Description Value
local-filename Specifies a local file name on the SFTP client. The value is a case-sensitive character string without spaces. The file name (including the absolute path) contains 1 to 128 characters. The local-filename must already exist.
remote-filename Specifies the name of the file uploaded to the remote SFTP server. The value is a case-sensitive character string without spaces. The file name (including the absolute path) contains 1 to 128 characters.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command enables you to upload files from the local device to a remote SFTP server to view the file contents or back up the files. For example, you can upload log files of a device to an SFTP server and view the logs in the server. During an upgrade, you can upload the configuration file of the device to the SFTP server for backup.

Precautions

  • If remote-filename is not specified, the uploaded file is saved on the remote SFTP server with the original file name.

  • If the specified remote-filename is the same as an existing file name on the SFTP server, the uploaded file overwrites the existing file on the server.

Example

# Upload a file to the SFTP server.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> put wm.cfg
Local file: wm.cfg --->  Remote file: /wm.cfg
Uploading the file. Please wait...\ 
Uploading file successfully ended.
File upload is completed in 0 seconds. 

pwd (FTP client view)

Function

The pwd command displays the FTP client's working directory on the remote FTP server.

Format

pwd

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

After logging in to the FTP server, you can run the pwd command to display the FTP client's working directory on the remote FTP server.

If the displayed working directory is incorrect, you can run the cd command to change the FTP client's working directory on the remote FTP server.

Example

# Display the FTP client's working directory on the remote FTP server.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] pwd
257 "/" is current directory.
Related Topics

pwd (SFTP client view)

Function

The pwd command displays the SFTP client's working directory on the remote FTP server.

Format

pwd

Parameters

None

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

After logging in to the SFTP server, you can run the pwd command to display the SFTP client's working directory on the remote SFTP server.

If the displayed working directory is incorrect, you can run the cd command to change the SFTP client's working directory on the remote SFTP server.

Example

# Display the SFTP client's working directory on the remote SFTP server.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> pwd
Current directory is:
/
sftp-client> cd test
Current directory is:
/test
sftp-client> pwd
Current directory is:
/test
Related Topics

pwd (user view)

Function

The pwd command displays the current working directory.

Format

pwd

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

You can run the pwd command in any directory to display the current working directory. To change the current working directory, you can run the cd command.

Example

# Display the current working directory.

<HUAWEI> pwd
flash:/test/

remotehelp

Function

The remotehelp command displays the help information about an FTP command when the FTP client and server are connected.

Format

remotehelp [ command ]

Parameters

Parameter Description Value
command Specifies the FTP command. The value is a string of 1 to 16 characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

You can run the remotehelp command to display the help information about an FTP command.

  • The help information is provided by the remote server. Different remote servers may provide different help information for an FTP command.
  • The following are the protocol commands support help information.

    Command

    Help Information

    USER

    "USER <sp> <username>"

    PASS

    "PASS <sp> password"

    ACCT*

    "ACCT <sp> account-information"

    CWD

    "CWD [ <sp> directory-name ]"

    CDUP

    "CDUP <change to parent directory>"

    SMNT*

    "SMNT <sp> <structure mount>, Unimplemented"

    QUIT

    "QUIT <terminate service>"

    REIN*

    "REIN <reinitialize server state>; Unimplemented"

    PORT

    "PORT <sp> b0, b1,b2, b3, b4, b5"

    PASV

    "PASV <set server in passive mode>"

    TYPE

    "TYPE <sp> [ A | I ]"

    STRU*

    "STRU <specify file structure>; Unimplemented"

    MODE*

    "MODE <specify transfer mode>; Unimplemented"

    RETR

    "RETR <sp> file-name"

    STOR

    "STOR <sp> file-name"

    STOU*

    "STOU <sp> file-name; Unimplemented"

    APPE

    "APPE <sp> file-name"

    ALLO*

    "ALLO allocate storage<vacuously>; Unimplemented"

    REST*

    "REST <restart command>; Unimplemented"

    RNFR

    "RNFR <sp> file-name"

    RNTO

    "RNTO <sp> file-name"

    ABOR*

    "ABOR <abort operation>; Unimplemented"

    DELE

    "DELE <sp> file-name"

    RMD

    "RMD <sp> path-name"

    MKD

    "MKD <sp> path-name"

    PWD

    "PWD <return current directory>"

    LIST

    "LIST [ <sp> path-name ]"

    NLST*

    "NLST [ <sp> path-name ]; Unimplemented"

    SITE*

    "SITE; Unimplemented"

    SYST

    "SYST <get type of operating system>"

    STAT*

    "STAT [ <sp> <pathname> ]"

    HELP

    "HELP [ <sp> <string> ]"

    NOOP*

    "NOOP; Unimplemented"

    XCUP

    "XCUP <change to parent directory>"

    XCWD

    "XCWD [ directory-name ]"

    XMKD

    "XMKD <sp> path-name"

    XPWD

    "XPWD <return current directory>"

    XRMD

    "XRMD <sp> path-name"

    EPSV

    "EPSV <sp> <net-prt>"

    EPRT

    "EPRT <sp> <d><net-prt><d><net-addr><d><port><d>"

    FEAT*

    "FEAT, Unimplemented"

    NOTE:
    • * means the command is not complete.
    • For the commands other than the above listed commands, the response string is "Unknown command".

Example

# Display the syntax of the command cdup.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] remotehelp
214-The following commands are recognized (Commands marked with '*' are unimplem
ented).                                                                         
   USER   PASS   ACCT*  CWD    CDUP   SMNT*  QUIT   REIN*                       
   PORT   PASV   TYPE   STRU*  MODE*  RETR   STOR   STOU*                       
   APPE   ALLO*  REST*  RNFR   RNTO   ABOR   DELE   RMD                         
   MKD    PWD    LIST   NLST   SITE*  SYST   STAT*  HELP                        
   NOOP*  XCUP   XCWD   XMKD   XPWD   XRMD   EPSV   EPRT                        
   FEAT*                                                                        
214 Direct comments to Huawei Tech.
[ftp] remotehelp cdup
214 Syntax: CDUP <change to parent directory>.

remove (SFTP client view)

Function

The remove command deletes specified files from the remote SFTP server.

Format

remove remote-filename &<1-10>

Parameters

Parameter Description Value
remote-filename Specifies the name of the file to be deleted from the remote SFTP server. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • You can configure a maximum of 10 file names in the command and separate them using spaces and delete them at one time.

  • If the file to be deleted is not in the current directory, you must specify the file path.

Example

# Delete the file 3.txt from the server and backup1.txt from the test directory.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> remove 3.txt test/backup1.txt
Warning: Are sure to remove these files? [Y/N]:y
Info: Succeeded in removing the file: /3.txt.
Info: Succeeded in removing the file: /test/backup1.txt.

rename (SFTP client view)

Function

The rename command renames a file or directory stored on the SFTP server.

Format

rename old-name new-name

Parameters

Parameter Description Value
old-name

Specifies the name of a file or directory.

The value is a string of 1 to 128 case-sensitive characters without spaces. The old-name must already exist.
new-name

Specifies the new name of the file or directory.

The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

You can run the rename command to rename a file or directory.

Example

# Rename the directory yourtest on the SFTP server.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> rename test/yourtest test/test
Warning: Rename /test/yourtest to /test/test? [Y/N]:y
Info: Succeeded in renaming file.
sftp-client> cd test
Current directory is:
/test
sftp-client> dir
drwxrwxrwx   1 noone    nogroup         0 Mar 29 22:44 .
drwxrwxrwx   1 noone    nogroup         0 Mar 29 22:39 ..
drwxrwxrwx   1 noone    nogroup         0 Mar 24 00:04 test
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 18:38 backup.txt

rename (user view)

Function

The rename command renames a file or folder.

Format

rename old-name new-name

Parameters

Parameter

Description

Settings

old-name

Specifies the name of a file or folder.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 characters. case-sensitive characters without spaces in the [ drive ] [ path ] filename format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

new-name

Specifies the new name of the file or directory.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 characters. case-sensitive characters without spaces in the [ drive ] [ path ] filename format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name:

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • You must rename a file or directory in its source directory.

  • If the renamed file or directory has the same name as an existing file or directory, an error message is displayed.

  • If you specify old-name or new-name without specifying the file path, the file must be saved in your current working directory.

Example

# Rename the directory mytest to yourtest in the directory flash:/test/.

<HUAWEI> pwd
flash:/test 
<HUAWEI> rename mytest yourtest
Info: Rename file flash:/test/mytest to flash:/test/yourtest ?[Y/N]:y
Info: Rename file flash:/test/mytest to flash:/test/yourtest ......Done. 

# Rename the file sample.txt to sample.bak.

<HUAWEI> rename sample.txt sample.bak
Info: Rename file flash:/sample.txt to flash:/sample.bak ?[Y/N] :y
Info: Rename file flash:/sample.txt to flash:/sample.bak .......Done.
Related Topics

reset recycle-bin

Function

The reset recycle-bin command permanently deletes files from the recycle bin.

Format

reset recycle-bin [ /f | filename | devicename ]

Parameters

Parameter Description Value
/f

Directly deletes all files from the recycle bin.

-

filename Specifies the name of a file to be deleted.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

The wildcard (*) character is supported.

devicename Specifies the storage device name.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If you run the delete command without specifying the /unreserved parameter, the file is moved to the recycle bin and still occupies the memory. To free up the space, you can run the reset recycle-bin command to permanently delete the file from the recycle bin.

The following describes the drive name.

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • You can run the dir /all command to display all files that are moved to the recycle bin from the current directory, and file names are displayed in square brackets ([ ]).

  • If you delete a specified storage device, all files in the root directory of the storage device are deleted.

  • If you run the reset recycle-bin command directly, all files that are moved to the recycle bin from the current directory are permanently deleted.

Example

# Delete the file test.txt that is moved to the recycle bin from the directory test.

<HUAWEI> reset recycle-bin flash:/test/test.txt
Info: Are you sure to clear flash:/test/test.txt?[Y/N]:y
Info: Clearing file flash:/test/test.txt......Done. 

# Delete files that are moved to the recycle bin from the current directory.

<HUAWEI> pwd
flash:/test 
<HUAWEI> reset recycle-bin
Info: Are you sure to clear flash:/test/aa.txt?[Yes/All/No/Cancel]:y
Info: Clearing file flash:/test/aa.txt......Done.
Info: Are you sure to clear flash:/test/abc.txt?[Yes/All/No/Cancel]:y
Info: Clearing file flash:/test/abc.txt......Done.
Info: Are you sure to clear flash:/test/1.bat?[Yes/All/No/Cancel]:y
Info: Clearing file flash:/test/1.bat......Done.

rmdir (FTP client view)

Function

The rmdir command deletes a specified directory from the remote FTP server.

Format

rmdir remote-directory

Parameters

Parameter Description Value
remote-directory Specifies a directory or path on the FTP server. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the rmdir command to delete a specified directory from the remote FTP server.

Precautions

  • Before running the rmdir command to delete a directory, you must delete all files and subdirectories from the directory.

  • If no path is specified when you delete a subdirectory, the subdirectory is deleted from the current directory.

  • The directory is deleted from the FTP server rather than the FTP client.

Example

# Delete the directory d:/temp1 from the remote FTP server.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] rmdir d:/temp1
250 'D:\temp1': directory removed.

rmdir (user view)

Function

The rmdir command deletes a specified directory from the storage device.

Format

rmdir directory

Parameters

Parameter Description Value
directory

Specifies a directory or directory and its path.

The value is a string of case-sensitive characters in the [ drive ] [ path ] directory format. The absolute path length ranges from 1 to 255, while the directory name length ranges from 1 to 128. Up to 8 levels of directories are supported.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

Characters such as ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.
  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • Before running the rmdir command to delete a directory, you must delete all files and subdirectories from the directory.

  • A deleted directory and its files cannot be restored from the recycle bin.

Example

# Delete the directory test from the current directory.

<HUAWEI> rmdir test
Info: Are you sure to remove directory flash:/test?[Y/N]:y
Info: Removing directory flash:/test/.......Done.
Related Topics

rmdir (SFTP client view)

Function

The rmdir command deletes a specified directory from the remote SFTP server.

Format

rmdir remote-directory &<1-10>

Parameters

Parameter Description Value
remote-directory Specifies the name of a file on the SFTP server. The value is a string of 1 to 128 case-sensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • You can configure a maximum of 10 file names in the command and separate them using spaces and delete them at one time.

  • Before running the rmdir command to delete a directory, you must delete all files and subdirectories from the directory.

  • If the directory to be deleted is not in the current directory, you must specify the file path.

Example

# Delete the directory 1 from the current directory, and the directory 2 from the test directory.

<HUAWEI> system-view
[~HUAWEI] sftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Please input the username:admin
Enter password:
sftp-client> rmdir 1 test/2
Warning: Are sure to remove these directories? [Y/N]:y
Info: Succeeded in removing the directory: /test/1.
Info: Succeeded in removing the directory: /test/test/2.

scp

Function

The scp command uploads a local file to the remote SCP server or downloads a file from the remote SCP server to a local directory.

Format

# Transfer a file between the local client and the remote SCP server based on IPv4.

scp [ -a source-ip-address | -i interface-type interface-number ] [ -force-receive-pubkey ] [ -port port-number | { public-net | vpn-instance vpn-instance-name } | -c | -cipher cipher-type | -prefer-kex kex-type | -r | identity-key { dsa | ecc | rsa } | user-identity-key { dsa | ecc | rsa } ] * source-filename destination-filename

# Transfer a file between the local client and the remote SCP server based on IPv6.

scp ipv6 [ -a source-ipv6-address | -oi interface-type interface-number ] [ public-net | vpn-instance vpn-instance-name ] [ -force-receive-pubkey ] [ -port port-number | -c | -cipher cipher-type | -prefer-kex kex-type | -r | identity-key { dsa | ecc | rsa } | user-identity-key { dsa | ecc | rsa } ] * source-filename destination-filename

Parameters

Parameter Description Value
-a source-ip-address Specifies the source IPv4 address for connecting to the SCP client. You are advised to use the loopback interface IP address. -
-a source-ipv6-address Specifies the source IPv6 address for connecting to the SCP client. You are advised to use the loopback interface IP address. -
-i interface-type interface-number

Specifies the source interface used by the SCP client to set up connections. It consists of the interface type and number. It is recommended that you specify a loopback interface. The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

If the source interface is specified using -i interface-type interface-number, the public-net and vpn-instance vpn-instance-name parameters are not supported.

-
-oi interface-type interface-number

Specifies an outbound interface on the local device.

If the remote host uses an IPv6 address, you must specify the outbound interface on the local device.

-
-force-receive-pubkey Indicates that a server forcibly receives pulic key authentication. -
-port port-number Specifies the port number of the SCP server. The value is an integer that ranges from 1 to 65535. The default value is 22.
public-net Indicates that the SCP server is connected to the public network. -
vpn-instance vpn-instance-name Specifies the name of the VPN instance where the SCP server is located. The name of the VPN instance must already exist.
-r Uploads or downloads files in batches. -
-c Compress files when uploading or downloading them. -
-cipher cipher-type Specifies the encryption algorithms for uploading or downloading files. The algorithms include:
  • 3des
  • aes128
  • aes256
  • arcfour128
  • arcfour256
  • des
  • aes128_ctr
  • aes256_ctr
  • aes192
  • aes128_gcm
  • aes256_gcm
  • aes192_ctr
The default encryption algorithm is aes256.
NOTE:
You are advised to use aes128, aes256, arcfour128, aes128_ctr, aes256_ctr, and arcfour256 encryption algorithms to ensure high security.
-prefer_kex kex-type

Specifies the preferred key exchange algorithm.

The key exchange algorithms include:
  • dh-exchange-group-sha256
  • dh_exchange_group
  • dh_group1
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • sm2_kep
  • dh_group14_sha1
The default key exchange algorithm is ecdh-sha2-nistp521.
NOTE:
When the public key algorithm on the server is ecc, the sm2_kep algorithm is preferred.
identity-key Specifies the public key algorithm for server authentication.
The public key algorithm can be one of the following:
  • dsa
  • ecc
  • rsa
The default public key algorithm is rsa.
NOTE:

You are advised to use a securer ECC authentication algorithm for higher security. When the public key algorithm for server authentication is ecc, the preferred key exchange algorithm must be sm2_kep.

user-identity-key

Specifies a public key algorithm for user authentication.

The public key algorithm can be one of the following:
  • dsa
  • ecc
  • rsa
The default public key algorithm is rsa.
NOTE:

When the public key algorithm for server authentication is ecc, the preferred key exchange algorithm must be sm2_kep.

source-filename Specifies a source file to be uploaded or downloaded.

The source file format is username@hostname:[path]filename for the file downloading operation.

The source file format is [path]filename for the file uploading operation.

destination-filename Specifies a destination file to be uploaded or downloaded.

The destination file format is username@hostname:[path]filename for the file uploading operation.

The destination file format is [path]filename for the file downloading operation.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SCP file transfer mode is based on SSH2.0 Compared with the SFTP file transfer mode, the SCP file transfer mode allows you to upload or download files when the connection is set up between the SCP client and server.

  • You are advised to set the source IP address to the loopback address, or set the outbound interface to the loopback interface using -a and -i, to improve security.

  • When -r is specified, you can use the wildcard (*) to upload or download files in batches, for example, *.txt and huawei.*.

  • When -c is specified, files are compressed before being transmitted. File compression takes a long time and affects file transfer speed; therefore, you are not advised to compress files before transferring them.

Precautions

  • The format of uploaded and downloaded files of the SCP server is username@hostname:[path]filename.

    • username is the user name for logging in to the SCP server.
    • hostname is the name or IP address of the SCP server.
    • path is the working directory on the SCP server.
    • filename is the name of a file.
  • If hostname is an IPv6 address, the IPv6 address must be included in square brackets ([ ]), for example, john@[1000::1]:.
  • If the destination file name is the same as the name of an existing directory, the file is moved to this directory with the source file name. If the destination file has the same name as an existing file, the system overwrites the existing file.

  • If an SCP user on the client authenticates the server using an RSA , a DSA or an ECC public key, the SCP user is prompted to select the key pair for authentication.

Example

# Log in through DSA authentication and copy the xxxx.txt file to the flash memory of remote SCP server at 10.10.0.114.

<HUAWEI> system-view
[~HUAWEI] scp identity-key dsa flash:/xxxx.txt root@10.10.0.114:flash:/xxxx.txt
Trying 10.10.0.114...
Press CTRL+K to abort
Connected to 10.10.0.114...
The server is not authenticated. Continue to access it? [Y/N]:y
Save the server's public key? [Y/N]:y
The server's public key will be saved with the name 10.10.0.114. Please wait...

Please select public key type for user authentication [R for RSA/D for DSA/E for ECC] Please select [R/D/E]: d 
Enter password:
xxxx.txt                      100%          261Bytes            1Kb/s
Related Topics

scp client-source

Function

The scp client-source command specifies the source IP address for the SCP client to send packets.

The undo scp client-source command cancels the source IP address for the SCP client to send packets.

The default source IP address of the SCP client is 0.0.0.0.

Format

scp client-source { -a source-ip-address [ public-net | -vpn-instance vpn-instance-name ] | -i interface-type interface-number }

undo scp client-source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address of the SCP client. You are advised to use the loopback interface IP address.

-
public-net Indicates that the SCP server is connected to the public network. -
-vpn-instance vpn-instance-name Specifies the name of the VPN instance where the SCP server is located. The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
-i interface-type interface-number

Specifies the type and number of a source interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the SCP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Before specifying the parameter vpn-instance vpn-instance-name, ensure that a VPN instance has been configured.

If you use -i to specify a logical interface as the source interface, ensure that the logical interface has been created successfully.

Precautions

  • The scp command also configures the source IP address whose priority is higher than that of the source IP address specified in the scp client-source command. If you specify source addresses in the scp client-source and scp commands, the source IP address specified in the scp command is used for data communication. The source address specified in the scp client-source command applies to all SCP connections. The source address specified in the scp command applies only to the current SCP connection.

  • If the specified source interface has been bound to a VPN instance, the client is automatically bound to the same VPN instance.

  • After a bound VPN instance is deleted, the VPN configuration specified using the scp client-source command will not be cleared but does not take effect. In this case, the SCP server uses a public IP address. If you configure the VPN instance with the same name again, the VPN function restores.

  • After a bound source interface is deleted, the interface configuration specified using the ssh server-source command will not be cleared but does not take effect. If you configure the source interface with the same name again, the interface configuration specified using the ssh server-source command is updated and the function restores.

Example

# Set the source IP address of the SCP client to the loopback interface IP address 10.1.1.1.

<HUAWEI> system-view
[~HUAWEI] scp client-source -a 10.1.1.1

scp max-sessions

Function

The scp max-sessions command sets the maximum number of SCP clients allowed to connect to an SCP server concurrently.

The undo scp max-sessions command restores the default number of SCP clients allowed to connect to an SCP server concurrently.

By default, a maximum of 2 SCP clients are allowed to connect to an SCP server concurrently.

Format

scp max-sessions max-session-count

undo scp max-sessions

Parameters

Parameter

Description

Value

max-session-count

Specifies the number of SCP clients allowed to connect to an SCP server concurrently.

The value is an integer that ranges from 0 to 5. The default value is 2.

Views

System view

Default Level

3: Management level

Usage Guidelines

This command limits the number of SCP clients connecting to an SCP server.

This command takes effect for both ipv4 and ipv6 connections.

NOTE:

If the configured limit is smaller than the number of currently connected SCP clients, the SCP clients are not disconnected, but new SCP clients cannot be connect to the SCP server.

Example

# Set the number of SCP clients allowed to connect to an SCP server to 5.

<HUAWEI> system-view
[~HUAWEI] scp max-sessions 5

scp server enable

Function

The scp server enable command enables the SCP service on the SSH server.

The undo scp server enable command disables the SCP service on the SSH server.

By default, the SCP function is disabled.

Format

scp [ ipv4 | ipv6 ] server enable

undo scp [ ipv4 | ipv6 ] server enable

Parameters

Parameter Description Value
ipv4 Specifies IPv4 server. -
ipv6 Specifies IPv6 server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

SCP is used to copy, upload, and download files based on the SSH remote copy function. The SCP file copy command is easy to use, improving network maintenance efficiency.

Run scp server enable command can enable both IPv4 and IPv6 SCP server. Run scp ipv4 server enable command to enable IPv4 SCP server. Run scp ipv6 server enable command to enable IPv6 SCP server.

To connect the client to the SSH server to transfer files in SCP mode, you must first enable the SCP server on the SSH server.

In V200R002C50, you can run the scp [ ipv4 | ipv6 ] server enable command to enable the SCP function. If the current version is downgraded to V200R001C00 or an earlier version, this configuration will be lost, so you need to run the scp server enable command again.

Example

# Enable the SCP service.

<HUAWEI> system-view
[~HUAWEI] scp server enable

set net-manager vpn-instance

Function

The set net-manager vpn-instance command configures the default VPN instance that the NMS uses on the device.

The undo set net-manager vpn-instance command deletes the default VPN instance from the device.

By default, no VPN instance is configured on the device.

Format

set net-manager [ ipv6 ] vpn-instance vpn-instance-name

undo set net-manager [ ipv6 ] vpn-instance

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 VPN instance. -
vpn-instance vpn-instance-name Specifies the name of the default VPN instance. The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the NMS manages devices on the VPN network, you need to send the device information to the NMS using the VPN instance.

You can run the set net-manager vpn-instance command to configure the default VPN instance for the NMS to manage the device so that the device can use this VPN instance to communicate with the NMS.

Precautions

  • Before running the set net-manager vpn-instance command, you must create VPN instances.

  • If the host has been configured as a log host, the NMS can receive device logs from the default VPN instance.

  • The VPN configured using the set net-manager vpn-instance command affects the following service modules: TFTP client, FTP client, SFTP client, SCP client, Info Center module, SNMP module, TACACS module, IP FPM module.
  • After a bound VPN instance is deleted, the VPN configuration specified using the set net-manager command will not be cleared but does not take effect. In this case, the server uses a public IP address. If you configure the VPN instance with the same name again, the VPN function restores.

Example

# Set the default VPN instance to v1.

<HUAWEI> system-view
[~HUAWEI] set net-manager vpn-instance v1
Related Topics

sftp

Function

The sftp command connects the device to the SSH server so that you can manage files that are stored on the SFTP server.

Format

# Connect the SFTP client to the SFTP server based on IPv4.

sftp [ -a source-address | -i interface-type interface-number | -force-receive-pubkey ] host-ip [ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | prefer_kex kex-type | prefer_ctos_cipher cipher-type | prefer_stoc_cipher cipher-type | prefer_ctos_hmac hmac-type | prefer_stoc_hmac hmac-type | prefer_ctos_compress compress-type | prefer_stoc_compress compress-type | -ki aliveinterval | -kc alivecountmax | identity-key { dsa | ecc | rsa } | user-identity-key { dsa | ecc | rsa } ] *

# Connect the SFTP client to the SFTP server based on IPv6.

sftp ipv6 [ -force-receive-pubkey ] [ -a source-address ] host-ipv6 [ public-net | -vpn-instance vpn-instance-name ] [ -oi interface-type interface-number ] [ port ] [ prefer_kex kex-type | prefer_ctos_cipher cipher-type | prefer_stoc_cipher cipher-type | prefer_ctos_hmac hmac-type | prefer_stoc_hmac hmac-type | prefer_ctos_compress compress-type | prefer_stoc_compress compress-type | -ki aliveinterval | -kc alivecountmax | identity-key { dsa | ecc | rsa } | user-identity-key { dsa | ecc | rsa } ] *

Parameters

Parameter Description Value
-a source-address Specifies the source IP address for connecting to the SFTP client. You are advised to use the loopback interface IP address. -
-i interface-type interface-number

Specifies the source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the SFTP connection cannot be set up.

If the source interface is specified using -i interface-type interface-number, the -vpn-instance vpn-instance-name and public-net parameters are not supported.

-
-force-receive-pubkey Indicates that a server forcibly receives public key authentication. -
host-ip Specifies the IP address or host name of the remote IPv4 SFTP server.

The value is a string of 1 to 255 case-sensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.

host-ipv6 Specifies the IPv6 address or host name of the remote IPv6 SFTP server. The value is a string of 1 to 255 case-sensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.
-oi interface-type interface-number

Specifies an outbound interface on the local device.

If the remote host uses an IPv6 address, you must specify the outbound interface on the local device.

-
port

Specifies the port number of the SSH server.

The value is an integer that ranges from ranges from 1 to 65535. The default port number is 22.
public-net

Specifies the SFTP server on the public network.

You must set the public-net parameter when the SFTP server IP address is a public network IP address.

-
-vpn-instance vpn-instance-name

Name of the VPN instance where the SFTP server is located.

The VPN must already exist.
prefer_kex kex-type

Specifies the preferred key exchange algorithm.

The key exchange algorithms include:
  • dh-exchange-group-sha256
  • dh_exchange_group
  • dh_group1
  • ecdh-sha2-nistp256
  • ecdh-sha2-nistp384
  • ecdh-sha2-nistp521
  • sm2_kep
  • DH_Group14_SHA1
The default key exchange algorithm is ecdh-sha2-nistp521.
NOTE:
When the public key for the authentication on the server is ecc, the preferred key exchange algorithm must be sm2_kep.
prefer_ctos_cipher cipher-type Specify an encryption algorithm for transmitting data from the client to the server.
The encryption algorithms include:
  • 3des
  • aes128
  • aes256
  • arcfour128
  • arcfour256
  • des
  • aes128_ctr
  • aes256_ctr
  • aes192
  • aes128_gcm
  • aes256_gcm
  • aes192_ctr
The default encryption algorithm is aes256.
NOTE:

Encryption algorithms supported depend on the ssh client cipher command configured by the user.

You are advised to use aes128, aes256, arcfour128, aes128_ctr, aes256_ctr, and arcfour256 encryption algorithms to ensure high security.

prefer_stoc_cipher cipher-type Specify an encryption algorithm for transmitting data from the server to the client.
The encryption algorithms include:
  • 3des
  • aes128
  • aes256
  • arcfour128
  • arcfour256
  • des
  • aes128_ctr
  • aes256_ctr
  • aes192
  • aes128_gcm
  • aes256_gcm
  • aes192_ctr
The default encryption algorithm is aes256.
NOTE:

Encryption algorithms supported depend on the ssh client cipher command configured by the user.

You are advised to use aes128, aes256, arcfour128, arcfour256, aes128_ctr, and aes256_ctr encryption algorithms to ensure high security.

prefer_ctos_hmac hmac-type Specify an HMAC algorithm for transmitting data from the client to the server.
The HMAC algorithms include:
  • md5
  • md5_96
  • sha1
  • sha1_96
  • sha2_256
  • sha2_256_96
  • sha2_512
The default HMAC algorithm is sha2_256.
prefer_stoc_hmac hmac-type Specify an HMAC algorithm for transmitting data from the server to the client.
The HMAC algorithms include:
  • md5
  • md5_96
  • sha1
  • sha1_96
  • sha2_256
  • sha2_256_96
  • sha2_512
The default HMAC algorithm is sha2_256.
prefer_ctos_compress compress-type Specifies the preferred compression algorithm from the client to the server. The value of this parameter can only be set to zlib in the current version.
prefer_stoc_compress compress-type Specifies the preferred compression algorithm from the server to the client. The value of this parameter can only be set to zlib in the current version.
-ki aliveinterval Specifies the interval for sending keepalive packets when no packet is received in reply. The value is an integer that ranges from 1 to 3600, in seconds.
-kc alivecountmax Specifies the times for sending keepalive packets when no packet is received in reply. The value is an integer that ranges from 1 to 30.The default value is 3.
identity-key

Specifies the public key algorithm for the authentication on the server.

The public key algorithm can be one of the following:
  • dsa
  • ecc
  • rsa
The default public key algorithm is rsa.
NOTE:

To enhance security, you are advised to use the dsa or ecc algorithm.

user-identity-key Indicates the public key for the user authentication.
The public key algorithm can be one of the following:
  • dsa
  • ecc
  • rsa
The default public key algorithm is rsa.
NOTE:
When the public key for the authentication on the server is ecc, the preferred key exchange algorithm must be sm2_kep.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SFTP is short for SSH FTP that is a secure FTP protocol. SFTP is on the basis of SSH. It ensures that users can log in to a remote device securely for file management and transmission, and enhances the security in data transmission. In addition, you can log in to a remote SSH server from the device that functions as an SFTP client.

When the connection between the SFTP server and client fails, the SFTP client must detect the fault in time and disconnect from the SFTP server. To ensure this, before being connected to the server in SFTP mode, the client must be configured with the interval and times for sending the keepalive packet when no packet is received in reply. If the client receives no packet in reply within the specified interval, the client sends the keepalive packet to the server again. If the maximum number of times that the client sends keepalive packets exceeds the specified value, the client releases the connection. By default, when no packet is received, the function for sending keepalive packets is not enabled.

Precautions

  • You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.
  • The SSH client can log in to the SSH server with no port number specified only when the port number of the SSH server is 22. If the SSH server uses another port, the port number must be specified when SSH clients log in to the SSH server.

  • If you cannot run the sftp command successfully when you configured the ACL on the SFTP client, or when the TCP connection fails, an error message is displayed indicating that the SFTP client cannot be connected to the server.

NOTE:

To ensure high security, do not use the des algorithm, 3des algorithm, and rsa algorithm whose length is less than 2048 digits.

Example

# Set the current listening port number of the SSH server to 1025, and specify the SFTP client on the public network and the SSH server on the private network.

<HUAWEI> system-view
[~HUAWEI] sftp 10.164.39.223 1025 -vpn-instance ssh
Trying 10.164.39.223 ...
Press CTRL+K to abort
Connected to 10.164.39.223 ...
Please input the username: client001
Please select public key type for user authentication [R for RSA/D for DSA/E for ECC] Please select [R/D/E]: d 
Enter password:
sftp-client>

# Set keepalive parameters when the client is connected to the server in SFTP mode.

<HUAWEI> system-view
[~HUAWEI] sftp 10.164.39.223 -ki 10 -kc 4
Trying 10.164.39.223 ...
Press CTRL+K to abort
Connected to 10.164.39.223 ...
Please input the username: client001
Please select public key type for user authentication [R for RSA/D for DSA/E for ECC] Please select [R/D/E]: d 
Enter password:
sftp-client>

sftp client-source

Function

The sftp client-source command specifies the source IP address for the SFTP client to send packets.

The undo sftp client-source command restores the default source IP address for the SFTP client to send packets.

The default source IP address for the SFTP client to send packets is 0.0.0.0.

Format

sftp client-source { -a source-ip-address [ public-net | -vpn-instance vpn-instance-name ] | -i interface-type interface-number }

undo sftp client-source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the IP address of the SFTP client as the source IP address.

The value is in dotted decimal notation.
public-net

Indicates that the source address of packets sent by the client is a public address.

This parameter is mandatory when you run this command to configure the source address of packets as the public address.

-
-vpn-instance vpn-instance-name

Specifies the VPN instance name.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
-i interface-type interface-number

Specifies the source interface.

The IP address configured for the source interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Precautions

  • If the specified source interface has been bound to a VPN instance, the client is automatically bound to the same VPN instance.

  • If the specified source interface has been bound to a VPN instance, for example, vpn1, but a different VPN instance, for example, vpn2, is specified in the sftp client-source{ -a source-ip-address-vpn-instance vpn-instance-name } command, The vpn configured by this command (vpn2) takes effect.

  • You can query the source IP address or primary IP address of the source interface for the SFTP connection on the SFTP server.

  • The sftp command also configures the source IP address whose priority is higher than that of the source IP address specified in the sftp client-source command. If you specify source addresses in the sftp client-source and sftp commands, the source IP address specified in the sftp command is used for data communication. The source address specified in the sftp client-source command applies to all SFTP connections. The source address specified in the sftp command applies only to the current SFTP connection.

  • After a bound source interface is deleted, the interface configuration specified using the ssh server-source command will not be cleared but does not take effect. If you configure the source interface with the same name again, the interface configuration specified using the ssh server-source command is updated and the function restores.

Example

# Set the source IP address of the SFTP client to 10.1.1.1.

<HUAWEI> system-view
[~HUAWEI] sftp client-source -a 10.1.1.1
Info: Succeeded in setting the source address of the SFTP client to 10.1.1.1.

sftp idle-timeout

Function

The sftp idle-timeout command configures the idle timeout duration for disconnecting to the SFTP client from the SSH server.

The undo sftp idle-timeout command restores the default idle timeout duration.

By default, the timeout period is 10 minutes.

Format

sftp idle-timeout minutes [ seconds ]

undo sftp idle-timeout

Parameters

Parameter Description Value
minutes Specifies the idle timeout minutes. The value is an integer that ranges from 0 to 35791.
seconds Specifies the idle timeout seconds. It is an integer that ranges from 0 to 59.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the undo sftp idle-timeout command to configure the idle timeout duration to disconnect the SFTP client from the SSH server when an SFTP user does not perform any operation within the specified duration.

Precautions

If you run the sftp idle-timeout 0 0 command, the idle timeout function is disabled.

This command takes effect for both ipv4 and ipv6 connections.

Example

# Set the idle timeout duration to 1 minute and 30 seconds.

<HUAWEI> system-view
[~HUAWEI] sftp idle-timeout 1 30

sftp max-sessions

Function

The sftp max-sessions command configures the maximum number of server connections in SFTP mode.

The undo sftp max-sessions command restores the maximum number of server connections in SFTP mode to the default value.

By default, a maximum of five servers can be connected in SFTP mode.

Format

sftp max-sessions max-session-count

undo sftp max-sessions

Parameters

Parameter Description Value
max-session-count Specifies the maximum number of server connections in SFTP mode. The value is an integer that ranges from 0 to 15.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the sftp max-sessions command to configure the maximum number of SSH server connections in SFTP mode to prevent the heavy load resulting from excessive accesses, and it takes effect for both IPv4 and IPv6 connections.

Precautions

If the maximum number is smaller than that of the current value, the current connection persists and no connection can be set up.

Example

# Set the maximum number of server connections to 10.

<HUAWEI> system-view
[~HUAWEI] sftp max-sessions 10

sftp server enable

Function

The sftp server enable command enables the SFTP service on the SSH server.

The undo sftp server enable command disables the SFTP service on the SSH server.

By default, the SFTP service is disabled.

Format

sftp [ ipv4 | ipv6 ] server enable

undo sftp [ ipv4 | ipv6 ] server enable

Parameters

Parameter Description Value
ipv4 Specifies IPv4 server. -
ipv6 Specifies IPv6 server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

To connect the client to the SSH server to transfer files in SFTP mode, you must first enable the SFTP server on the SSH server.

Run sftp server enable command can enable both IPv4 and IPv6 SFTP server. Run sftp ipv4 server enable command to enable IPv4 SFTP server. Run sftp ipv6 server enable command to enable IPv6 SFTP server.

Disabling the SFTP service on the server disconnects all the clients connected through SFTP.

In V200R002C50, you can run the sftp [ ipv4 | ipv6 ] server enable command to enable the SFTP function. If the current version is downgraded to V200R001C00 or an earlier version, this configuration will be lost, so you need to run the sftp server enable command again.

Example

# Enable the SFTP service.

<HUAWEI> system-view
[~HUAWEI] sftp server enable
Info: Succeeded in starting the SFTP server.
Related Topics

snmp-agent trap enable feature-name sysom

Function

Using the snmp-agent trap enable feature-name sysom command, you can enable the trap function of the SYSOM module.

Using the undo snmp-agent trap enable feature-name sysom command, you can disable the trap function of the SYSOM module.

By default, the trap function of the SYSOM module is disabled.

Format

snmp-agent trap enable feature-name sysom [ trap-name hwflhopernotification ]

undo snmp-agent trap enable feature-name sysom [ trap-name hwflhopernotification ]

Parameters

Parameter Description Value
trap-name hwflhopernotification

Indicates the trap function of a specified type of trap messages of the SYSOM module.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

To enable the trap function for one or more specific events of the SYSOM module, specify trap-name.

You can run the display snmp-agent trap feature-name sysom all command to check the configuration result.

Example

# Enable the trap function of hwflhopernotification alarms.

<HUAWEI> system-view
[~HUAWEI] snmp-agent trap enable feature-name sysom trap-name hwflhopernotification

snmp-agent trap enable feature-name vfs

Function

Using the snmp-agent trap enable feature-name vfs command, you can enable the trap function for the VFS module.

Using the undo snmp-agent trap enable feature-name vfs command, you can disable the trap function for the VFS module.

By default, the trap function is disabled for the VFS module.

Format

snmp-agent trap enable feature-name vfs trap-name trap-name

undo snmp-agent trap enable feature-name vfs [ trap-name trap-name ]

Parameters

Parameter Description Value
trap-name trap-name
Indicates the trap function of a specified type of trap messages of the VFS module.
  • hwflhsyncfailnotification: a failure notification about file copying operation.

  • hwflhsyncsuccessnotification: the file copying operation is successful.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

You can specify trap-name to enable the trap function for one or more events of the VFS module.

You can run the display snmp-agent trap feature-name vfs all command to check the configuration result.

Example

# Enable the trap function for hwflhsyncsuccessnotification.

<HUAWEI> system-view
[~HUAWEI] snmp-agent trap enable feature-name vfs trap-name hwflhsyncsuccessnotification

ssh user sftp-directory

Function

The ssh user sftp-directory command configures the SFTP service authorized directory for an SSH user.

The undo ssh user sftp-directory command cancels the SFTP service authorized directory for an SSH user.

By default, the authorized directory of the SFTP service for the SSH user is not configured.

Format

ssh user username sftp-directory directoryname

undo ssh user username sftp-directory

Parameters

Parameter Description Value
username Specifies the SSH user name. The value is a string of 1 to 253 case-insensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.
directoryname Specifies the directory name on the SFTP server. The SFTP must already exist.

Views

System view

Default Level

3: Management level

Usage Guidelines

Users can only access the specified directory on the SFTP server. If the username user does not exist, the system creates an SSH user named username and uses the SFTP service authorized directory configured for the user. If the configured directory does not exist, the SFTP client fails to connect to the SSH server using this SSH user.

The command takes effect for both ipv4 and ipv6 functions.

After the switch is upgraded to V200R001C00 or later, you need to run the ssh user username sftp-directory flash:/ command before using SFTP for file operations if the authorization directory used before the upgrade is the default directory flash:/.

Example

# Configure the SFTP service authorized directory flash:/ssh for the SSH user admin.

<HUAWEI> system-view
[~HUAWEI] ssh user admin sftp-directory flash:/ssh
Related Topics

tail

Function

The tail command displays information in a file.

Format

tail file-name [ line ]

Parameters

Parameter Description Value
file-name Specifies the name of a file. The value is a string in the [ drive ] [ path ] [ file-name ] format. An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 characters. Up to 8 levels of directories are supported. The path must already exist.
line Specifies the number of lines of information to be viewed. The number of lines is counted backwards from the last line in the file. The value is an integer ranging from 0 to 2147483647. By default, if this parameter is not selected, information in the last 10 lines is displayed.

Views

User view

Default Level

3: Management level

Usage Guidelines

You can run the tail command to view information in a file or in the last several lines of the file.

Example

# Display information in the last two lines of the rpm.log file.

<HUAWEI> tail rpm.log 2
[140808-07:52:26] [RPM][SIGN] RPM ReqAppDBRspHandle RequestType:2, RequestId:10001, RcvTransNo:655458744,SndTransNo:655458744,Session:655458744 
[140808-07:52:27] [RPM][ERR] File:autoconfig.py does exist in the filelist in node /opt/svrp/router1/1-17/vrpv8/home/$_system for osnode:273 when add file [PID(25786): LinuxError(0)]

tftp

Function

The tftp command uploads a file to the TFTP server or downloads a file to the local device.

Format

# Upload a file to the TFTP server or download a file to the local device based on the IPv4 address

tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server [ vpn-instance vpn-instance-name | public-net ] { get | put } source-filename [ destination-filename ]

# Upload a file to the TFTP server or download a file to the local device based on the IPv6 address

tftp ipv6 [ -a source-ipv6-address ] tftp-server-ipv6 [ vpn-instance vpn-instance-name | public-net ] [ -oi interface-type interface-number ] { get | put } source-filename [ destination-filename ]

Parameters

Parameter Description Value
-a source-ip-address Specifies the source IP address for connecting to the TFTP client. You are advised to use the loopback interface IPv4 address. -
-a source-ipv6-address Specifies the source IPv6 address for connecting to the TFTP client. You are advised to use the loopback interface IP address. -
-i interface-type interface-number

Specifies the source interface used by the TFTP client to set up connections. It consists of the interface type and number. It is recommended that you specify a loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the TFTP connection cannot be set up.

-
tftp-server

Specifies the IPv4 address or host name of the TFTP server.

NOTE:

You can run the display dns dynamic-host or display ip host command to view the mapping between the IP address and host name.

-
tftp-server-ipv6 Specifies the IPv6 address for the TFTP server. -
vpn-instance vpn-instance-name

Name of the VPN instance where the TFTP server is located.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
public-net

Indicates that the TFTP server on the public network is connected.

-
get Download a file. -
put Upload a file. -
source-filename Specifies the source file name. The value is a string of 1 to 128 case-sensitive characters without spaces. It can contain alphanumeric and special characters. The source-filename must already exist.
destination-filename Specifies the destination file name. The value is a string of 1 to 128 case-sensitive characters without spaces. It can contain alphanumeric and special characters. By default, source and destination file names are the same.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When upgrading the system, you can run the tftp command to upload an important file to the TFTP server or download a system software to the local device.

Precautions

  • When you run the tftp command to upload a file to the TFTP server in TFTP mode, files are transferred in binary mode by default. The tftp does not support the ASCII mode for file transfer.
  • After specifying a source IP address, you can use this IP address to communicate with the server and implement packet filtering to ensure data security.

Example

# Download file vrpcfg.txt from the root directory of the TFTP server to the local device. The IP address of the TFTP server is 10.1.1.1. Save the downloaded file to the local device as file vrpcfg.bak.

<HUAWEI> tftp 10.1.1.1 get vrpcfg.txt flash:/vrpcfg.bak

# Upload file vrpcfg.txt from the root directory of the storage device to the default directory of the TFTP server. The IP address of the TFTP server is 10.1.1.1. Save file vrpcfg.txt on the TFTP server as file vrpcfg.bak.

<HUAWEI> tftp 10.1.1.1 put flash:/vrpcfg.txt vrpcfg.bak

tftp client source

Function

The tftp client source command specifies the source IP address for the TFTP client to send packets.

The undo tftp client source command restores the default source IP address for the TFTP client to send packets.

The default source IP address for the TFTP client to send packets is 0.0.0.0.

Format

tftp client source { -a source-ip-address | -i interface-type interface-number }

undo tftp client source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address of the TFTP client. You are advised to use the loopback interface IP address.

The value is in dotted decimal notation.
-i interface-type interface-number

Specifies the source interface type and interface number to establish the connection with the server.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the TFTP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Precautions

  • The tftp command also configures the source IP address whose priority is higher than that of the source IP address specified in the tftp client source command. If you specify source addresses in the tftp client source and tftp commands, the source IP address specified in the tftp command is used for data communication. The source address specified in the tftp client source command applies to all TFTP connections. The source address specified in the tftp command applies only to the current TFTP connection.

  • You can query the source IP address or source interface IP address specified in the TFTP connection on the TFTP server.
  • After a bound source interface is deleted, the interface configuration specified using the ssh server-source command will not be cleared but does not take effect. If you configure the source interface with the same name again, the interface configuration specified using the ssh server-source command is updated and the function restores.

  • The command takes effect for ipv4 functions.

  • If the specified source interface has been bound to a VPN instance, the client is automatically bound to the same VPN instance.

Example

# Set the source IP address of the TFTP client to 10.1.1.1.

<HUAWEI> system-view
[~HUAWEI] tftp client source -a 10.1.1.1
Info: Succeeded in setting the source address of the TFTP client to 10.1.1.1.

tftp server acl

Function

The tftp server acl command specifies the ACL number or ACL name for the local device so that the device can access TFTP servers with the same ACL number or ACL name.

The undo tftp server acl command deletes the ACL number or ACL name from the local device.

By default, no ACL number or ACL name is specified on the local client.

Format

tftp server [ ipv6 ] acl { acl-number | acl-name }

undo tftp server [ ipv6 ] acl

Parameters

Parameter Description Value
acl-number Specifies the number of the ACL. The value is an integer that ranges from 2000 to 2999.
acl-name Specifies the ACL name. The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).
ipv6 Specifies the IPv6 address of a specific server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To ensure the security of the local device, you need to run the tftp-server acl command to specify an ACL to specify TFTP servers that the local device can access.

Precautions

The tftp-server acl command takes effect only after you run the rule (ACL view) or rule (ACL6 view) command to configure the rule. If no rule is configured, the local device can access a specified TFTP server in TFTP mode.

If no rule is configured, the incoming and outgoing calls are not restricted after the command tftp-server acl is run.

Example

# Allow the local device to the access the TFTP server whose ACL number is 2000.

<HUAWEI> system-view
[~HUAWEI] acl 2000
[*HUAWEI-acl4-basic-2000] rule permit source 10.10.10.1 0
[*HUAWEI-acl4-basic-2000] quit
[*HUAWEI] tftp server acl 2000
Related Topics

undelete

Function

The undelete command restores a file that has been has been temporally deleted and moved to the recycle bin.

Format

undelete { filename | devicename }

Parameters

Parameter Description Value
filename Specifies the name of a file to be restored.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

devicename Specifies the storage device name.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the undelete command to restore a file that has been temporally deleted and moved to the recycle bin. However, files that are permanently deleted by running the delete or reset recycle-bin command with the /unreserved parameter cannot be restored.

The following describes the drive name.

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Like devicename, drive specifies the storage device name.

Precautions

  • To display information about a temporally deleted file, run the dir /all command. The file name is displayed in square brackets ([ ]).

Example

# Restore file sample.bak from the recycle bin.

<HUAWEI> undelete sample.bak
Info: Are you sure to undelete flash:/sample.bak ?[Y/N]:y
Info: Undeleting file flash:/sample.bak......Done.

# Restore a file that has been moved from the root directory to the recycle bin.

<HUAWEI> undelete flash:
Info: Are you sure to undelete flash:/test.txt?[Y/N] :y
Info: Undeleting file flash:/test.txt......Done.
Info: Are you sure to undelete flash:/rr.bak?[Y/N]:y
Info: Undeleting file flash:/rr.bak......Done.

unzip

Function

The unzip command decompresses a file.

Format

unzip source-filename destination-filename [ password password ]

Parameters

Parameter Description Value
source-filename Specifies the name of a source file to be decompressed.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

destination-filename Specifies the name of a destination file that is decompressed.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

password password

Specifies the password for an encrypted compressed file.

The password is a string of 8 to 20 characters containing two or more types of digits, uppercase letters, lowercase letters, and special characters.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can decompress files, especially log files that are stored on the storage device and run the more command to query the file.

If the target file requires high security, you are advised to encrypt the file. unzip can decompress compressed files encrypted in AES-256 mode.

The following describes the drive name.

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • If the destination file path is specified while the file name is not specified, the designation file name is the same as the source file name.

  • The source file persists after being decompressed.

  • The compressed file must be a .zip file. If a file to be decompressed is not a zip file, the system displays an error message during decompression.

  • The source file must be a single file. If you attempt to decompress a directory or multiple files, the decompression cannot succeed.

Example

# Decompress log file syslogfile-2012-02-27-17-47-50.zip that are stored in the syslogfile directory and save it to the root directory as file log.txt.

<HUAWEI> pwd
flash:/syslogfile
<HUAWEI> unzip syslogfile-2012-02-27-17-47-50.zip flash:/log.txt
Info: Extract flash:/syslogfile/syslogfile-2012-02-27-17-47-50.zip to flash:/log.txt?[Y/N]:y
100%  complete
Info: Decompressed file flash:/syslogfile/syslogfile-2012-02-27-17-47-50.zip to flash
:/log.txt...Done 

user

Function

The user command changes the current FTP user when the local device is connected to the FTP server.

Format

user user-name

Parameters

Parameter Description Value
user-name Specifies the name of a login user. The value is a string of 1 to 255 case-insensitive characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the user command to change the current user on the FTP server.

Precautions

After you run the user command to change the current user, a new FTP connection is set up, which is the same as that you specify in the ftp command.

Example

# Log in to the FTP server using the user name tom.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] user tom
331 Password required for tom.
Enter password: 
230 User logged in.
Related Topics

verbose

Function

The verbose command enables the verbose function on the FTP client.

The undo verbose command disables the verbose function.

By default, the verbose function is enabled.

Format

verbose

undo verbose

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

After the verbose function is enabled, all FTP response messages are displayed on the FTP client.

Example

# Enable the verbose function.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL + K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] verbose
Info: Succeeded in switching verbose on.
[ftp] get h1.txt
200 Port command okay.
150 Opening ASCII mode data connection for h1.txt.

226 Transfer complete.
FTP: 69 byte(s) received in 0.160 second(s) 431.25byte(s)/sec.
                                                             

# Disable the verbose function.

[ftp] undo verbose
Info: Succeeded in switching verbose off.
[ftp] get h1.txt

FTP: 69 byte(s) received in 0.150 second(s) 460.00byte(s)/sec. 

zip

Function

The zip command compresses a file.

The unzip command decompresses a file.

Format

zip source-filename destination-filename [ password password ]

unzip source-filename destination-filename [ password password ]

Parameters

Parameter Description Value
source-filename Specifies the name of a source file to be compressed.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

destination-filename Specifies the name of a destination file that is compressed.

An absolute path name is a string of 1 to 255 characters. A relative path name is a string of 1 to 128 case-sensitive characters without spaces in the [ drive ] [ path ] file name format. Up to 8 levels of directories are supported. When quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

advised to add : and / between the storage device name and directory. Characters ? ~ * / \ : ' " | < > [ ] cannot be used in the directory name.

password password

Specifies the password for an encrypted compressed file.

The password is a string of 8 to 20 characters containing two or more types of digits, uppercase letters, lowercase letters, and special characters.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the target file requires high security, you are advised to encrypt the file. Specify the password parameter, the target file will be encrypted in AES-256 mode.

The following describes the drive name.

  • drive is the storage device and is named as flash:.

  • If devices are stacked, drive can be named as:

    • flash: root directory of the flash memory of the master switch in the stack.
    • chassis ID#flash: root directory of the flash memory on a device in the stack.

    For example, slot2#flash: indicates the flash memory in slot 2.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • flash:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • If the destination file path is specified while the file name is not specified, the designation file name is the same as the source file name.

  • The source file persists after being compressed.

  • Directories cannot be compressed.

Example

# Compress file log.txt that is stored in the root directory and save it to the test directory as file log.zip.

<HUAWEI> dir
Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-            155  Dec 02 2011 01:28:48   log.txt
    1  -rw-          9,870  Oct 01 2011 00:22:46   patch.pat
    2  drw-              -  Mar 22 2012 00:00:48   test
    3  -rw-            836  Dec 22 2011 16:55:46   rr.dat
...

670,092 KB total (569,904 KB free)
<HUAWEI> zip log.txt flash:/test/log.zip
Info: Compress flash:/log.txt to flash:/test/log.zip? [Y/N]:y
100%  complete
Info: Compress file flash:/log.txt to flash:/test/log.zip...Done.
<HUAWEI> cd test 
<HUAWEI> dir 
Directory of flash:/test/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-            836  Mar 20 2012 19:49:14   test
    1  -rw-            239  Mar 22 2012 20:57:38   test.txt
    2  -rw-          1,056  Dec 02 2011 01:28:48   log.txt
    3  -rw-            240  Mar 22 2012 21:23:46   log.zip

670,092 KB total (569,903 KB free)
Related Topics
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 43470

Downloads: 330

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next