No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S1720, S2700, S5700, and S6720 V200R011C10

This document describes methods to use command line interface and to log in to the device, file operations, and system startup configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Files When the Device Functions as an FTP Server

Managing Files When the Device Functions as an FTP Server

Pre-configuration Tasks

Before connecting to the FTP server to manage files, complete the following tasks:

  • Ensure that routes are reachable between the terminal and the device.
  • Ensure that the terminal functions as the FTP client.

Configuration Procedure

The FTP protocol brings security risks. The SFTPv2, SCP, or FTPS mode is recommended.

Table 8-6 describes the procedure for managing files when the device functions as an FTP server.

Table 8-6  Managing files when the device functions as an FTP server
No. Task Description Remarks
1 Set FTP server parameters Configure FTP server parameters including the port number, source address, and timeout duration. Perform these three steps in any sequence.
2 Configure local FTP user information Configure local FTP user information including the service type, user level, and authorized directory.
3 (Optional) Configure the FTP ACL Configure the ACL rule and FTP basic ACL to improve FTP access security.
4 Connect to the device using FTP Connect to the device using FTP from the terminal. -

Default Parameter Settings

Table 8-7  Default parameter settings
Parameter Default Setting
FTP server function Disabled
Listening port number 21
FTP user No local user is created.

Procedure

  • Set FTP server parameters.

    Table 8-8  Setting FTP server parameters
    Operation Command Description

    Enter the system view.

    system-view -

    (Optional) Specify a port number for the FTP server.

    ftp [ ipv6 ] server port port-number

    The default port number is 21.

    If a new port number is configured, the FTP server disconnects from all FTP clients and uses this new port number to listen to connection requests. Attackers do not know the port number and cannot access the listening port of the FTP server.

    Enable the FTP server function.

    ftp [ ipv6 ] server enable

    By default, the FTP server function is disabled.

    (Optional) Configure the source address of the FTP server.

    ftp server-source { -a source-ip-address | -i interface-type interface-number }

    After the source address of the FTP server is configured, incoming and outgoing packets are filtered, ensuring the device security.

    After the source address of the FTP server is configured, you must enter the source address to log in to the FTP server.

    (Optional) Configure the timeout duration of the FTP server.

    ftp [ ipv6 ] timeout minutes

    By default, the idle timeout duration is 10 minutes.

    If no operation is performed on the FTP server during the timeout duration, the FTP client automatically disconnects from the FTP server.

    NOTE:
    • If the FTP service is enabled, the port number of the FTP service cannot be changed. To change the port number, run the undo ftp [ ipv6 ] server command to disable the FTP service first.

    • After operations on files are complete, run the undo ftp [ ipv6 ] server to disable the FTP server function to ensure the device security.

  • Configure local FTP user information.

    Before performing operations on files using FTP, configure the local user name and password, service type, and authorized directory on the FTP server.

    Table 8-9  Configuring local FTP user information
    Operation Command Description

    Enter the system view.

    system-view -

    Enter the AAA view.

    aaa -

    Configure the local user name and password.

    local-user user-name password irreversible-cipher password -

    Configure the local user level.

    local-user user-name privilege level level
    NOTE:

    The user level must be set to 3 or higher to ensure successful connection establishment.

    Configure the service type for local users.

    local-user user-name service-type ftp

    By default, a local user can use any access type.

    Configure an authorized directory.

    local-user user-name ftp-directory directory

    By default, the FTP directory of a local user is empty.

    When multiple FTP users use the same authorized directory, you can use the set default ftp-directory directory command to configure a default directory for these FTP users. In this case, you do not need run the local-user user-name ftp-directory directory command to configure an authorized directory for each user.

  • (Optional) Configure an ACL for the FTP server.

    An ACL is composed of a list of rules such as the source address, destination address, and port number of packets. ACL rules are used to classify packets. After these rules are applied to routing devices, the routing devices determine the packets to be received and rejected.

    Users can configure a basic ACL to allow only specified clients to connect to the FTP server.

    The ACL rules are as follows:
    • When permit is used in the ACL rule, devices that match the ACL rule can establish FTP connections with the local device.

    • When deny is used in the ACL rule, devices that match the ACL rule cannot establish FTP connections with the local device.

    • When the ACL rule is configured but packets from devices do not match the rule, other devices cannot establish FTP connections with the local device.

    • When the ACL contains no rule, any device can establish FTP connections with the local device.

    Table 8-10  (Optional) Configuring an ACL for the FTP server
    Operation Command Description

    Enter the system view.

    system-view -

    Enter the ACL view.

    acl [ number ] acl-number

    -

    Configure the ACL rule.

    rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | fragment | logging | time-range time-name | vpn-instance vpn-instance-name ] * -

    Return to the system view.

    quit -

    Configure a basic ACL for the FTP server.

    ftp [ ipv6 ] acl acl-number -

  • Connect to the device using FTP.

    Users can use the Windows CLI or third-party software to connect to the device from a terminal using FTP. The following describes how to connect to the device using commands in the Windows CLI:

    • Run the ftp ip-address command to connect to the device using FTP.

      In the preceding command, ip-address indicates the IP address configured on the device. Routes between the terminal and the device are reachable.

    • Enter the user name and password as prompted and press Enter. If command prompt ftp> is displayed in the FTP client view, the user accesses the working directory on the FTP server. (The following information is only for reference.)

    C:\Documents and Settings\Administrator> ftp 192.168.150.208
    Connected to 192.168.150.208.
    220 FTP service ready.
    User(192.168.150.208:(none)):huawei
    331 Password required for huawei.
    Password:
    230 User logged in.
    ftp>

  • Run FTP commands to perform file-related operations.

    After connecting to the FTP server, users can run FTP commands to perform file-related operations including performing operations on directories and files, configuring the file transfer mode, and viewing the online help about FTP commands.

    NOTE:

    User rights are configured on the FTP server.

    The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

    Users can perform the following operations in any sequence.

    Table 8-11  Running FTP commands to perform file-related operations
    Operation Command Description
    Change the working directory on the server. cd remote-directory -
    Change the current working directory to its parent directory. cdup -
    Display the working directory on the server. pwd -
    Display or change the local working directory. lcd [ local-directory ]

    The lcd command displays the local working directory on the client, and the pwd command displays the working directory on the remote server.

    Create a directory on the server. mkdir remote-directory

    The directory name can consist of letters and digits. The following special characters are not supported: < > ? \ :

    Delete a directory from the server. rmdir remote-directory -
    Display information about the specified directory or file on the server. dir/ls [ remote-filename [ local-filename ] ]
    • The ls command displays only the directory or file name, and the dir command displays detailed directory or file information such as name, size, and date when the directory or file is created.
    • If no directory is specified in the command, the system searches for the file in user's authorized directories.
    Delete a file from the server. delete remote-filename -

    Upload one or more files.

    put local-filename [ remote-filename ]

    Or

    mput local-filenames

    • To upload a file, run the put command.
    • To upload multiple files, run the mput command.

    Download one or more files.

    get remote-filename [ local-filename ]

    Or

    mget remote-filenames

    • To download a file, run the get command.
    • To download multiple files, run the mget command.
    Set the file transfer mode to ASCII or Binary. ascii

    Or

    binary

    Select one of them.

    • The default file transfer mode is ASCII.

    • The ASCII mode is used to transfer text files, and the binary mode is used to transfer programs, system software, and database files.

    Set the data transmission mode to passive or active. passive

    Or

    undo passive

    Select one of them.

    The default data transmission mode is active.

    View the online help about FTP commands. remotehelp [ command ] -
    Enable the system prompt function. prompt By default, the prompt function is disabled.
    Enable the verbose function. verbose

    After the verbose function is enabled, all FTP response messages are displayed on the FTP client.

  • (Optional) Change the login user.

    The current user can switch to another user in the FTP client view. The new FTP connection is the same as that established by running the ftp command.

    Operation Command Description

    Change the current user in the FTP client view.

    user user-name [ password ]

    When the login user is switched to another user, the original user is disconnected from the FTP server.

  • Disconnect the FTP client from the FTP server.

    Users can run different commands in the FTP client view to disconnect the FTP client from the FTP server.

    Operation Command Description

    Disconnect the FTP client from the FTP server and return to the user view.

    bye or quit Select one of them.

    Disconnect the FTP client from the FTP server and return to the FTP client view.

    close or disconnect

Verifying the Configuration

  • Run the display [ ipv6 ] ftp-server command to check the FTP server configuration and status.

  • Run the display ftp-users command to view information about the FTP users who log in to the FTP server.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178166

Views: 276943

Downloads: 2006

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next