No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

S7700 and S9700 V200R011C10

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
File Management Commands

File Management Commands

Command Support

Commands provided in this section and all the parameters in the commands are supported by all switch models by default, unless otherwise specified. For details, see specific commands.

ascii

Function

The ascii command sets the file transfer mode to ASCII on an FTP client.

The default file transfer mode is ASCII.

Format

ascii

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Files can be transferred in ASCII or binary mode.

ASCII mode is used to transfer plain text files, and binary mode is used to transfer application files, such as system software (files with name extension .cc, .bin, and .pat.), images, video files, compressed files, and database files.

Example

# Set the file transfer mode to ASCII.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] ascii
200 Type set to A.
Related Topics

binary

Function

The binary command sets the file transmission mode to binary on an FTP client.

The default file transfer mode is ASCII.

Format

binary

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Files can be transferred in ASCII or binary mode.

ASCII mode is used to transfer plain text files, and binary mode is used to transfer application files, such as system software (files with name extension .cc, .bin, and .pat.), images, video files, compressed files, and database files.

Example

# Set the file transmission mode to binary.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] binary
200 Type set to I
Related Topics

binding cipher-suite-customization

Function

The binding cipher-suite-customization command binds a customized SSL cipher suite policy to an SSL policy.

The undo binding cipher-suite-customization command unbinds the customized SSL cipher suite policy from an SSL policy.

By default, no customized cipher suite policy is bound to an SSL policy. Each SSL policy uses a default cipher suite.

Format

binding cipher-suite-customization customization-policy-name

undo binding cipher-suite-customization

Parameters

Parameter Description Value
customization-policy-name Specifies the name of a customized SSL cipher suite policy. The value is a string of 1 to 32 case-insensitive characters, spaces not supported.

Views

SSL policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To bind a customized SSL cipher suite policy to an SSL policy, run the binding cipher-suite-customization command. After a customized SSL cipher suite policy is bound to an SSL policy, the device uses an algorithm in the specified cipher suite to perform SSL negotiation.

After a customized cipher suite policy is unbound from an SSL policy, the SSL policy uses one of the following cipher suites supported by default:

  • tls1_ck_rsa_with_aes_256_sha
  • tls1_ck_rsa_with_aes_128_sha
  • tls1_ck_dhe_rsa_with_aes_256_sha
  • tls1_ck_dhe_dss_with_aes_256_sha
  • tls1_ck_dhe_rsa_with_aes_128_sha
  • tls1_ck_dhe_dss_with_aes_128_sha
  • tls12_ck_rsa_aes_256_cbc_sha256

Prerequisites

The customized cipher suite policy to be bound to an SSL policy contains cipher suites.

Precautions

If the cipher suite in the customized cipher suite policy bound to an SSL policy contains only one type of algorithm (RSA or DSS), the corresponding certificate must be loaded for the SSL policy to ensure successful SSL negotiation.

Example

# Bind customized SSL cipher suite policy named cipher1 to an SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] binding cipher-suite-customization cipher1

bye

Function

The bye command terminates the connection with the remote FTP server and enters the user view.

Format

bye

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

This command is equivalent to the quit command.

You can use the close and disconnect commands to terminate the connection with the remote FTP server and retain the FTP client view.

Example

# Terminate the connection with the remote FTP server and enter the user view.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] bye
221 server closing.
<HUAWEI>
Related Topics

cd (FTP client view)

Function

The cd command changes the working directory of the FTP server.

Format

cd remote-directory

Parameters

Parameter Description Value
remote-directory Specifies the name of a working directory on the FTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

The FTP server authorizes users to access files in certain directories and their subdirectories.

Example

# Change the working directory to d:/temp.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] cd d:/temp
250 "D:/temp" is current directory.

cd (SFTP client view)

Function

The cd command changes the working directory of the SFTP server.

Format

cd [ remote-directory ]

Parameters

Parameter Description Value
remote-directory Specifies the name of a directory on the SFTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • The SFTP server authorizes users to access files in certain directories and their subdirectories.

  • The specified working directory must exist on the SFTP server. If the remote-directory parameter is not included in the cd command, only the current working directory of an SSH user is displayed as the command output.

Example

# Change the current working directory of the SFTP server to /bill.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> cd bill
Current directory is:
/bill  

cd (user view)

Function

The cd command changes the current working directory of a user.

By default, the current working directory of the S7700 and S9700 is cfcard:.

Format

cd directory

Parameters

Parameter Description Value
directory Specifies the current working directory of a user.

The value is a string of 1 to 64 case-insensitive characters without spaces in the [ drive ] path format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

For example, a directory name is cfcard:/selftest/test/.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.
  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

For example, if you change the current working directory cfcard:/selftest/ to the logfile directory in cfcard, the absolute path is cfcard:/logfile/, and the relative path is /logfile/. The logfile directory is not logfile/ because it is not in the current working directory selftest.

Precautions
  • The directory specified in the cd command must exist; otherwise, the error messages will displayed:

    You can perform the following operations to rectify faults:
    1. Run the pwd command to view the current working directory.
    2. Run the dir command to view the current working directory and verify that the directory specified in the cd command exists.

Example

# Change the current working directory from cfcard:/temp to cfcard:.

<HUAWEI> pwd
cfcard:/temp
<HUAWEI> cd cfcard:
<HUAWEI> pwd
cfcard:

# Change the current working directory from cfcard: to cfcard:/t1/t2.

<HUAWEI> pwd
cfcard:
<HUAWEI> cd cfcard:/t1/t2
<HUAWEI> pwd
cfcard:/t1/t2

# Change the current working directory from cfcard:/selftest to cfcard:/logfile.

<HUAWEI> pwd
cfcard:/selftest
<HUAWEI> cd /logfile/
<HUAWEI> pwd
cfcard:/logfile

# Change the current working directory from cfcard:/selftest to cfcard:/selftest/test.

<HUAWEI> pwd
cfcard:/selftest
<HUAWEI> cd test/
<HUAWEI> pwd
cfcard:/selftest/test
Related Topics

cdup (SFTP client view)

Function

The cdup command changes the current working directory of an SSH user to its parent directory.

Format

cdup

Parameters

None

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the cdup command to change the current working directory to its parent directory.

Precautions

If the current working directory is the SFTP authorization directory, the command cannot change the current working directory.

Example

# Change the current working directory to its parent directory.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> cd dhcp
Current directory is:
/dhcp 
sftp-client> cdup
Current directory is:
/
sftp-client> cdup
Error: Failed to change the current directory.
sftp-client>

cdup (FTP client view)

Function

The cdup command enables you to return to the upper-level directory.

Format

cdup

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To exit from the current directory and return to the upper-level directory, run the cdup command.

Precautions

The directories accessible to an FTP user are restricted by the authorized directories configured for the user.

Example

# Exit from the current directory and return to the upper-level directory.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] cd security
250 CWD command successfully.
[ftp] cdup
200 CDUP command successfully.

certificate load

Function

The certificate load command loads a digital certificate in the Secure Sockets Layer (SSL) policy view.

The undo certificate load command unloads a digital certificate for the SSL policy.

By default, no digital certificate is loaded for the SSL policy.

Format

# Load a PEM digital certificate for the SSL policy.

certificate load pem-cert cert-filename key-pair { dsa | rsa } key-file key-filename auth-code cipher auth-code

# Load an ASN1 digital certificate for the SSL policy.

certificate load asn1-cert cert-filename key-pair { dsa | rsa } key-file key-filename

# Load a PFX digital certificate for the SSL policy.

certificate load pfx-cert cert-filename key-pair { dsa | rsa } { mac cipher mac-code | key-file key-filename } auth-code cipher auth-code

# Load a PEM certificate chain for the SSL policy.

certificate load pem-chain cert-filename key-pair { dsa | rsa } key-file key-filename auth-code cipher auth-code

# Unload a digital certificate for the SSL policy.

undo certificate load

Parameters

Parameter

Description

Value

pem-cert

Loads a PEM digital certificate for the SSL policy.

A PEM digital certificate has a file name extension .pem.

A PEM digital certificate transfers text data between systems.

-
cert-filename

Specifies the name of a certificate file.

The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory.

The value is a string of 1 to 64 characters.

The file name is the same as that of the uploaded file.

key-pair Specifies the key pair type. -
dsa Sets the key pair type to DSA. -
rsa Sets the key pair type to RSA. -
key-file key-filename

Specifies the key pair file.

The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory.

The value is a string of 1 to 64 characters.

The file name is the same as that of the uploaded file.

auth-code cipher auth-code

Specifies the authentication code of the key pair file.

The authentication code verifies user identity to ensure that only authorized clients access the server.

The value is a string of case-sensitive characters without spaces. If the value begins and ends with double quotation marks (" "), the string of characters can contain spaces. When the value is displayed in plaintext, its length ranges from 1 to 31. When the value is displayed in ciphertext, its length is 48 or 68. A ciphertext password with the length of 32 or 56 characters is also supported.

asn1-cert

Loads an ASN1 digital certificate for the SSL policy.

An ASN1 digital certificate has a file name extension .der.

By default, most browsers support the ASN1 digital certificate.

-
pfx-cert

Loads a PFX digital certificate for the SSL policy.

A PFX digital certificate has a file name extension .pfx.

A digital certificate can be converted from the PFX format to another format.

-
mac cipher mac-code

Specifies a message authentication code.

The message authentication code ensures the packet data reliability and security.

The value is a string of case-sensitive characters without spaces. If the value begins and ends with double quotation marks (" "), the string of characters can contain spaces. When the value is displayed in plaintext, its length ranges from 1 to 31. When the value is displayed in ciphertext, its length is 48 or 68. A ciphertext password with the length of 32 or 56 characters is also supported.

pem-chain

Specifies a PEM certificate chain.

-

Views

SSL policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SSL security mechanism includes:
  • Data transmission security: Uses the symmetric key algorithm to encrypt data.

  • Message integrity: uses the multiplexed analog component (MAC) algorithm to ensure message integrity.

  • Identity authentication mechanism: authenticates users based on the digital signatures and certificates.

The Certificate Authority (CA) issues PEM, ASN1, and PFX digital certificates that provide user identity information. Based on digital certificates, users establish trust relationships with partners who require high security.

A digital certificate data includes the applicant information such as the applicant's name, applicant's public key, digital signature of the CA that issues the certificate, and the certificate validity period. A certificate chain can be released when a certificate is sent so that the receiver can have all certificates in the certificate chain.

Prerequisites

Before running the certificate load command, you have run the ssl policy command to create the SSL policy in the system view.

Precautions

You can load a certificate or certificate chain for only one SSL policy. Before loading a certificate or certificate chain, you must unload the existing certificate or certificate chain.

To ensure security, the device automatically saves the key file in the system and deletes the file from the storage medium after a certificate is successfully loaded. It is recommended that you do not delete a certificate or certificate chain that has been successfully loaded; otherwise, services using the SSL policy will be affected.

For device that supports the NOR flash, after the certificate is loaded, the key pair file is stored in the NOR flash, and the file in the security directory is deleted. After the SSL policy is deleted, the file in the NOR flash is deleted. To re-load the certificate, upload the key file again.

Example

# Load an ASN1 digital certificate for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] certificate load asn1-cert servercert.der key-pair dsa key-file serverkey.der

# Load a PEM digital certificate for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] certificate load pem-cert servercert.pem key-pair dsa key-file serverkey.pem auth-code cipher 123456

# Load a PFX digital certificate for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy http_server
[HUAWEI-ssl-policy-http_server] certificate load pfx-cert servercert.pfx key-pair dsa key-file serverkey.pfx auth-code cipher 123456

# Load a PEM certificate chain for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy http_server
[HUAWEI-ssl-policy-http_server] certificate load pem-chain chain-servercert.pem key-pair dsa key-file chain-servercertkey.pem auth-code cipher 123456

close

Function

The close command terminates the connection with the remote FTP server and retains the FTP client view.

Format

close

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command is equivalent to the disconnect command.

You can run the bye and quit commands to terminate the connection with the remote FTP server and enter the user view.

Precautions

To enter the user view from the FTP client view, you can run the bye or quit command.

Example

# Terminate the connection with the remote FTP server and enter the FTP client view.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] close
221 Server closing.


[ftp]
Related Topics

copy

Function

The copy command copies a file.

Format

copy source-filename destination-filename [ all ]

Parameters

Parameter

Description

Settings

source-filename

Specifies the path and the name of a source file.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

destination-filename

Specifies the path and the name of a destination file.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

all

Copies a file to all chassis.

NOTE:

This parameter is available only in a CSS system.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions
  • If the destination file name is not specified, the designation file and the source file have the same name. If the source file and the destination file are in the same directory, you must specify the destination file name. If the destination file name is not specified, you cannot copy the source file.

  • If the destination file name is the same as that of an existing file, the system prompts you whether to overwrite the existing file. The system prompt is displayed only when file prompt is set to alert.

Example

# Copy the file config.cfg from the root directory of the cfcard card to cfcard:/temp. The destination file name is temp.cfg.

<HUAWEI> copy cfcard:/config.cfg cfcard:/temp/temp.cfg
Copy cfcard:/config.cfg to cfcard:/temp/temp.cfg?[Y/N]:y
100%  complete./
Info: Copied file cfcard:/config.cfg to cfcard:/temp/temp.cfg...Done.

# If the current directory is the root directory of the cfcard card, you can perform the preceding configuration using the relative path.

<HUAWEI> pwd
cfcard:
<HUAWEI> dir
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName 
   0   -rw-      6,721,804  Mar 19 2012 12:31:58   devicesoft.cc
   1   -rw-            910  Mar 19 2012 12:32:58   config.cfg
   2   drw-              -  Mar 05 2012 09:54:34   temp
...
509,256 KB total (52,752 KB free)
<HUAWEI> copy config.cfg temp/temp.cfg
Copy cfcard:/config.cfg to cfcard:/temp/temp.cfg?[Y/N]:y
100%  complete./
Info: Copied file cfcard:/config.cfg to cfcard:/temp/temp.cfg...Done.

# Copy the file config.cfg from the root directory of the cfcard card to cfcard:/temp. The destination file name is config.cfg.

<HUAWEI> pwd
cfcard:
<HUAWEI> dir
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName 
   0   -rw-      6,721,804  Mar 19 2012 12:31:58   devicesoft.cc
   1   -rw-            910  Mar 19 2012 12:32:58   config.cfg
   2   drw-              -  Mar 05 2012 09:54:34   temp
...
509,256 KB total (52,752 KB free)
<HUAWEI> copy config.cfg temp
Copy cfcard:/config.cfg to cfcard:/temp/config.cfg?[Y/N]:y
100%  complete./
Info: Copied file cfcard:/config.cfg to cfcard:/temp/config.cfg...Done.

# Copy the file backup.zip to backup1.zip in the test directory from the current working directory cfcard:/test/.

<HUAWEI> pwd
cfcard:/test
<HUAWEI> copy backup.zip backup1.zip
Copy cfcard:/test/backup.zip to cfcard:/test/backup1.zip?[Y/N]:y
100%  complete./
Info: Copied file cfcard:/test/backup.zip to cfcard:/test/backup1.zip...Done. 
Related Topics

crl load

Function

The crl load command loads the CRL for the SSL policy.

The undo certificate load command unloads the SSL policy CRL.

By default, the SSL policy CRL is not loaded.

Format

crl load { pem-crl | asn1-crl } crl-filename

undo crl load { pem-crl | asn1-crl } crl-filename

Parameters

Parameter Description Value
pem-crl

Loads the CRL in the PEM format for the SSL policy.

-
asn1-crl

Loads the CRL in the ASN1 format for the SSL policy.

-
crl-filename

Specifies the name of a CRL.

The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory.

The value is a string of 1 to 64 case-insensitive characters without spaces.

The file name is the same as that of the uploaded file.

Views

SSL policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The CA can shorten the validity period of a certificate using a CRL. The CA releases the CRL that specifies a set of invalid certificates. If the CA revocates a certificate in the CRL, the declaration about authorized key pair is revocated before the certificate expires. When the certificate expires, data related to the certificate is cleared from the CRL.

If the certificate key is disclosed or if you need to revocate a certificate due to other reasons, use a third-party tool to revocate released certificates and mark them as invalid, generating a CRL.

Prerequisites

Before running the crl load command, you have run the ssl policy command to create the SSL policy in the system view.

Precautions

  • When you load the CRL on the FTPS client and access the FTPS server on the FTPS client, the FTPS server checks whether the certificate is declared in the CRL. If the certificate has been declared, the FTPS client and server disconnects.

  • A maximum of two CRL files can be loaded in an SSL policy. For the sake of security, deleting the installed CRL file is not recommended; otherwise, services using the SSL policy will be affected.

Example

# Load the CRL in the PEM format for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] crl load pem-crl server.pem

# Load the CRL in the ASN1 format for the SSL policy.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] crl load asn1-crl server.der

delete (FTP client view)

Function

The delete command deletes a file from the FTP server.

Format

delete remote-filename

Parameters

Parameter Description Value
remote-filename Specifies the name of a file to be deleted. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

A file deleted in the FTP client view cannot be restored.

Example

# Delete the file temp.c.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] delete temp.c
Warning: File temp.c will be deleted. Continue? [Y/N]: y 
250 DELE command successfully.

delete (user view)

Function

The delete command deletes a specified file in the storage device.

Format

delete [ /unreserved ] [ /quiet ] { filename | devicename } [ all ]

Parameters

Parameter

Description

Value

/unreserved

Deletes a specified file. The deleted file cannot be restored.

-
/quiet

Deletes a file directly without any confirmation.

-
filename

Specifies the name of a file to be deleted.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

devicename

Deletes all the files in the storage device.

-

all

Deletes files in the specified directory in a batch from master and slave MPUs in all chassis.

NOTE:

This parameter is available only in a CSS system.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Like devicename, drive specifies the storage device name.

Precautions

  • The wildcard (*) character can be used in the delete command.
  • If the parameter /unreserved is not included, the file is stored in the recycle bin. To display all files including deleted files that are displayed in square brackets ([ ]), run the dir /all command. To restore these files that are displayed in square brackets ([ ]), run the undelete command. To clear these files from the recycle bin, run the reset recycle-bin command.

    If you delete a file using the /unreserved parameter, the file cannot be restored.

  • If you delete a specified storage device, all files are deleted from the root directory of the storage device.

  • If you delete two files with the same name from different directories, the last file deleted is kept in the recycle bin.

  • If you attempt to delete a protected file, such as a license file, configuration file, or patch filer, a system prompt is displayed.

  • You cannot delete a directory by running the delete command. To delete a directory, run the rmdir (user view) command.

Example

# Delete the file test.txt from the cfcard:/test/ directory in the CF card.

<HUAWEI> delete cfcard:/test/test.txt
Delete cfcard:/test/test.txt?[Y/N]:y
Info: Deleting file cfcard:/test/test.txt...succeeded.

# Delete the file test.txt from the current working directory cfcard:/selftest.

<HUAWEI> delete test.txt
Delete cfcard:/selftest/test.txt?[Y/N]:y

dir (user view)

Function

The dir command displays information about files and directories in the storage medium.

Format

dir [ /all ] [ filename | directory | /all-filesystems ]

Parameters

Parameter

Description

Value

/all

Displays information about all files and directories in the current directory, including files and directories moved to the recycle bin from the current directory.

-

filename

Specifies the file name.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

directory

Specifies the file directory.

The value is a string of 1 to 64 case-insensitive characters without spaces in the [ drive ] path format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

/all-filesystems

Display information about files and directories in the root directories of all the storage media on the device.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

The wildcard character (*) can be used in this command. If no parameter is specified, this command displays information about files and directories in the current directory.

The following describes the drive name:

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

You can run the dir /all command to view information about all files and directories of the storage medium, including those moved to the recycle bin. The name of a file in the recycle bin is placed in square brackets ([]), for example, [test.txt].

Example

# Display information about all files and directories in the current directory.

<HUAWEI> dir /all
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-             14  Feb 27 2012 11:20:12   back_time_a
    1  -rw-             16  Dec 28 2011 13:10:56   abc.tbl
    2  drw-              -  Feb 25 2012 14:19:56   logfile
    3  drw-              -  Oct 31 2011 15:05:26   sysdrv
    4  drw-              -  Feb 25 2012 14:20:08   compatible
    5  drw-              -  Oct 31 2011 15:19:02   selftest
    6  -rw-             14  Feb 27 2012 11:20:12   back_time_b
    7  -rw-          9,637  Feb 25 2012 14:18:22   vrpcfg.cfg
    8  -rw-              4  Jan 18 2012 16:34:56   snmpnotilog.txt
    9  -rw-          1,968  Feb 25 2012 14:20:22   private-data.txt
   10  -rw-            637  Nov 04 2011 11:48:46   cacert.der
   11  -rw-          4,303  Feb 09 2012 21:16:06   vrpcfg1.cfg.bak
   12  -rw-            639  Nov 04 2011 11:49:04   rootcert.der
   13  drw-              -  Nov 04 2011 11:50:24   security
   14  -rw-             13  Nov 29 2011 20:33:40   tftp_test.txt
   15  -rw-     52,770,448  Dec 05 2011 17:00:06   basicsoft.cc
   16  -rw-     98,139,547  Jan 31 2012 16:11:52   devicesoft.cc
   17  -rw-        463,309  Jan 31 2012 15:55:40   rbsaveddata.txt
   18  -rw-              7  Nov 25 2011 11:13:46   [copyfile.txt]
   19  -rw-             13  Nov 29 2011 19:06:18   [ftp_test.txt]

509,256 KB total (272,952 KB free)
              

# Display information about files and directories in the root directories of all the storage media on the device.

<HUAWEI> dir /all-filesystems
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-             14  Feb 27 2012 11:20:12   back_time_a
    1  -rw-             16  Dec 28 2011 13:10:56   abc.tbl
    2  drw-              -  Feb 25 2012 14:19:56   logfile
    3  drw-              -  Oct 31 2011 15:05:26   sysdrv
    4  drw-              -  Feb 25 2012 14:20:08   compatible
    5  drw-              -  Oct 31 2011 15:19:02   selftest
    6  -rw-             14  Feb 27 2012 11:20:12   back_time_b
    7  -rw-          9,637  Feb 25 2012 14:18:22   vrpcfg.cfg
    8  -rw-              4  Jan 18 2012 16:34:56   snmpnotilog.txt
    9  -rw-          1,968  Feb 25 2012 14:20:22   private-data.txt
   10  -rw-            637  Nov 04 2011 11:48:46   cacert.der
   11  -rw-          4,303  Feb 09 2012 21:16:06   vrpcfg1.cfg.bak
   12  -rw-            639  Nov 04 2011 11:49:04   rootcert.der
   13  drw-              -  Nov 04 2011 11:50:24   security
   14  -rw-             13  Nov 29 2011 20:33:40   tftp_test.txt
   15  -rw-     52,770,448  Dec 05 2011 17:00:06   basicsoft.cc
   16  -rw-     98,139,547  Jan 31 2012 16:11:52   devicesoft.cc
   17  -rw-        463,309  Jan 31 2012 15:55:40   rbsaveddata.txt

509,256 KB total (272,952 KB free)

Directory of flash:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-             14  Nov 01 2011 09:20:47   back_time_a
    1  -rw-             14  Dec 02 2011 16:56:34   back_time_c
    2  -rw-             14  Dec 02 2011 16:58:33   back_time_b
    3  -rw-            396  May 22 2012 15:11:30   hostkey
    4  -rw-            540  May 22 2012 15:11:33   serverkey

47,376 KB total (47,248 KB free) 

# Display information about the file vrpcfg.cfg in the current directory.

<HUAWEI> dir vrpcfg.cfg
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-          9,637  Feb 25 2012 14:18:22   vrpcfg.cfg

509,256 KB total (272,952 KB free)

# Display information about all .txt files in the current directory.

<HUAWEI> dir *.txt
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-              4  Jan 18 2012 16:34:56   snmpnotilog.txt
    1  -rw-          1,968  Feb 25 2012 14:20:22   private-data.txt
    2  -rw-             13  Nov 29 2011 20:33:40   tftp_test.txt
    3  -rw-        463,309  Jan 31 2012 15:55:40   rbsaveddata.txt

509,256 KB total (272,952 KB free)

# Display information about the directory security in the current directory.

<HUAWEI> dir security
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  drw-              -  Nov 04 2011 11:50:24   security

509,256 KB total (272,952 KB free)

# Display information about files in the directory security in the current directory.

<HUAWEI> dir security/
Directory of cfcard:/security/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-            637  Nov 04 2011 11:49:58   cacert.der
    1  -rw-            639  Nov 04 2011 11:50:24   rootcert.der

509,256 KB total (272,952 KB free)
Table 2-52  Description of the dir command output

Item

Description

d

Directory. If this item is not displayed, the corresponding FileName field displays a file. For example, devicesoft.cc is a file and security is a directory.

r

The file or directory is readable.

w

The file or directory is writable.

[ ]

A file moved to the recycle bin.

FileName

  • private-data.txt: The file saves service initialization data. Initialization data of some tasks is irrelevant to the configuration and is not recorded in the configuration file. The private-data.txt file records initialization data of these tasks, for example, the number of times the device restarts.
  • vrpcfg.cfg: configuration file. The file name extension of the configuration file must be .cfg or .zip.
  • basicsoft.cc: system software. The file name extension of the system software must be .cc.
  • logfile: log file.

Some software sub-systems store necessary data in other files in the file system when the device is running properly.

dir/ls (FTP client view)

Function

The dir and ls commands display all files or specified files that are stored on the FTP server, and save them to a local disk.

Format

dir [ remote-filename [ local-filename ] ]

ls [ remote-filename [ local-filename ] ]

Parameters

Parameter Description Value
remote-filename Specifies the name and directory of a file stored on the FTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.
local-filename Specifies the name of the local file that saves the FTP server file information. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes differences between the dir and ls commands.

  • When you run the dir command, detailed file information is displayed, including the file size, date when the file was created, whether the file is a directory, and whether the file can be modified. When you run the ls command, only the file name is displayed.
  • The dir command is used to save detailed file information, while the ls command is used to save only the file name even if the file is specified and saved in a local directory.

Precautions

The wildcard (*) character can be used in commands dir and ls.

Example

# Display the name or detailed information about a file that is saved in the test directory.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] cd test 
250 CWD command successfully.

[ftp] dir
200 Port command okay.
150 Opening ASCII mode data connection for *.
drwxrwxrwx   1 noone    nogroup         0 Mar 24 10:48 .
drwxrwxrwx   1 noone    nogroup         0 Mar 26 15:52 ..
drwxrwxrwx   1 noone    nogroup         0 Mar 23 16:04 yourtest
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 10:38 backup.txt
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 10:38 backup1.txt 
226 Transfer complete.
[ftp] ls
200 Port command okay.
150 Opening ASCII mode data connection for *.
.
..
yourtest
backup.txt
backup1.txt
226 Transfer complete.

# Display the detailed information for the file temp.c, and save the displayed information in file temp1.

[ftp] dir temp.c temp1
200 Port command okay.
150 Opening ASCII mode data connection for temp.c.

226 Transfer complete.

[ftp] quit

221 Server closing.
<HUAWEI> more temp1
-rwxrwxrwx  1  noone   nogroup  3929  Apr 27 18:13  temp.c

# Display the name of file test.bat, and save the displayed information in file test.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] ls test.bat test
200 Port command okay.
150 Opening ASCII mode data connection for test.bat.

226 Transfer complete.

[ftp] quit

221 Server closing.
<HUAWEI> more test
test.bat
Table 2-53  Description of the dir/Is command output

Item

Description

d

Indicates a directory. If this parameter is not present, the command output indicates a file.

r

Indicates that the file or directory can be read.

w

Indicates that the file or directory can be modified.

dir/ls (SFTP client view)

Function

The dir and ls commands display a list of specified files that are stored on the SFTP server.

Format

dir [ -l | -a ] [ remote-directory ]

ls [ -l | -a ] [ remote-directory ]

Parameters

Parameter Description Value
-l Displays detailed information about all files and directories in a specified directory. -
-a Displays names of all files and directories in a specified directory. -
remote-directory Specifies the name of a directory on the SFTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

The dir and ls commands are equivalent.
  • If -l and -a parameters are not specified, detailed information about all files and directories in a specified directory is displayed when you run the dir or ls command. The effect is the same as the dir -l command output.
  • By default, if the remote-directory parameter is not specified, the list of current directory files is displayed when you run the dir or ls command.

Example

# Display a list of files in the test directory of the SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> dir test
drwxrwxrwx   1 noone    nogroup         0 Mar 24 2012 .
drwxrwxrwx   1 noone    nogroup         0 Mar 29 2012 ..
-rwxrwxrwx   1 noone    nogroup         0 Mar 24 2012 yourtest
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 2012 backup.txt
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 2012 backup1.txt
sftp-client> dir -a test
.
..
yourtest
backup.txt
backup1.txt
sftp-client> ls test
drwxrwxrwx   1 noone    nogroup         0 Mar 24 2012 .
drwxrwxrwx   1 noone    nogroup         0 Mar 29 2012 ..
-rwxrwxrwx   1 noone    nogroup         0 Mar 24 2012 yourtest
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 2012 backup.txt
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 2012 backup1.txt
sftp-client> ls -a test
.
..
yourtest
backup.txt
backup1.txt

disconnect

Function

The disconnect command terminates the connection with the remote FTP server and displays the FTP client view.

Format

disconnect

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

This command is equivalent to the close command.

You can run the bye and quit commands to terminate the connection with the remote FTP server and enter the user view.

To enter the user view from the FTP client view, you can run the bye or quit command.

Example

# Terminate the connection with the remote FTP server and enter the FTP client view.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] disconnect

221 Server closing.

[ftp]
Related Topics

display ftp-client

Function

The display ftp-client command displays the source IP address configured for the FTP client.

Format

display ftp-client

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

The default source IP address 0.0.0.0 is used if ftp client-source is not configured.

Example

# Display the source IP address of the FTP client.

<HUAWEI> display ftp-client
The source address of FTP client is 10.1.1.1.
Table 2-54  Description of the display ftp-client command output

Item

Description

The source IP address of FTP client is 10.1.1.1.

10.1.1.1 is the source IP address of the FTP client.

You can run the ftp client-source command to configure the source IP address.

If a source IP address has been configured by using the ftp client-source command, the message "The source interface of FTP client is LoopBack0" is displayed.

Related Topics

display ftp-server

Function

The display ftp-server command displays FTP server parameter settings.

Format

display [ ipv6 ] ftp-server

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run this command to display FTP server parameter settings.

Example

# Display FTP server parameter settings.

<HUAWEI> display ftp-server
   FTP server is running
   Max user number                 5
   User count                      1
   Timeout value(in minute)        30
   Listening port                  21
   Acl number                      2010
   FTP server's source address     10.1.1.1
   FTP SSL policy
   FTP Secure-server is stopped 

# Display FTP server parameter settings when the secure FTP server function is enabled.

<HUAWEI> display ftp-server
   FTP server is stopped
   Max user number                 5
   User count                      0
   Timeout value(in minute)        1
   Listening port                  21
   Acl number                      0
   FTP server's source interface   LoopBack0
   FTP SSL policy
   FTP Secure-server is running
Table 2-55  Description of the display ftp-server command output

Item

Description

FTP server is running

The FTP server starts.

You can run the ftp [ ipv6 ] server enable command to start the FTP server.

Max user number

Maximum number of users who can access the FTP server.

User count

Number of users who are accessing the FTP server.

Timeout value(in minute)

Idle timeout duration of FTP users.

You can run the ftp [ ipv6 ] timeout command to set the idle timeout duration of FTP users.

Listening port

Number of the listening port on the FTP server. The default value is 21.

If the value is not 21, you can run the ftp [ ipv6 ] server port command to configure the listening port number.

Acl number

Number of the ACL of the FTP server.

The default value is 0. You can run the ftp [ ipv6 ] acl command to change the ACL number.

FTP server's source address

Source IP address for the FTP server to send packets. The default value is 0.0.0.0.

You can run the ftp server-source command to configure the source IP address for the FTP server. Here, the source IP address 10.1.1.1 is displayed. If a source interface is configured, this field displays "FTP server's source interface LoopBack0."

NOTE:
If you run the display ipv6 ftp-server command, the FTP server's source interface LoopBack0 is not displayed.

FTP SSL policy

SSL policy that the secure FTP server function uses.

Before enabling the FTP function, you must run the ftp secure-server ssl-policy policy-name command to configure the SSL policy.

FTP Secure-server is stopped

Whether to enable the secure FTP server function.

To enable the secure FTP server function, disable the common FTP function and run the ftp secure-server enable command.

display ftp-users

Function

The display ftp-users command displays FTP user parameters on the FTP server.

Format

display ftp-users

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can check FTP user parameters on the FTP server, such as the FTP user name, IP address of the client host, port number, idle duration, and the authorized directories.

Example

# Display FTP user parameters.

<HUAWEI> display ftp-users
  username  host                                           port  idle  topdir
  user      10.138.77.41                                   4028  0     cfcard:/test
  huawei    10.137.217.159                                 51156 0     cfcard: 

The preceding information indicates that two users are connected to the FTP server.

Table 2-56  Description of the display ftp-users command output

Item

Description

username

FTP user name.

host

IP address of the client host.

port

Port number of the client host.

idle

Idle duration.

topdir

Authorized directory of a user.

You can run the local-user ftp-directory command to configure the authorized directory.

display scp-client

Function

The display scp-client command displays source parameters of the current SCP client.

Format

display scp-client

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display scp-client command to check source parameters of the SCP client.

If scp client-source { -a source-ip-address | -i interface-type interface-number } is not configured, source parameters are not displayed.

Example

# Display source parameters of the SCP client.

<HUAWEI> display scp-client
 The source of SCP ipv4 client: 10.1.1.1
Related Topics

display snmp-agent trap feature-name ftp_server all

Function

The display snmp-agent trap feature-name ftp_server all command displays all trap messages of the Ftp_server module.

Format

display snmp-agent trap feature-name ftp_server all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

After the alarm function is enabled, the display snmp-agent trap feature-name ftp_server all command can be used to display the status of all alarms about ftp_server management.

Example

# Display all trap messages of the ftp_server module.

<HUAWEI> display snmp-agent trap feature-name ftp_server all
------------------------------------------------------------------------------
Feature name: FTP_SERVER
Trap number : 2
------------------------------------------------------------------------------
Trap name                       Default switch status   Current switch status
hwFtpNumThreshold               off                     off
hwFtpNumThresholdResume         off                     off
Table 2-57  Description of the display snmp-agent trap feature-name ftp_server all command output

Item

Description

Feature name

Name of the module to which a trap message belongs.

Trap number

Number of trap messages.

Trap name

Name of a trap message of the Ftp_server module.
  • hwFtpNumThreshold: Trap message generated when the number of FTP users exceeds the threshold.
  • hwFtpNumThresholdResume: Trap message generated when the number of FTP users falls below the threshold.

Default switch status

Default status of the trap function:
  • on: indicates that the trap function is enabled.
  • off: indicates that the trap function is disabled.

Current switch status

Current status of the trap function:
  • on: indicates that the trap function is enabled.
  • off: indicates that the trap function is disabled.

display snmp-agent trap feature-name vfs all

Function

The display snmp-agent trap feature-name vfs all command displays all trap information about the VFS module.

Format

display snmp-agent trap feature-name vfs all

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Usage Scenario

The Simple Network Management Protocol (SNMP) is a standard network management protocol widely used on TCP/IP networks. It uses a central computer (a network management station) that runs network management software to manage network elements. The management agent on the network element automatically reports traps to the network management station. After that, the network administrator immediately takes measures to resolve the problem.

The display snmp-agent trap feature-name vfs all command can be used to display all traps on the VFS module.
  • Name of a trap supported on the VFS module: The trap name must be the same as that specified by the snmp-agent trap enable feature-name vfs [ trap-name trap-name ] command. The name of each trap indicates a fault on the network element.

  • Trap status on the VFS module: The trap name shows whether sending a trap is enabled.

Prerequisites

The SNMP function has been enabled on the network element. For the relevant command, see snmp-agent trap enable.

Example

# Display all trap information about the VFS module.

<HUAWEI> display snmp-agent trap feature-name vfs all
------------------------------------------------------------------------------
Feature name: VFS
Trap number : 5
------------------------------------------------------------------------------
Trap name                       Default switch status   Current switch status
hwFlhOperNotification           off                     off
hwSysMasterHDError              off                     off
hwSysSlaveHDError               off                     off
hwFlhSyncSuccessNotification    off                     off
hwFlhSyncFailNotification       off                     off
Table 2-58  Description of the display snmp-agent trap feature-name vfs all command output

Item

Description

Feature name

Name of the module that the trap message belongs

Trap number

Number of trap messages

Trap name

Alarm name:
  • hwFlhOperNotification: enables the system to send trap when the copy of flash is complete.
  • hwSysMasterHDError: enables the system to send trap when the hard disk of the master board cannot be read and written because of some errors.
  • hwSysSlaveHDError: enables the system to send trap when the hard disk of the slave boardcannot be read and written because of some errors.
  • hwFlhSyncSuccessNotification: enables the system to send trap when the copy of flash is success.
  • hwFlhSyncFailNotification: enables the system to send trap when the copy of flash is failed.

Default switch status

Status of the trap function by default:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

Current switch status

Current status of the trap function:
  • on: The trap function is enabled.
  • off: The trap function is disabled.

display sftp-client

Function

The display sftp-client command displays the source IP address configured for the SFTP client.

Format

display sftp-client

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run the display sftp client command to display the source IP address of the SFTP client. The default source IP address 0.0.0.0 is used if sftp client-source is not configured.

Example

# Display the source IP address configured for the SFTP client.

<HUAWEI> display sftp-client
The source address of SFTP client is 10.1.1.1.
Table 2-59  Description of the display sftp-client command output

Item

Description

The source address of SFTP client is 10.1.1.1.

10.1.1.1 is the source IP address of the SFTP client.

You can run the sftp client-source command to configure the source IP address for the SFTP client.

If an IP address has been configured for the source port, the message "The source interface of SFTP client is LoopBack0" is displayed.

display ssl policy

Function

The display ssl policy command displays information about an SSL policy.

Format

display ssl policy [ policy-name ]

Parameters

Parameter Description Value
policy-name

Displays the configuration of a specific SSL policy.

If the SSL policy name is not specified, configurations of all SSL policies are displayed.

The value is a string of 1 to 23 case-insensitive characters without spaces. The value can contain digits, letters, and underscores (_).

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display ssl policy command to display the SSL policy configuration when the device functions as a server or client.

After an SSL policy and its certificates are loaded and configured, you can run this command to obtain information such as the SSL policy name, service applications supported by the SSL policy, certificate name, and certificate type so that you can determine whether the existing SSL policy and certificates are available.

Example

# Display the configuration of SSL policy ftp_server.

<HUAWEI> display ssl policy ftp_server
       SSL Policy Name: ftp_server
     Policy Applicants:
         Key-pair Type: DSA
 Certificate File Type: ASN1
      Certificate Type: certificate
  Certificate Filename: servercert.der
     Key-file Filename: serverkey.der
             Auth-code:
                   MAC:
              CRL File:
       Trusted-CA File:
           Issuer Name:
   Validity Not Before:
    Validity Not After:

# Display the configuration of SSL policy ftp_client.

<HUAWEI> display ssl policy ftp_client

       SSL Policy Name: ftp_client
     Policy Applicants:
         Key-pair Type: RSA
 Certificate File Type: ASN1
      Certificate Type: certificate
  Certificate Filename: servercert.der
     Key-file Filename: serverkey.der
             Auth-code:
                   MAC:
              CRL File:
       Trusted-CA File:
           Issuer Name:
   Validity Not Before:
    Validity Not After:
Table 2-60  Description of the display ssl policy command output

Item

Description

SSL Policy Name

SSL policy name.

You can run the ssl policy command to configure the SSL policy name.

Policy Applicants

Service using SSL policies.

Currently, SSL policies are supported in HTTP and FTP services.

Key-pair Type

Type of a key pair.
  • RSA
  • DSA
  • ECC

You can run the certificate load command to configure the type of a key pair.

Certificate File Type

Certificate format. This parameter is mandatory when the device functions as a server.
  • PEM
  • ASN1
  • PFX

You can run the certificate load command to configure the certificate format.

Certificate Type

Certificate type. This parameter is mandatory when the device functions as a server.
  • certificate
  • certificate-chain

You can run the certificate load command to configure the certificate type.

Certificate Filename

Certificate name. This parameter is mandatory when the device functions as a server.

You can run the certificate load command to configure the certificate name.

Key-file Filename

Key pair file name. This parameter is mandatory when the device functions as a server.

You can run the certificate load command to configure the key pair file name.

Auth-code

Authentication code of a key file.

You can run the certificate load command to configure the authentication code of a key file. If an ASN1 certificate is loaded, the authentication code is unavailable.

MAC

Message authentication code.

The message authentication code is required only when you load PFX digital certificates. You can run the certificate load command to configure the message authentication code.

CRL File

CRL file. You are advised to configure the CRL file for a client.

You can run the crl load command to configure the CRL file.

Trusted-CA File

File of a trusted CA. This parameter is mandatory when the device functions as a client.

  • Format: file format.
  • Auth-code: authentication code of a PFX file. This field is displayed only when a PFX file has been loaded to the device.
  • Filename: file name.

You can run the trusted-ca load command to configure the file of a trusted CA.

Issuer Name

Issuer name.

Validity Not Before

Time when validity starts.

Validity Not After

Time when validity ends.

display tftp-client

Function

The display tftp-client command displays the source IP address configured for the TFTP client.

Format

display tftp-client

Parameters

None

Views

All views

Default Level

3: Management level

Usage Guidelines

You can run the display tftp client command to query source IP address of the TFTP client. The default source IP address is 0.0.0.0 if tftp client-source is not configured.

Example

# Display the source IP address configured for the TFTP client.

<HUAWEI> display tftp-client
The source address of TFTP client is 10.1.1.1.
Table 2-61  Description of the display tftp-client command output

Parameter

Description

The source address of TFTP client is 10.1.1.1.

10.1.1.1 is the source IP address of the TFTP client.

You can run the tftp client-source command to configure the source IP address for the TFTP client.

If the IP address is configured for the source port, the message "The source interface of TFTP client is LoopBack0" is displayed.

execute

Function

The execute command executes a specified batch file.

Format

execute batch-filename

Parameters

Parameter Description Value
batch-filename

Specifies the name of a batch file.

batch-filename supports file name association. The disk and directory where the file resides can be automatically associated.
  • Full help: All the disks of the device can be associated and displayed.
  • Partial help: The related disk, directory, and file can be associated and displayed after you enter a specified character string.
The value is a string of 5 to 160 case-insensitive characters without spaces. The file name extension is .bat.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If a series of commands are frequently executed, write these commands in a batch file, and store this file in system. In this way, you can only execute this command to run multiple commands which were manually entered before. This command improves maintenance and management efficiency.

NOTE:
  • The batch file is edited in .txt format. When editing the file, ensure that one command occupies one line. After editing the file, save the file and change the file name extension to .bat.

  • Transfer the batch file in file transmission mode to the device.

Prerequisites

Before running the execute command, ensure that the batch file to be processed is in the current directory; otherwise, the system cannot find the batch file.

Precautions

  • The commands in a batch file are run one by one. A batch file cannot contain invisible characters (control characters or escape characters, such as \r, \n, and \b). If any invisible character is detected, the execute command exits from the current process and no rollback is performed.

  • The execute command does not ensure that all commands can be run. If the system runs a wrong or immature command, it displays the error and goes to next command. The execute command does not perform the hot backup operation, and the command format or content is not restricted.

  • In case of interactive commands, batch file execution waits the device to interact with users before continuing.

NOTE:

When processing files in batches, add the echo off field in the first line to mask command line prompts. After the echo off field is added, the command line prompts and command lines are not displayed when command lines are processed in batches. Comply with the following rules:

  • The echo off field can be added only to the first line of the files to be processed in batches.
  • The echo off field is case-insensitive.
  • The line where the echo off field resides cannot contain any special characters, spaces excluded.

In the batch file, you can enter wait(time) between commands to set a command execution delay. The value of time ranges from 1 to 1800, in seconds. For example, wait(10) indicates that the next command is executed 10 seconds later. The value of wait(time) is case-insensitive. In the line where wait(time) resides, spaces cannot be placed before or after wait(time), or before or after time. Other characters are also not allowed.

Example

# Execute the test.bat file in the directory cfcard:/. The test.bat file contains three commands: system-view, aaa, and local-user huawei password irreversible-cipher Helloworld@6789.

<HUAWEI> system-view
[HUAWEI] execute test.bat
[HUAWEI]
         ^
Error: Unrecognized command found at '^' position.
[HUAWEI]
[HUAWEI-aaa]
 Info: Add a new user 
[HUAWEI-aaa]

When the system runs the first command system-view in current system view, it displays an error and continues to run the following commands.

The system displays the execution of a batch file in AAA view.

[HUAWEI-aaa] display this 
 local-user huawei password irreversible-cipher $1a$HW=5%Mr;:2)/RX$FnU1HLO%-TBMp4wn%;~\#%iAut}_~O%0L$

feat

Function

The feat command displays extended commands that the FTP server supports.

Format

feat

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

You can run the feat command to display extended functions that the FTP server supports, such as:

  • Authentication transport layer security (AUTH TLS)
  • Data channel protection level (PROT)
  • Protection buffer size (PBSZ)

Precautions

If no extended command is supported, the message "211 no features" is displayed.

Example

# Display extended commands that the FTP server supports.

[ftp] feat
211-Extension Supported
AUTH TLS
PROT
PBSZ
211 End
Table 2-62  Description of the feat command output

Parameter

Description

211 Value of the FTP relay code. The value is returned in the help information or system status query result.
AUTH TLS AUTH TLS commands supported.
PROT PROT commands supported.s
PBSZ PBSZ commands supported.

file prompt

Function

The file prompt command changes the prompt mode when you perform operations on files.

The undo file prompt command restores the default prompt mode.

The default prompt mode is alert.

Format

file prompt { alert | quiet }

undo file prompt quiet

Parameters

Parameter Description Value
alert Display a prompt message before users perform an operation. -
quiet Do not display a prompt message before users perform an operation. -

Views

System view

Default Level

3: Management level

Usage Guidelines

If the prompt mode is set to quiet, the system does not provide prompt messages when operations leading to data loss are executed, such as deleting or overwriting files. Therefore, this prompt mode should be used with caution.

Example

# Set the prompt mode to quiet. When you rename a copied file test.txt using an existing file name test1.txt, no prompt message is displayed.

<HUAWEI> system-view
[HUAWEI] file prompt quiet
[HUAWEI] quit
<HUAWEI> copy test.txt test1.txt
100%  complete
Info: Copied file cfcard:/test.txt to cfcard:/test1.txt...Done. 

# Set the prompt mode to alert.

<HUAWEI> system-view
[HUAWEI] file prompt alert
[HUAWEI] quit
<HUAWEI> copy test.txt test1.txt
Copy cfcard:/test.txt to cfcard:/test1.txt?[Y/N]:y
The file cfcard:/test1.txt exists. Overwrite it?[Y/N]:y
100%  complete
Info: Copied file cfcard:/test.txt to cfcard:/test1.txt...Done. 

fixdisk

Function

The fixdisk command restores a storage device in which the file system fails to run properly.

Format

fixdisk drive

Parameters

Parameter Description Value
drive Specifies the name of the storage device to restore.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the storage device name.
  • drive indicates the storage device and can be named as:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • In a CSS system, devicename can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

If the file system does not run properly, the system prompts you to restore it. You can run the fixdisk command to attempt to restore the file system. You can run the fixdisk command to release the space whose usage status is unknown from the storage device.

You can run the dir command to display information about a specified file or directory on the storage device. If the command output contains unknown, for example, 30,000 KB total (672 KB free, 25,560 KB used, 3,616 KB unknown), you can run the fixdisk command to release the space whose usage status is unknown.

Precautions

  • The fixdisk command is not recommended when the system works properly. This command cannot rectify device-level faults.

  • If you are still prompted to restore the storage device after running the fixdisk command, the physical medium may have been damaged.

  • Running the fixdisk command to restore a flash memory requires high CPU usage. Therefore, do not run this command when the CPU usage in the system is high.

Example

# Restore the CF card when an error message is displayed indicating that the CF card is faulty.

Lost chains in cfcard detected, please use fixdisk to recover them!
<HUAWEI> fixdisk cfcard:
% Fix disk cfcard: completed. 

format

Function

The format command formats a storage device.

Format

format drive

Parameters

Parameter Description Value
drive Specifies the name of the storage device to format. -

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the storage device name.
  • drive indicates the storage device and can be named as:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • In a CSS system, devicename can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

When the file system fault cannot be rectified or the data on the storage device is unnecessary, the storage device can be formatted. When you run the format command, all files and directories are cleared from the storage device.

Configuration Impact

When the storage device has the configuration file and system software package required for the next start, do not format the storage device because data on it will be deleted after the format. If the configuration file required for the next start is deleted, the configuration is lost after the switch restarts. If the system software package is deleted, the switch will fail to start.

Precautions

After the format command is run, files and directories are cleared from the specified storage device and cannot be restored. Therefore, this command should be used with caution.

If the storage device is still unavailable after the format command is run, a physical exception may have occurred.

Example

# Format the storage device.

<HUAWEI> format flash:
All data(include configuration and system startup file) on flash: will be lost, proceed with format ? [Y/N]:y
%Format flash: completed.

ftp

Function

The ftp command connects the FTP client to the FTP server and enters the FTP client view.

Format

# Connect the FTP client to the FTP server based on the IPv4 address.

ftp [ [ ssl-policy policy-name ] [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-number ] [ public-net | vpn-instance vpn-instance-name ] ]

# Connect the FTP client to the FTP server based on the IPv6 address.

ftp [ ssl-policy policy-name ] ipv6 host-ipv6 [ port-number ]

ftp [ ssl-policy policy-name ] ipv6 ipv6-linklocal-address -oi { interface-name | interface-type interface-number } [ port-number ]

Parameters

Parameter

Description

Value

ssl-policy policy-name

Specifies the name of the SSL policy that provides the secure FTP function.

The value is a string of 1 to 23 case-insensitive characters without spaces.

-a source-ip-address

Specifies the source IP address for connecting to the FTP client. You are advised to use the loopback interface IP address.

The value is in dotted decimal notation.

-i interface-type interface-number

Specifies the source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-
host-ip

Specifies the IP address or host name of the remote IPv4 FTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

When double quotation marks are used around the string, spaces are allowed in the string.

port-number

Specifies the port number of the FTP server.

The value is an integer that ranges from 1 to 65535. The default value is the standard port number 21.
public-net

Specifies the FTP server on the public network.

You must set the public-net parameter when the FTP server IP address is a public network IP address.

-
vpn-instance vpn-instance-name

Specifies the name of the VPN instance where the FTP server is located.

The value must be an existing VPN instance name.
host-ipv6 Specifies the IP address or host name of the remote IPv6 FTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

When double quotation marks are used around the string, spaces are allowed in the string.

ipv6-linklocal-address

Specifies the local link address that is automatically generated by the remote IPv6 FTP server.

-

-oi

Specifies the outbound interface for the local IPv6 link address.

-

interface-name

Specifies the name of the outbound interface for the local IPv6 link address.

-

interface-typeinterface-number

Specifies the number of the outbound interface for the local IPv6 link address.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Before accessing the FTP server on the FTP client, you must first run the ftp command to connect the FTP client to the FTP server. To set up a secure FTP connection based on the SSL protocol between the FTP client and server, you must set the ssl-policy parameter.

Precautions

  • Before running the ftp command to set up a secure FTP connection, you must perform the following steps on the FTP client:
    1. In the system view, run the ssl policy command to create an SSL policy and enter the SSL policy view.

    2. In the SSL policy view, run the trusted-ca load command to load a trusted CA.

    3. In the SSL policy view, run the crl load command to load a CRL. This step is optional but recommended.

  • You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified on the IPv4 network. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.
  • You can run the set net-manager vpn-instance command to configure the NMS management VPN instance before running the open command to connect the FTP client and server.
    • If public-net or vpn-instance is not specified, the FTP client accesses the FTP server in the VPN instance managed by the NMS.

    • If public-net is specified, the FTP client accesses the FTP server on the public network.

    • If vpn-instance vpn-instance-name is specified, the FTP client accesses the FTP server in a specified VPN instance.

  • If no parameter is set in the ftp command, only the FTP view is displayed, and no connection is set up between the FTP server and client.
  • If the port number that the FTP server uses is non-standard, you must specify a standard port number; otherwise, the FTP server and client cannot be connected.
  • When you run the ftp command, the system prompts you to enter the user name and password for logging in to the FTP server. You can log in to the FTP server if the user name and password are correct.
  • If the number of login users exceeds the maximum value that the FTP server allows, other authorized users cannot log in to the FTP server. To allow news authorized users to log in to the FTP server, users who have performed FTP services must disconnect their clients from the FTP server. You can run the bye or quit command to disconnect the FTP client from the FTP server and return to the user view, or run the close or disconnect command to disconnect the FTP client from the FTP server and retain in the FTP client view.

Example

# Connect to the FTP server whose IP address is 10.137.217.201.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp]
# Connect to the remote IPv6 FTP server whose address is fc00:2001:db8::1.
<HUAWEI> ftp ipv6 fc00:2001:db8::1
Trying fc00:2001:db8::1
Press CTRL+K to abort
Connected to ftp fc00:2001:db8::1
220 FTP service ready.
User(fc00:2001:db8::1:(none)):huawei
331 Password required for huawei
Enter Password:
230 User logged in.
[ftp]

# Connect to the FTPS server whose IP address is 10.1.1.2.

<HUAWEI> ftp ssl-policy ftp_server 10.1.1.2
Trying 10.1.1.2 ...
Press CTRL+K to abort
Connected to 10.1.1.2.
220 FTP service ready.
234 AUTH command successfully, Security mechanism accepted.
200 PBSZ is ok.
200 Data channel security level is changed to private.
User(10.1.1.2:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.

[ftp]
Related Topics

ftp acl

Function

The ftp acl command specifies an ACL number for the current FTP server so that the FTP client with the same ACL number can access the FTP server.

The undo ftp acl command deletes an ACL number of the current FTP server.

By default, no ACL is configured for FTP server.

Format

ftp [ ipv6 ] acl acl-number

undo ftp [ ipv6 ] acl

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -
acl-number Specifies the number of the ACL. The value is an integer that ranges from 2000 to 3999.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To ensure the security of an FTP server, you need to configure an ACL for it to specify FTP clients that can access the current FTP server.

Precautions

The ftp server acl command takes effect only after you run the rule command to configure the ACL rule.

Example

# Allow the client whose ACL number is 2000 to log in to the FTP server.

<HUAWEI> system-view
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 10.10.10.1 0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] ftp acl 2000
Related Topics

ftp client-source

Function

The ftp client-source command specifies the source IP address for the FTP client to send packets.

The undo ftp client-source command restores the default source IP address for the FTP client to send packets.

The default source IP address for the FTP client to send packets is 0.0.0.0.

Format

ftp client-source { -a source-ip-address | -i interface-type interface-number }

undo ftp client-source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address. You are advised to use the loopback interface IP address.

The value is in dotted decimal notation.
-i interface-type interface-number

Specifies the loopback interface of the FTP server as the source interface.

The IP address configured for the source interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Prerequisites

The loopback source interface specified using the command must exist and have an IP address configured.

Precautions

  • The ftp client-source command sets the source interface only to loopback interface.

  • You can also run the ftp command to configure the source IP address whose priority is higher than that of the source IP address specified by the ftp client-source command. If you specify the source IP addresses by running the ftp client-source and ftp commands, the source IP address specified by the ftp command is used for data communication and is available only for the current FTP connection, while the source IP address specified by the ftp client-source command is available for all FTP connections.

  • The IP address that a user displays on the FTP server is the specified source IP address or source interface IP address.

Example

# Set the source IP address of the FTP client to 10.1.1.1.

<HUAWEI> system-view
[HUAWEI] ftp client-source -a 10.1.1.1
Info: Succeeded in setting the source address of the FTP client to 10.1.1.1.

ftp secure-server enable

Function

The ftp secure-server enable command enables the secure FTP server function for FTP users.

The undo ftp secure-server command disables the secure FTP server function.

By default, the secure FTP server function is disabled.

Format

ftp [ ipv6 ] secure-server enable

undo ftp [ ipv6 ] secure-server

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

After SSL policies are configured on an FTP server, the secure FTP server function is provided based on SSL policies. To use the secure FTP server function, you must run the ftp secure-server enable command to enable the secure FTP server function. You can log in to the FTP server with secure FTP function configured from a client, and manage files between the FTP server and client.

Prerequisites

To enable the secure FTP server function, you must disable the common FTP server function.

Precautions

If the FTP server function is disabled, no user can log in to the FTP server, and users who have logged in to the FTP server cannot perform any operation except logout.

Example

# Enable the secure FTP server function.
<HUAWEI> system-view
[HUAWEI] ftp secure-server enable

ftp secure-server ssl-policy

Function

The ftp secure-server ssl-policy command configures an SSL policy for the FTP server.

The undo ftp secure-server ssl-policy command deletes an SSL policy from the FTP server.

By default, no SSL policy is configured for the FTP server.

Format

ftp secure-server ssl-policy policy-name

undo ftp secure-server ssl-policy

Parameters

Parameter Description Value
policy-name Specifies the name of an SSL policy. The value is a string of 1 to 23 case-insensitive characters without spaces. When double quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The traditional FTP function transmits data in plain text, which can be intercepted and tampered with. You can run the ftp secure-server ssl-policy command to configure anSSL policy for the FTP server to ensure data security so that the FTP server implements session negotiation, sets up connections, and transmits data based on the SSL policy. You can log in to the FTP server from a client and manage files between the FTP server and client.

Prerequisites

Before running the ftp secure-server ssl-policy command to configure the SSL policy, you must first run the ssl policy command to create anSSL policy for the FTP server.

Precautions

  • You must apply for a digital certificate for the FTP client from a trusted CA to authenticate the validity of the FTP server digital certificate.

  • Only one SSL policy can be configured for the FTP server, and the latest configured SSL policy takes effect.

Example

# Configure an SSL policy for the FTP server.

<HUAWEI> system-view
[HUAWEI] ftp secure-server ssl-policy ftp_server

ftp server enable

Function

The ftp server enable command enables the FTP server function to allow FTP users to log in to the FTP server.

The undo ftp server command disables the FTP server function so that FTP users cannot log in to the FTP server.

By default, the FTP function is disabled.

Format

ftp [ ipv6 ] server enable

undo ftp [ ipv6 ] server

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

To manage FTP server files on a client, you must run the ftp server enable command to enable the FTP server function to allow FTP users to log in to the FTP server.

If the FTP server function is disabled, no user can log in to the FTP server, and users who have logged in to the FTP server cannot perform any operation except logout.

The FTP protocol compromises device security. SFTP V2 or FTPS mode is recommended.

After the ftp server enable command is run, the device receives login connection requests from all interfaces by default. Therefore, there are security risks. You are advised to run theftp server-source command to specify the source interface of the FTP server.

Example

# Enable the FTP server function.

<HUAWEI> system-view
[HUAWEI] ftp server enable
Warning: FTP is not a secure protocol, and it is recommended to use SFTP.
Info: Succeeded in starting the FTP server.
Related Topics

ftp server port

Function

The ftp server port command specifies the listening port number of the FTP server.

The undo ftp server port command restores the default value of the listening port number.

The default value is 21.

Format

ftp [ ipv6 ] server port port-number

undo ftp [ ipv6 ] server port

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -
port port-number Specifies the listening port number of the FTP server. The value is 21 or an integer that ranges from 1025 to 55535.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

By default, the listening port number of the FTP server is 21. Attackers may frequently access the default listening port, which wastes bandwidth, deteriorates server performance, and prevents authorized users from accessing the FTP server through the listening port. You can run the ftp server port command to specify another listening port number to prevent attackers from accessing the listening port.

Prerequisites

Before running the ftp server port command to specify the listening port number, you must first run the undo ftp server command to disable FTP services.

Precautions

  • After the ftp server port command is executed, the FTP server disconnects all FTP connections and uses the new listening port.

  • If the current listening port number is 21, FTP client users do not need to specify the port number for logging in to the FTP server. If the current listening port number is not 21, FTP client users must use the FTP server's listening port number to log in to the FTP server.

  • After the listening port number is changed, you must run the ftp server enable command to enable FTP services to make the configuration take effect.

Example

# Change the port number of the FTP server to 1028.
<HUAWEI> system-view
[HUAWEI] undo ftp server
[HUAWEI] ftp server port 1028
Related Topics

ftp server-source

Function

The ftp server-source command specifies the source IP address for an FTP server to send packets.

The undo ftp server-source command restores the default source IP address for an FTP server to send packets.

The default source IP address for the FTP server to send packets is 0.0.0.0.

Format

ftp server-source { -a source-ip-address | -i interface-type interface-number }

undo ftp server-source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the loopback IP address of the FTP server as the source IP address.

-
-i interface-type interface-number

Specifies the loopback interface of the FTP server as the source interface.

The primary IP address of the source interface is the source IP address for sending packets. If no IP address is configured for the source IP address, the FTP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address (0.0.0.0 by default) is specified, the FTP server uses the source IP address specified by routes to send packets. The source IP address must be configured for an interface with stable performance, such as the loopback interface. Using the loopback interface as the source IP address simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Precautions

  • The ftp server-source command specifies the source IP address only to the loopback IP address or loopback interface information.
  • After the source IP address is specified for the FTP server, you must use the specified IP address to log in to the FTP server.
  • If the FTP service has been enabled, the FTP service restarts after the ftp server-source command is executed.

Example

# Set the source IP address of the FTP server to LoopBack0.

<HUAWEI> system-view
[HUAWEI] ftp server-source -i loopback 0
Warning: To make the server source configuration take effect, the FTP server will be restarted. Continue? [Y/N]: y
Info: Succeeded in setting the source interface of the FTP server to LoopBack0.
Info: Succeeded in starting the FTP server.

ftp timeout

Function

The ftp timeout command configures the idle timeout duration of the FTP server.

The undo ftp timeout command restores the default idle timeout duration.

By default, the idle timeout duration of the FTP server is 10 minutes.

Format

ftp [ ipv6 ] timeout minutes

undo ftp [ ipv6 ] timeout

Parameters

Parameter Description Value
ipv6 Specifies the IPv6 FTP server. -
minutes Specifies idle timeout duration. The value is an integer that ranges from 1 to 35791, in minutes. By default, the idle timeout duration is 10 minutes.

Views

System view

Default Level

3: Management level

Usage Guidelines

After a user logs in to the FTP server, a connection is set up between the FTP server and the user's client. The idle timeout duration is configured to release the connection when the connection is interrupted or when the user performs no operation for a specified time.

When you use the get command in the FTP view to overwrite a file, the operation may fail due to timeout of the FTP connection. To prevent this problem, set a long timeout period for the FTP connection.

Example

# Set the idle timeout duration to 36 minutes.

<HUAWEI> system-view
[HUAWEI] ftp timeout 36
Related Topics

get (SFTP client view)

Function

The get command downloads a file from the SFTP server and saves the file to the local device.

Format

get remote-filename [ local-filename ]

Parameters

Parameter Description Value
remote-filename Specifies the name of the file to be downloaded from the SFTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.
local-filename Specifies the name of a downloaded file to be saved to the local device. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the get command to download files from the FTP server to upgrade devices.

Precautions

  • If local-filename is not specified on the local device, the original file name is used.

  • If the name of the downloaded file is the same as that of an existing local file, the system prompts you whether to overwrite the existing file.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Download a file from the SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> get test.txt
Remote file: / test.txt --->  Local file: test.txt
Info: Downloading file successfully ended.

get (FTP client view)

Function

The get command downloads a file from the FTP server and saves the file to the local device.

Format

get remote-filename [ local-filename ]

Parameters

Parameter Description Value
remote-filename Specifies the name of the file to be downloaded from the FTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.
local-filename Specifies the name of a downloaded file to be saved to the local device. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the get command to download system software, backup configuration files, and patch files from the FTP server to upgrade devices.

Precautions

  • If the downloaded file name is not specified on the local device, the original file name is used.

  • If the name of the downloaded file is the same as that of an existing local file, the system prompts you whether to overwrite the existing file.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Download the system software devicesoft.cc from the FTP server.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] get devicesoft.cc
200 Port command successful.
150 Opening BINARY mode data connection for file transfer.
226 Transfer complete 
FTP: 6482944 byte(s) received in 54.500 second(s) 1117.40Kbyte(s)/sec. 
Related Topics

help (SFTP client view)

Function

The help command displays the help information in the SFTP client view.

Format

help [ all | command-name ]

Parameters

Parameter Description Value
all Displays all commands in the SFTP client view. -
command-name Displays the format and parameters of a specified command in the SFTP client view. -

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In the SFTP view, you can only enter the question mark (?) to obtain all commands in the SFTP client view. If you enter a command keyword and the question mark (?) to query command parameters, an error message is displayed, as shown in the following:

sftp-client> dir ?
Error: Failed to list files. 

You can run the help command to obtain the help information and display all commands or a command format in the SFTP client view.

Precautions

If you specify no parameter when running the help command, all commands in the SFTP client view are displayed. This has the same effect as the help all command or directly entering the question mark (?) in the SFTP client view.

Example

# Display the format of the command get.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> help get
get Remote file name STRING<1-64>   [Local file name STRING<1-64>]  Download file
Default local file name is the same with remote file.

# Display all commands in the SFTP client view.

sftp-client> help all
cd
cdup
dir
get
help
ls
mkdir
put
pwd
quit
rename
remove
rmdir
Related Topics

lcd

Function

The lcd command displays and changes the local working directory of the FTP client in the FTP client view.

Format

lcd [ local-directory ]

Parameters

Parameter Description Value
local-directory Specifies the local working directory of the FTP client. The value is a string of 1 to 128 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the lcd command to display the local working directory of the FTP client when uploading or downloading files, and set the upload or download path to the path of the local working directory.

Precautions

The lcd command displays the local working directory of the FTP client, while the pwd command displays the working directory of the FTP server. If you specify the parameter local-directory in the lcd command, you can directly change the local working directory in the FTP client view.

Example

# Change the local working directory to cfcard:/test.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] lcd
The current local directory is cfcard:.
[ftp] lcd cfcard:/test
The current local directory is cfcard:/test.
Related Topics

mget

Function

The mget command downloads multiple files from the remote FTP server to the local device.

Format

mget remote-filenames

Parameters

Parameter Description Value
remote-filenames Specifies multiple files to download to the local device. File names are separated using spaces, and the wildcard (*) is supported. The value is a string of 1 to 255 characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the mget command to download multiple files at the same time.

Precautions

  • The command cannot download all files in a directory or subdirectory.

  • If the name of the downloaded file is the same as that of an existing local file, the system prompts you whether to overwrite the existing file.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Download files 1.txt, 2.txt, and vrp221.cfg from the remote FTP server.

<HUAWEI> ftp 10.10.10.1
Trying 10.10.10.1 ...
Press CTRL+K to abort
Connected to 10.10.10.1.
220 FTP service ready.
User(10.10.10.1:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.  

[ftp]mget 1.txt 2.txt vrp221.cfg 
200 Port command okay.
150 Opening ASCII mode data connection for 1.txt.

226 Transfer complete.
FTP: 3885 byte(s) received in 0.174 second(s) 22.32Kbyte(s)/sec.

200 Port command okay.
150 Opening ASCII mode data connection for 2.txt.

226 Transfer complete.
FTP: 8721 byte(s) received in 0.179 second(s) 48.72Kbyte(s)/sec.

200 Port command okay.
150 Opening ASCII mode data connection for vrp221.cfg.

226 Transfer complete.
FTP: 6700 byte(s) received in 0.151 second(s) 44.37Kbyte(s)/sec.   

[ftp]  
Related Topics

mkdir (FTP client view)

Function

The mkdir command creates a directory on the remote FTP server.

Format

mkdir remote-directory

Parameters

Parameter Description Value
remote-directory Specifies the directory to be created. The value is a string of case-insensitive characters without spaces. The absolute path length ranges from 1 to 64, while the directory name length ranges from 1 to 15.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

  • You can run the mkdir command to create a subdirectory in a specified directory, and the subdirectory name must be unique.

  • If no path is specified when you create a subdirectory, the subdirectory is created in the current directory.

  • The created directory is stored on the FTP server.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Create a directory test on the remote FTP server.

<HUAWEI> ftp 172.16.104.110
Trying 172.16.104.110 ...
Press CTRL+K to abort
Connected to 172.16.104.110.
220 FTP service ready.
User(172.16.104.110:(none)):huawei
331 Password required for huawei
Enter password:
230 User logged in.
[ftp] mkdir test
257 "test" new directory created.

mkdir (SFTP client view)

Function

The mkdir command creates a directory on the remote SFTP server.

Format

mkdir remote-directory

Parameters

Parameter Description Value
remote-directory Specifies the directory to be created. The value is a string of case-insensitive characters without spaces. The absolute path length ranges from 1 to 64, while the directory name length ranges from 1 to 15.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • You can run the mkdir command to create a subdirectory in a specified directory, and the subdirectory name must be unique.

  • If no path is specified when you create a subdirectory, the subdirectory is created in the current directory.

  • The created directory is stored on the SFTP server.

  • After a directory is created, you can run the dir/ls (SFTP client view) command to view the directory.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Create a directory on the SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> mkdir ssh
Info: Succeeded in creating a directory.

mkdir (User view)

Function

The mkdir command creates a directory in the current storage device.

Format

mkdir directory

Parameters

Parameter

Description

Settings

directory

Specifies a directory or directory and its path.

The value is a string of case-insensitive characters in the [ drive ] [ path ] directory format. The absolute path length ranges from 1 to 64, while the directory name length ranges from 1 to 15.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

Characters such as ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.
  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

If you only the subdirectory name is specified, a subdirectory is created in the current working directory. You can run the pwd (user view) command to query the current working directory. If the subdirectory name and directory path are specified, the subdirectory is created in the specified directory.

Precautions

  • The subdirectory name must be unique in a directory; otherwise, the message "Error: Directory already exists." is displayed.

  • A maximum of four directory levels are supported when you create a directory.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Create the subdirectory new in the CF card.

<HUAWEI> mkdir cfcard:/new
Info: Create directory cfcard:/new......Done.
Related Topics

more

Function

The more command displays the content of a specified file.

Format

more filename [ offset ] [ all ]

Parameters

Parameter Description Value
filename Specifies the file name.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

offset Specifies the file offset. The value is an integer that ranges from 0 to 2147483647, in bytes.
all Displays all the file content on one screen. -

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the more command to display the file content directly on a device.

  • The following describes the drive name.

    • drive is the storage device and is named as follows:
      • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
      • flash: root directory of the flash memory on the master MPU.
      • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
      • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
    • If devices are in CSS, drive can be named as:

      • cfcard: root directory of the CF card on the master MPU.
      • flash: root directory of the flash memory on the master MPU.
      • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
      • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

      For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

  • The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
    • cfcard:/my/test/ is an absolute path.

    • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

    • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • You are not advised to use this command to display non-text files; otherwise, the terminal is shut down or displays garbled characters, which is harmless to the system.

  • Files are displayed in text format.

  • You can display the file content flexibly by specifying parameters before running the more command:
    • You can run the more filename command to view a specified text file. The content of the specified text file is displayed on multiple screens. You can press the spacebar consecutively on the current session GUI to display all content of the file.

      To display the file content on multiple screens, you must ensure that:
      • The number of lines that can be displayed on a terminal screen is greater than 0. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)
      • The total number of file lines is greater than the number of lines that can be displayed on a terminal screen. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)
    • You can run the more filename offset command to view a specified file. The content of the specified text file starting from offset is displayed on multiple screens. You can press the spacebar consecutively on the current session GUI to display all content of the file.

      To display the file content on multiple screens, you must ensure that:
      • The number of lines that can be displayed on a terminal screen is greater than 0. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)
      • The number of lines starting from offset in the file is greater than the number of lines that can be displayed on a terminal screen. (The number of lines that can be displayed on a terminal screen is set by running the screen-length command.)
    • You can run the more file-name all command to view a specified file. The file content is displayed on one screen.

Example

# Display the content of the file test.bat.

<HUAWEI> more test.bat
rsa local-key-pair create
user-interface vty 12 14
authentication-mode aaa
protocol inbound ssh
user privilege level 5
quit
ssh user sftpuser authentication-type password
ssh user sftpuser service-type all
sftp server enable
# Display the content of the file log.txt and set the offset to 100.
<HUAWEI> more log.txt 100
:                CHINA HUAWEI TECHNOLOGY LIMITTED CO.,LTD
#   FILE NAME:                  Product Adapter File(PAF)
#   PURPOSE:                    MAKE VRPV5 SUITABLE FOR DIFFERENT PRODUCT IN LIB
#   SOFTWARE PLATFORM:          V6R2C00
#   DETAIL VERSION:             B283
#   DEVELOPING GROUP:            8090 SYSTEM MAINTAIN GROUP
#   HARDWARE PLATFORM:          8090 (512M Memory)
#   CREATED DATE:               2003/05/10
#   AUTH:                        RAINBOW
#   Updation History:           Kelvin dengqiulin update for 8090(2004.08.18)
#                               lmg update for R3(2006.11.7)
#                               fsr update for R5 (2008.1.18)
#                               qj update for R6 (2008.08.08)
#   COPYRIGHT:                           2003---2008
#----------------------------------------------------------------------------------


#BEGIN FOR RESOURCE DEFINATION
[RESOURCE]
FORMAT: SPECS RESOURCE NAME STRING = CONTROLLABLE(1 : ABLE , 0: NOT ABLE),DEFAUL
T VALUE , MAX VALUE , MIN VALUE
#BEGIN  SPECS RESOURCE FOR TE tunnel Nto1 PS MODULE
PAF_LCS_TUNNEL_SPECS_TE_PS_MAX_PROTECT_NUM = 1, 8, 16, 1
PAF_LCS_TUNNEL_SPECS_TE_PS_REBOOT_TIME     = 1, 180000, 3600000, 60000
  ---- More ----                                                               
# Display the content of the file paf.txt.
<HUAWEI> more paf.txt all
PAF_LCS_588_IFC_FIFO_DEPTH_ASE = 222
#IFC_FIFO_DEPTH_ASE EXPLAIN (222: NORMAL, 102: DEEP)
PAF_LCS_588_IPE_FIFO_DEPTH_TCM = 659206
#IPE_FIFO_DEPTH_TCM EXPLAIN (659206: NORMAL, 655360: DEEP)
PAF_LCS_588_IFC_FIFO_DEPTH_TCM = 222
#IFC_FIFO_DEPTH_TCM EXPLAIN (222: NORMAL, 102: DEEP)
#END OF SPECS RESOURCE FOR 588 MODULE
#BEGIN  8090 MEM GATE  AND  ISSU MEM GATE
PAF_LCS_8090_BOARD_RESET_MEMORY_GATE           = 90
PAF_LCS_8090_512BOARD_RESET_MEMORY_GATE        = 85
PAF_LCS_8090_BOARD_RESET_MEMORY_GATE_ISSU      = 95
PAF_LCS_ISSU_CHECK_MEMORY_GATE                 = 40
#END  8090 MEM GATE  AND  ISSU MEM GATE
[END CONFIGURE]  

move

Function

The move command moves the source file from a specified directory to a destination directory.

Format

move source-filename destination-filename

Parameters

Parameter

Description

Settings

source-filename

Specifies the directory and name of a source file.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

destination-filename

Specifies the directory and name of a destination file.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • If the destination file has the same name as an existing file, the system prompts you whether to overwrite the existing file. The system prompt is displayed only when file prompt is set to alert.

  • The move and copy commands have different effects:

    • The move command moves the source file to the destination directory.
    • The copy command copies the source file to the destination directory.
NOTE:

The source file and destination file must be stored on the same storage device; otherwise, errors may occur.

Example

# Move a file from cfcard:/test/sample.txt to cfcard:/sample.txt.

<HUAWEI> move cfcard:/test/sample.txt cfcard:/sample.txt
Move cfcard:/test/sample.txt to cfcard:/sample.txt ?[Y/N]: y
%Moved file cfcard:/test/sample.txt to cfcard:/sample.txt. 
Related Topics

mput

Function

The mput command uploads multiple files from the local device to the remote FTP server.

Format

mput local-filenames

Parameters

Parameter Description Value
local-filenames Specifies files to be uploaded. File names are separated using spaces, and the wildcard (*) is supported. The value is a string of 1 to 255 characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the mput command to upload multiple files to the remote FTP server at the same time, especially in the upgrade scenario.

Precautions

If the name of the uploaded file is the same as that of an existing file on the FTP server, the system overwrites the existing file.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Upload two local files 111.text and vrp222.cfg to the remote FTP server.

<HUAWEI> ftp 10.10.10.1
Trying 10.10.10.1 ...
Press CTRL+K to abort
Connected to 10.10.10.1.
220 FTP service ready.
User(10.10.10.1:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 

[ftp] mput 111.txt vrp222.cfg 
200 Port command successful. 
150 Opening ASCII mode data connection for file transfer.
226 Transfer complete.
FTP: 6556 byte(s) sent in 0.231 second(s) 28.38Kbyte(s)/sec.

200 Port command successful. 
150 Opening ASCII mode data connection for file transfer.
226 Transfer complete.
FTP: 4198 byte(s) sent in 0.171 second(s) 24.54Kbyte(s)/sec.

[ftp]
Related Topics

open

Function

The open command connects the FTP client and server.

Format

# Connect the FTP client to the FTP server based on the IPv4 address.

open [ ssl-policy policy-name ] [ -a source-ip-address | -i interface-type interface-number ] host-ip [ port-number ] [ public-net | vpn-instance vpn-instance-name ]

# Connect the FTP client to the FTP server based on the IPv6 address.

open [ ssl-policy policy-name ] ipv6 host-ipv6 [ port-number ]

# If the connection address is the IPv6 link-local address generated automatically by the interface of the remote IPv6 FTP server, the command format is as follows:

open [ ssl-policy policy-name ] ipv6 ipv6-linklocal-address -oi interface-type interface-number [ port-number ]

Parameters

Parameter

Description

Value

ssl-policy policy-name Specifies the name of the SSL policy that provides the secure FTP function. The value is a string of 1 to 23 case-insensitive characters without spaces.
-a source-ip-address

Specifies the source IP address for connecting to the FTP client. You are advised to use the loopback interface IP address.

-
-i interface-type interface-number

Specifies the source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-
host-ip

Specifies the IP address or host name of the remote IPv4 FTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

When double quotation marks are used around the string, spaces are allowed in the string.

port-number Specifies the port number of the FTP server. The value is an integer that ranges from 1 to 65535. The default value is the standard port number 21.
public-net

Specifies the FTP server on the public network.

You must set the public-net parameter when the FTP server IP address is a public network IP address.

-
vpn-instance vpn-instance-name

Specifies the name of the VPN instance where the FTP server is located.

The value must be an existing VPN instance name.
host-ipv6 Specifies the IP address or host name of the remote IPv6 FTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

When double quotation marks are used around the string, spaces are allowed in the string.

ipv6-linklocal-address

Specifies the IPv6 link-local address generated automatically by the interface of the remote IPv6 FTP server.

-

-oi

Indicates the outbound interface of the IPv6 link-local address.

-

interface-typeinterface-number

Specifies the outbound interface type and number of the IPv6 link-local address.

-

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the open command in the FTP client view to connect the FTP client to the server to transmit files and manage files and directories of the FTP server.

Precautions

  • You can run the ftp command in the user view to connect the FTP client and server and enter the FTP client view.

  • Before enabling the FTP or FTPS function and specifying the ssl-policy policy-name parameter, you must first configure an SSL policy.
  • You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified on the IPv4 network. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.
  • You can run the set net-manager vpn-instance command to configure the NMS management VPN instance before running the open command to connect the FTP client and server.
    • If public-net or vpn-instance is not specified, the FTP client accesses the FTP server in the VPN instance managed by the NMS.

    • If public-net is specified, the FTP client accesses the FTP server on the public network.

    • If vpn-instance vpn-instance-name is specified, the FTP client accesses the FTP server in a specified VPN instance.

  • If the port number that the FTP server uses is non-standard, you must specify a standard port number; otherwise, the FTP server and client cannot be connected.

  • When you run the open command, the system prompts you to enter the user name and password for logging in to the FTP server. You can log in to the FTP client and enter the FTP client view if the user name and password are correct.

Example

# Connect the FTP client with the FTP server whose IP address is 10.137.217.204.

<HUAWEI> ftp
[ftp] open 10.137.217.204 
Trying 10.137.217.204 ...
Press CTRL+K to abort
Connected to 10.137.217.204.
220 FTP service ready.
User(10.137.217.204:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in.

[ftp]
# Connect the FTP client with the FTP server whose IP address is fc00:2001:db8::1.
<HUAWEI> ftp
[ftp] open ipv6 fc00:2001:db8::1
Trying fc00:2001:db8::1 ...
Press CTRL+K to abort
Connected to fc00:2001:db8::1
220 FTP service ready.
User(fc00:2001:db8::1:(none)):huawei
331 Password required for huawei
Enter Password:
230 User logged in.

[ftp]
Related Topics

passive

Function

The passive command sets the data transmission mode to passive.

The undo passive command sets the data transmission mode to active.

By default, the data transmission mode is active.

Format

passive

undo passive

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

The device supports the active and passive data transmission modes. In active mode, the server initiates a connection request, and the client and server need to enable and monitor a port to establish a connection. In passive mode, the client initiates a connection request, and only the server needs to monitor the corresponding port. This command is used together with the firewall function. When the client is configured with the firewall function, FTP connections are restricted between internal clients and external FTP servers if the FTP transmission mode is active. If the FTP transmission mode is passive, FTP connections between internal clients and external FTP servers are not restricted.

Example

# Set the data transmission mode to passive.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] passive
Info: Succeeded in switching passive on.

prompt

Function

The prompt command enables the prompt function when files are transmitted between the FTP client and server.

The undo prompt command disables the prompt function.

By default, the prompt function is disabled.

Format

prompt

undo prompt

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can enable the prompt function as required when transmitting files between the FTP client and server.

Precautions

  • The prompt command can be used when you run the put, mput, get, and mget commands.
  • The prompt function can be enabled only for confirming service upload and download.
    • When you run the put or mput command, the system always overwrites the existing file if the name of the uploaded file is the same as that of an existing file on the FTP server.
    • When you run the get or mget command, the system always prompts you whether to overwrite the existing file if the name of the uploaded file is the same as an existing file name in the specified directory.

Example

# Enable the FTP message prompt function.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp]
[ftp] prompt
Info: Succeeded in switching prompt on.

# Disable the FTP message prompt function.

[ftp] undo prompt
Info: Succeeded in switching prompt off.

put (FTP client view)

Function

The put command uploads a local file to the remote FTP server.

Format

put local-filename [ remote-filename ]

Parameters

Parameter Description Value
local-filename Specifies the local file name of the FTP client. The value is a string of 1 to 64 case-insensitive characters without spaces.
remote-filename Specifies the name of the file to be uploaded to the remote FTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the put command to upload a local file to the remote FTP server for further check and backup. For example, you can upload the local log file to the FTP server for other users to check, and upload the configuration file to the FTP server as a backup before upgrading the device.

Precautions

  • If the file name is not specified on the remote FTP server , the local file name is used.

  • If the name of the uploaded file is the same as that of an existing file on the FTP server, the system overwrites the existing file.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Upload the configuration file vrpcfg.zip to the remote FTP server as a backup, and save it as backup.zip.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] put vrpcfg.zip backup.zip 
200 Port command successful.
150 Opening BINARY mode data connection for file transfer.
226 Transfer complete
FTP: 1098 byte(s) sent in 0.131 second(s) 8.38Kbyte(s)/sec.
Related Topics

put (SFTP client view)

Function

The put command uploads a local file to a remote SFTP server.

Format

put local-filename [ remote-filename ]

Parameters

Parameter Description Value
local-filename Specifies a local file name on the SFTP client. The value is a case-insensitive character string without spaces. The file name (including the absolute path) contains 1 to 64 characters.
remote-filename Specifies the name of the file uploaded to the remote SFTP server. The value is a case-insensitive character string without spaces. The file name (including the absolute path) contains 1 to 64 characters.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

This command enables you to upload files from the local device to a remote SFTP server to view the file contents or back up the files. For example, you can upload log files of a device to an SFTP server and view the logs in the server. During an upgrade, you can upload the configuration file of the device to the SFTP server for backup.

Precautions

  • If remote-filename is not specified, the uploaded file is saved on the remote SFTP server with the original file name.

  • If the specified remote-filename is the same as an existing file name on the SFTP server, the uploaded file overwrites the existing file on the server.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Upload a file to the SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> put wm.cfg
local file: wm.cfg --->  Remote file: /wm.cfg
Info: Uploading file successfully ended.

pwd (FTP client view)

Function

The pwd command displays the FTP client's working directory on the remote FTP server.

Format

pwd

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

After logging in to the FTP server, you can run the pwd command to display the FTP client's working directory on the remote FTP server.

If the displayed working directory is incorrect, you can run the cd command to change the FTP client's working directory on the remote FTP server.

Example

# Display the FTP client's working directory on the remote FTP server.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] pwd
257 "/" is current directory.
Related Topics

pwd (SFTP client view)

Function

The pwd command displays the SFTP client's working directory on the remote FTP server.

Format

pwd

Parameters

None

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

After logging in to the SFTP server, you can run the pwd command to display the SFTP client's working directory on the remote SFTP server.

If the displayed working directory is incorrect, you can run the cd command to change the SFTP client's working directory on the remote SFTP server.

Example

# Display the SFTP client's working directory on the remote SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> pwd
/
sftp-client> cd test
Current directory is:
/test
sftp-client> pwd
/test
Related Topics

pwd (user view)

Function

The pwd command displays the current working directory.

Format

pwd

Parameters

None

Views

User view

Default Level

3: Management level

Usage Guidelines

You can run the pwd command in any directory to display the current working directory. To change the current working directory, you can run the cd command.

Example

# Display the current working directory.

<HUAWEI> pwd
cfcard:/test

remotehelp

Function

The remotehelp command displays the help information about an FTP command when the FTP client and server are connected.

Format

remotehelp [ command ]

Parameters

Parameter Description Value
command Specifies the FTP command. The value is a string of 1 to 16 characters.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

You can run the remotehelp command to display the help information about an FTP command.

  • The help information is provided by the remote server. Different remote servers may provide different help information for an FTP command.
  • The help information can be displayed for FTP commands user, pass, cwd, cdup, quit, port, pasv, type, retr, stor, dele, rmd, mkd, pwd, list, nlst, syst, help, xcup, xcwd, xmkd, xpwd, xrmd, eprt, epsv, and feat.

Example

# Display the syntax of the command cdup.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] remotehelp
214-The following commands are recognized (Commands marked with '*' are unimplem
ented).
   USER   PASS   ACCT*  CWD    CDUP   SMNT*  QUIT   REIN*
   PORT   PASV   TYPE   STRU*  MODE*  RETR   STOR   STOU*
   APPE   ALLO   REST*  RNFR*  RNTO*  ABOR*  DELE   RMD
   MKD    PWD    LIST   NLST   SITE*  SYST   STAT*  HELP
   NOOP*  XCUP   XCWD   XMKD   XPWD   XRMD   EPRT   EPSV
   FEAT
214 Direct comments to Huawei Tech.   

[ftp] remotehelp cdup
214 Syntax: CDUP <change to parent directory>.

remove (SFTP client view)

Function

The remove command deletes specified files from the remote SFTP server.

Format

remove remote-filename &<1-10>

Parameters

Parameter Description Value
remote-filename Specifies the name of the file to be deleted from the remote SFTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • You can configure a maximum of 10 file names in the command and separate them using spaces and delete them at one time.

  • If the file to be deleted is not in the current directory, you must specify the file path.

Example

# Delete the file 3.txt from the server and backup1.txt from the test directory.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> remove 3.txt test/backup1.txt
Warning: Make sure to remove these files? [Y/N]:y
Info: Succeeded in removing the file /3.txt.
Info: Succeeded in removing the file /test/backup1.txt.

rename (SFTP client view)

Function

The rename command renames a file or directory stored on the SFTP server.

Format

rename old-name new-name

Parameters

Parameter Description Value
old-name

Specifies the name of a file or directory.

The value is a string of 1 to 64 case-insensitive characters without spaces.
new-name

Specifies the new name of the file or directory.

The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

You can run the rename command to rename a file or directory.

Example

# Rename the directory yourtest on the SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> rename test/yourtest test/test
Warning: Rename /test/yourtest to /test/test? [Y/N]:y
Info: Succeeded in renaming file.
sftp-client> cd test
Current directory is:
/test
sftp-client> dir
drwxrwxrwx   1 noone    nogroup         0 Mar 29 2012 .
drwxrwxrwx   1 noone    nogroup         0 Mar 29 2012 ..
drwxrwxrwx   1 noone    nogroup         0 Mar 24 2012 test
-rwxrwxrwx   1 noone    nogroup      5736 Mar 24 2012 backup.txt

rename (user view)

Function

The rename command renames a file or folder.

Format

rename old-name new-name

Parameters

Parameter

Description

Settings

old-name

Specifies the name of a file or folder.

The value is a string of 1 to 64 case-insensitive characters without spaces in the [ drive ] [ path ] filename format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

new-name

Specifies the new name of the file or directory.

The value is a string of 1 to 64 case-insensitive characters without spaces in the [ drive ] [ path ] filename format.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name:

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • You must rename a file or directory in its source directory.

  • If the renamed file or directory has the same name as an existing file or directory, an error message is displayed.

  • If you specify old-name or new-name without specifying the file path, the file must be saved in your current working directory.

Example

# Rename the directory mytest to yourtest in the directory cfcard:/test/.

<HUAWEI> pwd
cfcard:/test 
<HUAWEI> rename mytest yourtest
Rename cfcard:/test/mytest to cfcard:/test/yourtest ?[Y/N]:y
Info: Rename file cfcard:/test/mytest to cfcard:/test/yourtest ......Done. 

# Rename the file sample.txt to sample.bak.

<HUAWEI> rename sample.txt sample.bak
Rename cfcard:/sample.txt to cfcard:/sample.bak ?[Y/N] :y
Info:Rename file cfcard:/sample.txt to cfcard:/sample.bak .......Done.
Related Topics

reset recycle-bin

Function

The reset recycle-bin command permanently deletes files from the recycle bin.

Format

reset recycle-bin [ filename | devicename ]

Parameters

Parameter Description Value
filename Specifies the name of a file to be deleted.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

The wildcard (*) character is supported.

devicename Specifies the storage device name.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If you run the delete command without specifying the /unreserved parameter, the file is moved to the recycle bin and still occupies the memory. To free up the space, you can run the reset recycle-bin command to permanently delete the file from the recycle bin.

The following describes the drive name.

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Like devicename, drive specifies the storage device name.

Precautions

  • You can run the dir /all command to display all files that are moved to the recycle bin from the current directory, and file names are displayed in square brackets ([ ]).

  • If you delete a specified storage device, all files in the root directory of the storage device are deleted.

  • If you run the reset recycle-bin command directly, all files that are moved to the recycle bin from the current directory are permanently deleted.

Example

# Delete the file test.txt that is moved to the recycle bin from the directory test.

<HUAWEI> reset recycle-bin cfcard:/test/test.txt
Squeeze cfcard:/test/test.txt?[Y/N]:y
%Cleared file cfcard:/test/test.txt. 

# Delete files that are moved to the recycle bin from the current directory.

<HUAWEI> pwd
cfcard:/test 
<HUAWEI> reset recycle-bin
Squeeze cfcard:/test/backup.zip?[Y/N]:y
%Cleared file cfcard:/test/backup.zip.
Squeeze cfcard:/test/backup1.zip?[Y/N]:y
%Cleared file cfcard:/test/backup1.zip. 

rmdir (FTP client view)

Function

The rmdir command deletes a specified directory from the remote FTP server.

Format

rmdir remote-directory

Parameters

Parameter Description Value
remote-directory Specifies a directory or path on the FTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the rmdir command to delete a specified directory from the remote FTP server.

Precautions

  • Before running the rmdir command to delete a directory, you must delete all files and subdirectories from the directory.

  • If no path is specified when you delete a subdirectory, the subdirectory is deleted from the current directory.

  • The directory is deleted from the FTP server rather than the FTP client.

Example

# Delete the directory d:/temp1 from the remote FTP server.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] rmdir d:/temp1
250 'D:\temp1': directory removed.

rmdir (user view)

Function

The rmdir command deletes a specified directory from the storage device.

Format

rmdir directory

Parameters

Parameter Description Value
directory

Specifies a directory or directory and its path.

The value is a string of case-insensitive characters in the [ drive ] [ path ] directory format. The absolute path length ranges from 1 to 64, while the directory name length ranges from 1 to 15.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

Characters such as ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.
  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • Before running the rmdir command to delete a directory, you must delete all files and subdirectories from the directory.

  • A deleted directory and its files cannot be restored from the recycle bin.

Example

# Delete the directory test from the current directory.

<HUAWEI> rmdir test
Remove directory cfcard:/test?[Y/N]:y
%Removing directory cfcard:/test...Done!
Related Topics

rmdir (SFTP client view)

Function

The rmdir command deletes a specified directory from the remote SFTP server.

Format

rmdir remote-directory &<1-10>

Parameters

Parameter Description Value
remote-directory Specifies the name of a file on the SFTP server. The value is a string of 1 to 64 case-insensitive characters without spaces.

Views

SFTP client view

Default Level

3: Management level

Usage Guidelines

  • You can configure a maximum of 10 file names in the command and separate them using spaces and delete them at one time.

  • Before running the rmdir command to delete a directory, you must delete all files and subdirectories from the directory.

  • If the directory to be deleted is not in the current directory, you must specify the file path.

Example

# Delete the directory 1 from the current directory, and the directory 2 from the test directory.

<HUAWEI> system-view
[HUAWEI] sftp 10.137.217.201
Please input the username:admin
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201 ...
Enter password:
sftp-client> rmdir 1 test/2
Warning: Make sure to remove these directories? [Y/N]:y
Info: Succeeded in removing the directory /test/1.
Info: Succeeded in removing the directory /test/test/2.

scp

Function

The scp command uploads a local file to the remote SCP server or downloads a file from the remote SCP server to a local directory.

Format

# Transfer a file between the local client and the remote SCP server based on IPv4.

scp [ -port port-number | { public-net | vpn-instance vpn-instance-name } | identity-key { dsa | rsa | ecc } | user-identity-key { rsa | dsa | ecc } | { -a source-address | -i interface-type interface-number } | -r | -cipher -cipher | -c ] * sourcefile destinationfile

# Transfer a file between the local client and the remote SCP server based on IPv6.

scp ipv6 [ -port port-number | { public-net | vpn-instance vpn-instance-name } | identity-key { dsa | rsa | ecc } | user-identity-key { rsa | dsa | ecc } | -a source-address | -r | -cipher -cipher | -c ] * sourcefile destinationfile [ -oi interface-type interface-number ]

Parameters

Parameter

Description

Value

-port port-number Specifies the port number of the SCP server. The value is an integer that ranges from 1 to 65535. The default value is 22.
public-net

Indicates that the SCP server is connected to the public network.

-
vpn-instance vpn-instance-name

Specifies the name of the VPN instance where the SCP server is located.

The value must be an existing VPN instance name.
identity-key Specifies the public key algorithm for server authentication. Public key algorithms dsa, rsa, and ecc are supported. The default public key algorithm is rsa.
user-identity-key Specifies the public key algorithm for the client authentication. The public key algorithm include dsa, rsa, and ecc.
-a source-address Specifies the source IP address for connecting to the SCP client. You are advised to use the loopback interface IP address. -
-i interface-type interface-number

Specifies the source interface used by the SCP client to set up connections. It consists of the interface type and number. It is recommended that you specify a loopback interface. The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-
-oi interface-type interface-number

Specifies an outbound interface on the local device.

If the remote host uses an IPv6 address, you must specify the outbound interface on the local device.

-
-r Uploads or downloads files in batches. -
-cipher -cipher Specifies the encryption algorithms for uploading or downloading files.

Encryption algorithms des, 3des, aes256 , aes128_ctr, aes256_ctr, and aes128 are supported. The default encryption algorithm is aes256_ctr.

You are advised to use aes128_ctr and aes256_ctr encryption algorithms to ensure high security.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.
-c Compress files when uploading or downloading them. -
sourcefilename Specifies a source file to be uploaded or downloaded. The source file format is username@hostname:[path][filename].
destinationfilename Specifies a destination file to be uploaded or downloaded. The source file format is username@hostname:[path][filename].

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SCP file transfer mode is based on SSH2.0 Compared with the SFTP file transfer mode, the SCP file transfer mode allows you to upload or download files when the connection is set up between the SCP client and server.

  • You are advised to set the source IP address to the loopback address, or set the outbound interface to the loopback interface using -a and -i, to improve security.

  • When -r is specified, you can use the wildcard (*) to upload or download files in batches, for example, *.txt and huawei.*.

  • When -c is specified, files are compressed before being transmitted. File compression takes a long time and affects file transfer speed; therefore, you are not advised to compress files before transferring them.

Precautions

  • The format of uploaded and downloaded files of the SCP server is username@hostname:[path][filename]. In the preceding file format, username indicates the user name for logging in to the SCP server, hostname indicates the SCP server name or IP address, and path indicates user's working directory specified on the SCP server, and filename indicates the file name. The following describes the preceding parameters when you upload a file to the SCP server:
    • If filename and path are not specified, the file is transferred to the root directory of the user's working directory.

    • If only path is specified, the file is transferred to the specified directory.

    • If only filename is specified, the file is named as filename, and transferred to the SCP server.

    • To set hostname to the IPv6 address, you must add the IPv6 address with square brackets ([ ]), for example, zhangsan@[FC00::/7]:.

  • If the destination file name is the same as the name of an existing directory, the file is moved to this directory with the source file name. If the destination file has the same name as an existing file, the system prompts you whether to overwrite the existing file.

  • If an SCP user on the client authenticates the server using an RSA, a DSA, or an ECC public key, the SCP user is prompted to select the key pair for authentication.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Use the 3des encryption algorithm to upload file license.txt and the VPN instance mtv through port 1026 to the user directory on the remote SCP server whose IP address is 10.10.10.1.

<HUAWEI> system-view
[HUAWEI] scp server enable
[HUAWEI] scp -port 1026 vpn-instance mtv  -a 10.1.1.1 -cipher 3des license.txt zhangsan@10.10.10.1:
Trying 10.10.10.1 ...
Press CTRL+K to abort
Connected to 10.10.10.1 ...
Enter password:
license.txt                       100%     38529827Bytes          165KByte(s)/sec

# Log in through DSA authentication and copy the xxxx.txt file to the flash memory of remote SCP server at 10.10.0.114.

<HUAWEI> system-view
[HUAWEI] scp identity-key dsa flash:/xxxx.txt root@10.10.0.114:flash:/xxxx.txt
Trying 10.10.0.114 ...
Press CTRL+K to abort
Connected to 10.10.0.114 ...
The server's public key does not match the one catched before.
The server is not authenticated. Continue to access it? [Y/N]:y
Update the server's public key now? [Y/N]: y

Enter password:
flash:/xxxx.txt                100%           12Bytes            1KByte(s)/sec
Related Topics

scp client-source

Function

The scp client-source command specifies the source IP address for the SCP client to send packets.

The undo scp client-source command cancels the source IP address for the SCP client to send packets.

By default, no source IP address is configured on the SCP client.

Format

scp client-source { -a source-ip-address | -i interface-type interface-number }

undo scp client-source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address of the SCP client. You are advised to use the loopback interface IP address.

-
-i interface-type interface-number

Source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the SCP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Prerequisites

The source interface specified using the command must exist and have an IP address configured.

Precautions

The scp command also configures the source IP address whose priority is higher than that of the source IP address specified in the scp client-source command. If you specify source addresses in the scp client-source and scp commands, the source IP address specified in the scp command is used for data communication. The source address specified in the scp client-source command applies to all SCP connections. The source address specified in the scp command applies only to the current SCP connection.

Example

# Set the source IP address of the SCP client to the loopback interface IP address 10.1.1.1.

<HUAWEI> system-view
[HUAWEI] scp client-source -a 10.1.1.1

scp server enable

Function

The scp server enable command enables the SCP service on the SSH server.

The undo scp server enable command disables the SCP service on the SSH server.

By default, the SCP function is disabled.

Format

scp [ ipv4 | ipv6 ] server enable

undo scp [ ipv4 | ipv6 ] server enable

Parameters

Parameter Description Value
ipv4 Indicates that the SCP IPv4 service is enabled on the SSH server. -
ipv6 Indicates that the SCP IPv6 service is enabled on the SSH server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To use SCP for file transfer, you need to first enable the SCP service on the SSH server. The client can establish an SCP connection with the SSH server only after SCP service has been enabled on the SSH server.

Precautions

After the scp server enable command is run, the device receives login connection requests from all interfaces by default. Therefore, there are security risks. You are advised to run the ssh server-source command to specify the source interface of the SCP server.

After the scp server enable command is run, the numbers of IPv4 port and IPv6 port are both changed. To change the number of IPv4 port or IPv6 port separately, run the scp [ ipv4 | ipv6 ] server enable command.

Example

# Enable the SCP service.

<HUAWEI> system-view
[HUAWEI] scp server enable

# Enable the SCP IPv4 service.

<HUAWEI> system-view
[HUAWEI] scp ipv4 server enable

set cipher-suite

Function

The set cipher-suite command configures cipher suites for a customized SSL cipher suite policy.

The undo set cipher-suite command deletes cipher suites in a customized SSL cipher suite policy.

By default, no cipher suite is configured for a customized SSL cipher suite policy.

Format

set cipher-suite { tls1_ck_rsa_with_aes_256_sha | tls1_ck_rsa_with_aes_128_sha | tls1_ck_rsa_rc4_128_sha | tls1_ck_dhe_rsa_with_aes_256_sha | tls1_ck_dhe_dss_with_aes_256_sha | tls1_ck_dhe_rsa_with_aes_128_sha | tls1_ck_dhe_dss_with_aes_128_sha | tls12_ck_rsa_aes_256_cbc_sha256 }

undo set cipher-suite { tls1_ck_rsa_with_aes_256_sha | tls1_ck_rsa_with_aes_128_sha | tls1_ck_rsa_rc4_128_sha | tls1_ck_dhe_rsa_with_aes_256_sha | tls1_ck_dhe_dss_with_aes_256_sha | tls1_ck_dhe_rsa_with_aes_128_sha | tls1_ck_dhe_dss_with_aes_128_sha | tls12_ck_rsa_aes_256_cbc_sha256 }

Parameters

Parameter

Description

Value

tls1_ck_rsa_with_aes_256_sha Configures the TLS1_CK_RSA_WITH_AES_256_SHA cipher suite. -
tls1_ck_rsa_with_aes_128_sha Configures the TLS1_CK_RSA_WITH_AES_128_SHA cipher suite. -
tls1_ck_rsa_rc4_128_sha Configures the TLS1_CK_RSA_RC4_128_SHA cipher suite. -
tls1_ck_dhe_rsa_with_aes_256_sha Configures the TLS1_CK_DHE_RSA_WITH_AES_256_SHA cipher suite. -
tls1_ck_dhe_dss_with_aes_256_sha Configures the TLS1_CK_DHE_DSS_WITH_AES_256_SHA cipher suite. -
tls1_ck_dhe_rsa_with_aes_128_sha Configures the TLS1_CK_DHE_RSA_WITH_AES_128_SHA cipher suite. -
tls1_ck_dhe_dss_with_aes_128_sha Configures the TLS1_CK_DHE_DSS_WITH_AES_128_SHA cipher suite. -
tls12_ck_rsa_aes_256_cbc_sha256 Configures the TLS12_CK_RSA_AES_256_CBC_SHA256 cipher suite. -

Views

Customized SSL cipher suite policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To configure cipher suites for a customized SSL cipher suite policy, run the set cipher-suite command.

Precautions

If a customized SSL cipher suite policy is being referenced by an SSL policy, the cipher suites in the customized cipher suite policy can be added, modified, or partially deleted. Deleting all of the cipher suites is not allowed.

Example

# Configure the tls12_ck_rsa_aes_256_cbc_sha256 cipher suite for the customized SSL cipher suite policy named cipher1.

<HUAWEI> system-view
[HUAWEI] ssl cipher-suite-list cipher1
[HUAWEI-ssl-cipher-suite-cipher1] set cipher-suite tls12_ck_rsa_aes_256_cbc_sha256

set default ftp-directory

Function

The set default ftp-directory command configures the default FTP working directory.

The undo set default ftp-directory command disables the default FTP working directory.

By default, no default FTP working directory is configured.

Format

set default ftp-directory directory

undo set default ftp-directory

Parameters

Parameter Description Value
directory Specify the default FTP working directory. The value is a string of 1 to 160 case-insensitive characters without spaces.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the set default ftp-directory command to configure a default FTP working directory for all FTP users at one time.

Precautions

  • The set default ftp-directory command takes effect only when the device functions as an FTP server and the user function as an FTP client.
  • You can run the local-user ftp-directory command to configure an authorized working directory for a local user.

  • If you have configured the FTP working directory by running the local-user ftp-directory command, you must use this FTP working directory.

  • You can run the lcd command to view the working directory of FTP users.
  • If no FTP working directory is specified on the device, FTP users cannot log in to the device, and are prompted that the working directory is unauthorized.

Example

# Set the default FTP working directory to cfcard:/.

<HUAWEI> system-view
[HUAWEI] set default ftp-directory cfcard:/

set net-manager vpn-instance

Function

The set net-manager vpn-instance command configures the default VPN instance that the NMS uses on the device.

The undo set net-manager vpn-instance command deletes the default VPN instance from the device.

By default, no VPN instance is configured on the device.

Format

set net-manager vpn-instance vpn-instance-name

undo set net-manager vpn-instance

Parameters

Parameter Description Value
vpn-instance vpn-instance-name Specifies the name of the default VPN instance. The value must be an existing VPN instance name.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If the NMS manages devices on the VPN network, you need to send the device information to the NMS using the VPN instance.

You can run the set net-manager vpn-instance command to configure the default VPN instance for the NMS to manage the device so that the device can use this VPN instance to communicate with the NMS.

Precautions

  • Before running the set net-manager vpn-instance command, you must create VPN instances.

  • After running this command, you can successfully run file transfer commands that you have configured based on the FTP, TFTP, SFTP , SCPcommands only in the default VPN instance.

  • If the host has been configured as a log host, the NMS can receive device logs from the default VPN instance.

Example

# Set the default VPN instance to v1.

<HUAWEI> system-view
[HUAWEI] set net-manager vpn-instance v1
Related Topics

sftp

Function

The sftp command connects the device to the SSH server so that you can manage files that are stored on the SFTP server.

Format

# Connect the SFTP client to the SFTP server based on IPv4.

sftp [ -a source-address | -i interface-type interface-number ] host-ip [ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | [ identity-key { dsa | rsa | ecc } ] | [ user-identity-key { rsa | dsa | ecc } ] | [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] *

# Connect the SFTP client to the SFTP server based on IPv6.

sftp ipv6 [ -a source-address ] host-ipv6 [ -oi interface-type interface-number ] [ port ] [ [ identity-key { dsa | rsa | ecc } ] | [ user-identity-key { rsa | dsa | ecc } ] | [ prefer_kex prefer_key-exchange ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] *

Parameters

Parameter

Description

Value

-a source-address Specifies the source IP address for connecting to the SFTP client. You are advised to use the loopback interface IP address. -
-i interface-type interface-number

Specifies the source interface type and ID. You are advised to use the loopback interface.

The source interface to be specified must exist and have an IP address configured.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the SFTP connection cannot be set up.

-
host-ip Specifies the IP address or host name of the remote IPv4 SFTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.

host-ipv6 Specifies the IPv6 address or host name of the remote IPv6 SFTP server. The value is a string of 1 to 255 case-insensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.
-oi interface-type interface-number

Specifies an outbound interface on the local device.

If the remote host uses an IPv6 address, you must specify the outbound interface on the local device.

-
port

Specifies the port number of the SSH server.

The value is an integer that ranges from ranges from 1 to 65535. The default port number is 22.
public-net

Specifies the SFTP server on the public network.

You must set the public-net parameter when the SFTP server IP address is a public network IP address.

-
-vpn-instance vpn-instance-name

Name of the VPN instance where the SFTP server is located.

The value must be an existing VPN instance name.
prefer_kex prefer_key-exchange

Indicates the preferred key exchange algorithm.

Specifies the preferred key exchange algorithm. The dh_group1, dh_exchange_group and dh_group14_sha1 algorithms are supported currently.

The default key exchange algorithm is dh_group14_sha1.

NOTE:

To enable the dh_group1 algorithm, run the ssh server key-exchange { dh_group_exchange_sha1 | dh_group14_sha1 | dh_group1_sha1 } * and ssh client key-exchange { dh_group_exchange_sha1 | dh_group14_sha1 | dh_group1_sha1 } * commands. By default, the dh_group1 algorithm is not supported.

The dh_exchange_group algorithm is recommended.

prefer_ctos_cipher prefer_ctos_cipher Specify an encryption algorithm for transmitting data from the client to the server.

Encryption algorithms des, 3des, aes128, aes128_ctr, aes256_ctr, and aes256 are supported.

The default encryption algorithm is aes256_ctr.

You are advised to use aes128_ctr and aes256_ctr encryption algorithms to ensure high security.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.
prefer_stoc_cipher prefer_stoc_cipher Specify an encryption algorithm for transmitting data from the server to the client

Encryption algorithms des, 3des, aes128, aes128_ctr, aes256_ctr, and aes256 are supported.

The default encryption algorithm is aes256_ctr.

You are advised to use aes128_ctr and aes256_ctr encryption algorithms to ensure high security.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.
prefer_ctos_hmac prefer_ctos_hmac Specify an HMAC algorithm for transmitting data from the client to the server.

HMAC algorithms sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 are supported. The default HMAC algorithm is sha2_256.

NOTE:

To enhance security, you are not advised to use the md5 or md5_96 algorithm.

prefer_stoc_hmac prefer_stoc_hmac Specify an HMAC algorithm for transmitting data from the server to the client.

HMAC algorithms sha1, sha1_96, md5, sha2_256, sha2_256_96, and md5_96 are supported. The default HMAC algorithm is sha2_256.

NOTE:

To enhance security, you are not advised to use the md5 or md5_96 algorithm.

-ki aliveinterval Specifies the interval for sending keepalive packets when no packet is received in reply. The value is an integer that ranges from 1 to 3600, in seconds.
-kc alivecountmax Specifies the times for sending keepalive packets when no packet is received in reply. The value is an integer that ranges from 3 to 10. The default value is 5.
identity-key Specifies the public key for server authentication. The public key algorithm include dsa, rsa, and ecc.
user-identity-key Specifies the public key algorithm for the client authentication. The public key algorithm include dsa, rsa, and ecc.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

SFTP is short for SSH FTP that is a secure FTP protocol. SFTP is on the basis of SSH. It ensures that users can log in to a remote device securely for file management and transmission, and enhances the security in data transmission. In addition, you can log in to a remote SSH server from the device that functions as an SFTP client.

When the connection between the SFTP server and client fails, the SFTP client must detect the fault in time and disconnect from the SFTP server. To ensure this, before being connected to the server in SFTP mode, the client must be configured with the interval and times for sending the keepalive packet when no packet is received in reply. If the client receives no packet in reply within the specified interval, the client sends the keepalive packet to the server again. If the maximum number of times that the client sends keepalive packets exceeds the specified value, the client releases the connection. By default, when no packet is received, the function for sending keepalive packets is not enabled.

Precautions

  • You can set the source IP address to the source or destination IP address in the ACL rule when the -a or -i parameter is specified. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.
  • The SSH client can log in to the SSH server with no port number specified only when the port number of the SSH server is 22. If the SSH server uses another port, the port number must be specified when SSH clients log in to the SSH server.

  • You can run the set net-manager vpn-instance command to configure the NMS management VPN instance before running the open command to connect the FTP client and server.
    • If public-net or vpn-instance is not specified, the FTP client accesses the FTP server in the VPN instance managed by the NMS.

    • If public-net is specified, the FTP client accesses the FTP server on the public network.

    • If vpn-instance vpn-instance-name is specified, the FTP client accesses the FTP server in a specified VPN instance.

  • If you cannot run the sftp command successfully when you configured the ACL on the SFTP client, or when the TCP connection fails, an error message is displayed indicating that the SFTP client cannot be connected to the server.

Example

# Set the current listening port number of the SSH server to 1025, and specify the SFTP client on the public network and the SSH server on the private network.

<HUAWEI> system-view
[HUAWEI] sftp 10.164.39.223 1025 -vpn-instance ssh
Please input the username: client001
Trying 10.164.39.223 ...
Press CTRL+K to abort
Connected to 10.164.39.223 ...
Enter password:
sftp-client>

# Set keepalive parameters when the client is connected to the server in SFTP mode.

<HUAWEI> system-view
[HUAWEI] sftp 10.164.39.223 -ki 10 -kc 4
Please input the username: client001
Trying 10.164.39.223 ...
Press CTRL+K to abort
Connected to 10.164.39.223 ...
Enter password:
sftp-client>

# Connect the client to the server using the DSA authentication in SFTP mode.

<HUAWEI> system-view
[HUAWEI] sftp 10.164.39.223 identity-key dsa
Please input the username:root
Trying 10.164.39.223 ...
Press CTRL+K to abort
Connected to 10.164.39.223 ...
Enter password:
sftp-client> quit
Bye

sftp client-source

Function

The sftp client-source command specifies the source IP address for the SFTP client to send packets.

The undo sftp client-source command restores the default source IP address for the SFTP client to send packets.

The default source IP address for the SFTP client to send packets is 0.0.0.0.

Format

sftp client-source { -a source-ip-address | -i interface-type interface-number }

undo sftp client-source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address. Set the value to the IP address of a loopback interface.

The value is in dotted decimal notation.
-i interface-type interface-number

Specifies the loopback interface as the source interface.

The IP address configured for the source interface is the source IP address for sending packets. If no IP address is configured for the source interface, the FTP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Prerequisites

The loopback source interface specified using the command must exist and have an IP address configured.

Precautions

  • The source interface must be set to the loopback interface. You can query the source IP address or primary IP address of the source interface for the SFTP connection on the SFTP server.

  • The sftp command also configures the source IP address whose priority is higher than that of the source IP address specified in the sftp client-source command. If you specify source addresses in the sftp client-source and sftp commands, the source IP address specified in the sftp command is used for data communication. The source address specified in the sftp client-source command applies to all SFTP connections. The source address specified in the sftp command applies only to the current SFTP connection.

Example

# Set the source IP address of the SFTP client to 10.1.1.1.

<HUAWEI> system-view
[HUAWEI] sftp client-source -a 10.1.1.1
Info: Succeeded in setting the source address of the SFTP client to 10.1.1.1.

sftp client-transfile

Function

The sftp client-transfile command uploads files to or downloads files from the SFTP server.

Format

# Establish an SFTP connection on an IPv4 network.

sftp client-transfile { get | put } [ -a source-address | -i interface-type interface-number ] host-ip host-ipv4 [ port ] [ [ public-net | -vpn-instance vpn-instance-name ] | [ prefer_kex prefer_key-exchange ] | [ identity-key { rsa | dsa | ecc } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] * username user-name password password sourcefile source-file [ destination destination ]

# Establish an SFTP connection on an IPv6 network.

sftp client-transfile { get | put } ipv6 [ -a source-address] host-ip host-ipv6 [ -oi interface-type interface-number ] [ port ] [ [ prefer_kex prefer_key-exchange ] | [ identity-key { rsa | dsa | ecc } ] | [ prefer_ctos_cipher prefer_ctos_cipher ] | [ prefer_stoc_cipher prefer_stoc_cipher ] | [ prefer_ctos_hmac prefer_ctos_hmac ] | [ prefer_stoc_hmac prefer_stoc_hmac ] | [ -ki aliveinterval ] | [ -kc alivecountmax ] ] * username user-name password password sourcefile source-file [ destination destination ]

Parameters

Parameter

Description

Value

get Downloads files from the SFTP server. -
put Uploads files to the SFTP server. -
-a source-address Specifies the source address of an SFTP client. -
-i interface-type interface-number Specifies the source interface of an SFTP client. -
host-ip host-ipv4 Specifies the IPv4 address or host name of an SFTP server. The value is a string of 1 to 255 case-insensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.
port Specifies the current monitoring port number on the SFTP server.

Only when the monitoring port number on the SFTP server is 22, the SFTP client can log in without a port number being specified. If the monitoring port number on the SFTP server is not 22, you must specify a port number for the SFTP client to log in.

The value is an integer ranging from 1 to 65535. The default value is 22.
public-net Establishes the SFTP connection on a public network. -
-vpn-instance vpn-instance-name Specifies the name of a VPN instance.

The SFTP connection is established on a private network.

The value must be an existing VPN instance name.
prefer_kex prefer_key-exchange Specifies a preferred algorithm for key exchange.
  • dh_group1
  • dh_exchange_group
  • dh_group14_sha1

The default algorithm is dh_exchange_group.

NOTE:
The dh_exchange_group algorithm is recommended.
identity-key Specifies a public key algorithm for the server authentication.
  • dsa
  • rsa
  • ecc

The default algorithm is rsa.

prefer_ctos_cipher prefer_ctos_cipher Specifies the preferred encryption algorithm for packets from the client to the server
  • des
  • 3des
  • aes128
  • aes256
  • aes128_ctr(Advanced Encryption Standard 128_ctr)
  • aes256_ctr(Advanced Encryption Standard 256_ctr)

The default algorithm is aes256_ctr.

To improve security, it is recommended that you use aes128_ctr, and aes256_ctr algorithms.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.
prefer_stoc_cipher prefer_stoc_cipher Specifies the preferred encryption algorithm for packets from the server to the client.
  • des
  • 3des
  • aes128
  • aes256
  • aes128_ctr
  • aes256_ctr

The default algorithm is aes256_ctr.

To improve security, it is recommended that you use aes128_ctr, and aes256_ctr algorithms.

NOTE:
  • If an encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select an encryption algorithm from the list.
  • If no encryption algorithm list has been configured using the ssh client cipher command for the SSH client, select one from 3des, aes128, aes256, aes128_ctr, and aes256_ctr.
prefer_ctos_hmac prefer_ctos_hmac Specifies the preferred HMAC algorithm for packets from the client to the server.
  • sha1
  • sha1_96
  • md5
  • md5_96
  • sha2_256
  • sha2_256_96

The default algorithm is sha2_256.

prefer_stoc_hmac prefer_stoc_hmac Specifies the preferred HMAC algorithm for packets from the server to the client.
  • sha1
  • sha1_96
  • md5
  • md5_96
  • sha2_256
  • sha2_256_96

The default algorithm is sha2_256.

-ki aliveinterval Specifies the interval at which the client sends a Keepalive packet to the server.

When the connection between the server and the client fails, the client must detect the fault in time and removes the connection proactively. Therefore, when logging in to the server using SFTP, the client must be configured with an interval at which the client sends keepalive packets to the server and the maximum number of times that the server provides no response. If a client does not receive any packet within a specified period, the client sends a Keepalive packet to the server. If the maximum number of times that the server does not respond exceeds the specified value, the client proactively removes the connection.

By default, the function of sending Keepalive packets to the server in the case of no data transmission is not configured.

The value is an integer ranging from 1 to 3600, in seconds. The default value is 60 seconds.
-kc alivecountmax Specifies the maximum number of times that the server does not respond. The value is an integer ranging from 3 to 10. The default value is 5.
username user-name Specifies the user name for an SFTP connection. The value is a string of 1 to 255 case-sensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.
password password Specifies the password for an SFTP connection. The value is a string of 1 to 128 case-sensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.
sourcefile source-file Specifies the source file to be uploaded to or downloaded from the server.

The absolute path of the file ranges from 1 to 160 case-insensitive characters without spaces.

When quotation marks are used around the string, spaces are allowed in the string.
destination destination Specifies the destination file to be uploaded to or downloaded from the server.

If destination destination is not specified, the name of the file to be downloaded from or uploaded to the server is the same as that on the SFTP server.

The absolute path of the file ranges from 1 to 160 case-insensitive characters without spaces.

When quotation marks are used around the string, spaces are allowed in the string.
ipv6 Specifies an IPv6 SFTP server. -
-oi interface-type interface-number Specifies the source IPv6 interface of an SFTP client.

If host-ipv6 is a link-local IPv6 address, you must specify the interface name corresponding to the link-local address. If host-ipv6 is not a link-local IPv6 address, no interface name is required.

-
host-ip host-ipv6 Specifies the IPv6 address or host name of an SFTP server. The value is a string of 1 to 255 case-insensitive characters without spaces. When quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To upload files to or download files from an SFTP server, run the sftp client-transfile command.

Prerequisites

The SFTP function on the SFTP server has been enabled using the sftp client-transfile command.

Configuration Impact

After a connection is established between an SFTP client and an SFTP server, they start to intercommunicate.

Precautions

If command execution fails due to ACLs on the SFTP client or the TCP connection fails, the system prompts an error message indicating that the connection to the server fails.

If the sftp client-transfile command is run for the device to connect to the SFTP server, only password authentication is supported.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Configure the current monitoring port number 1025 on the SSH server on a private network (SFTP client on the public network), and download the sample.txt file to the SFTP client.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile get host-ip 10.137.144.231 1025 -vpn-instance ssh username root password Root@123 sourcefile sample.txt

# Specify Keepalive parameters for the client that attempts to log in to the server using SFTP and download the sample.txt file to the SFTP client.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile get host-ip 10.164.39.209 -ki 10 -kc 4 username root password Root@123 sourcefile sample.txt

# Configure the client to pass DSA authentication before logging in to the server using SFTP and download the sample.txt file to the SFTP client.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile get host-ip 10.100.0.114 identity-key dsa username root password Root@123 sourcefile sample.txt

# Upload the sample.txt file to the IPv6 SFTP server.

<HUAWEI> system-view
[HUAWEI] sftp client-transfile put host-ip 10.100.0.114 identity-key dsa username root password Root@123 sourcefile sample.txt

sftp server enable

Function

The sftp server enable command enables the SFTP service on the SSH server.

The undo sftp server enable command disables the SFTP service on the SSH server.

By default, the SFTP service is disabled.

Format

sftp [ ipv4 | ipv6 ] server enable

undo sftp [ ipv4 | ipv6 ] server enable

Parameters

Parameter Description Value
ipv4 Indicates that the SFTP IPv4 service is enabled on the SSH server. -
ipv6 Indicates that the SFTP IPv6 service is enabled on the SSH server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To connect the client to the SSH server to transfer files in SFTP mode, you must first enable the SFTP server on the SSH server.

Precautions

After the sftp server enable command is run, the device receives login connection requests from all interfaces by default. Therefore, there are security risks. You are advised to run the ssh server-source command to specify the source interface of the SFTP server.

After the sftp server enable command is run, the numbers of IPv4 port and IPv6 port are both changed. To change the number of IPv4 port or IPv6 port separately, run the sftp [ ipv4 | ipv6 ] server enable command.

Example

# Enable the SFTP service.

<HUAWEI> system-view
[HUAWEI] sftp server enable
Info: Succeeded in starting the SFTP server.

# Disable the SFTP service.

<HUAWEI> system-view
[HUAWEI] undo sftp server enable
Info: Succeeded in closing the SFTP server.

# Enable the SFTP IPv4 service.

<HUAWEI> system-view
[HUAWEI] sftp ipv4 server enable
Related Topics

snmp-agent trap enable feature-name ftp_server

Function

The snmp-agent trap enable feature-name ftp_server command enables the trap function for the Ftp_server module.

The undo snmp-agent trap enable feature-name ftp_server command disables the trap function for the Ftp_server module.

By default, the trap function is disabled for the Ftp_server module.

Format

snmp-agent trap enable feature-name ftp_server [ trap-name { hwftpnumthreshold | hwftpnumthresholdresume } ]

undo snmp-agent trap enable feature-name configuration [ trap-name { hwftpnumthreshold | hwftpnumthresholdresume } ]

Parameters

Parameter Description Value
trap-name Enables or disables the trap function for a specified event of the Ftp_server module. -
hwftpnumthreshold Enables the device to send a trap when the number of FTP users exceeds the threshold. -
hwftpnumthresholdresume Enables the device to send a trap when the number of FTP users falls below the threshold. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The Ftp_server module is not configured with all excessive traps. You can specify trap-name to enable the trap function for one or more events of the Ftp_server module.

You can run the display snmp-agent trap feature-name ftp_server all command to check the configuration result.

Example

# Enable the device to send a trap when the number of FTP users exceeds the threshold.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name ftp_server trap-name hwftpnumthreshold

snmp-agent trap enable feature-name vfs

Function

Using the snmp-agent trap enable feature-name vfs command, you can enable the trap function for the VFS module.

Using the undo snmp-agent trap enable feature-name vfs command, you can disable the trap function for the VFS module.

By default, the trap function is disabled for the VFS module.

Format

snmp-agent trap enable feature-name vfs [ trap-name { hwflhopernotification | hwflhsyncfailnotification | hwflhsyncsuccessnotification | hwsysmasterhderror | hwsysslavehderror } ]

undo snmp-agent trap enable feature-name vfs [ trap-name { hwflhopernotification | hwflhsyncfailnotification | hwflhsyncsuccessnotification | hwsysmasterhderror | hwsysslavehderror } ]

Parameters

Parameter

Description

Value

trap-name trap-name Enables or disables the trap function for a specified event of the VFS module. -
hwflhopernotification Enables the trap function for the event that a copy operation related to the flash memory completes or fails. -
hwflhsyncfailnotification Enables the trap function for the event that a copy operation related to the flash memory fails. -
hwflhsyncsuccessnotification Enables the trap function for the event that a copy operation related to the flash memory succeeds. -
hwsysmasterhderror Enables the trap function for the event that the MPU hard disk cannot read or write data due to an error. -
hwsysslavehderror Enables the trap function for the event that the standby MPU hard disk cannot read or write data due to an error. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

You can specify trap-name to enable the trap function for one or more events of the VFS module.

You can run the display snmp-agent trap feature-name vfs all command to check the configuration result.

Example

# Enable the trap function for hwflhsyncsuccessnotification.

<HUAWEI> system-view
[HUAWEI] snmp-agent trap enable feature-name vfs trap-name hwflhsyncsuccessnotification

ssh user sftp-directory

Function

The ssh user sftp-directory command configures the SFTP service authorized directory for an SSH user.

The undo ssh user sftp-directory command cancels the SFTP service authorized directory for an SSH user.

The default SFTP service authorized directory for SSH users on SRUH /SRUE is flash: and that on other types of main control cards is cfcard:.

Format

ssh user username sftp-directory directoryname

undo ssh user username sftp-directory

Parameters

Parameter Description Value
username Specifies the SSH user name. The value is a string of 1 to 64 case-insensitive characters without spaces.
directoryname Specifies the directory name on the SFTP server. The value is a string of 1 to 160 case-insensitive characters without spaces.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If there is the default authorized directory for an SFTP user on the device, you can run this command to change the directory.

Precautions

Users can only access the specified directory on the SFTP server. If the username user does not exist, the system creates an SSH user named username and uses the SFTP service authorized directory configured for the user. If the configured directory does not exist, the SFTP client fails to connect to the SSH server using this SSH user. After a master/backup switchover or device restart is performed, the SFTP client fails to connect to the SSH server if the configured directory does not exist. In this case, check whether the configured directory is valid. If the configured directory is invalid, re-configure it.

Example

# Configure the SFTP service authorized directory cfcard:/ssh for the SSH user admin.

<HUAWEI> system-view
[HUAWEI] ssh user admin sftp-directory cfcard:/ssh
Related Topics

ssl cipher-suite-list

Function

The ssl cipher-suite-list command customizes an SSL cipher suite policy and displays the view of the cipher suite policy. If the SSL cipher suite policy to be customized already exists, the command directly displays the view of this cipher suite policy.

The undo ssl cipher-suite-list command deletes a customized SSL cipher suite policy.

By default, no customized SSL cipher suite policy is configured.

Format

ssl cipher-suite-list customization-policy-name

undo ssl cipher-suite-list customization-policy-name

Parameters

Parameter Description Value
customization-policy-name Sets a name for a customized SSL cipher suite policy. The value is a string of 1 to 32 case-insensitive characters, spaces not supported.

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To improve system security, the device supports only secure algorithms by default. However, to improve compatibility, the device also allows you to customize cipher suite policies. To customize a cipher suite policy, run the ssl cipher-suite-list command.

Example

# Customize an SSL cipher suite policy named cipher1 and enter the view of the cipher suite policy.

<HUAWEI> system-view
[HUAWEI] ssl cipher-suite-list cipher1
[HUAWEI-ssl-cipher-suite-cipher1] 

ssl minimum version

Function

The ssl minimum version command configures a minimum SSL version for an SSL policy.

The undo ssl minimum version command restores the default version.

By default, the minimum SSL version used by an SSL policy is TLS1.0.

Format

ssl minimum version { ssl3.0 | tls1.0 | tls1.1 | tls1.2 }

undo ssl minimum version

Parameters

Parameter Description Value
ssl3.0 Sets the minimum SSL version to SSL3.0 for an SSL policy.
NOTE:
SSL3.0 has high security risks and will be prohibited. It is recommended that you do not set the minimum SSL version to SSL3.0 for an SSL policy.
-
tls1.0 Sets the minimum SSL version to TLS1.0 for an SSL policy.
NOTE:
TLS1.0 has high security risks and will be prohibited. It is recommended that you do not set the minimum SSL version to SSL3.0 for an SSL policy.
-
tls1.1 Sets the minimum SSL version to TLS1.1 for an SSL policy. -
tls1.2 Sets the minimum SSL version to TLS1.2 for an SSL policy. -

Views

SSL policy view

Default Level

3: Management level

Usage Guidelines

To configure a minimum SSL version for an SSL policy, run the ssl minimum version command so that service modules can flexibly adopt the SSL policy.

The SSL versions supported by SSL policies include SSL3.0, TLS1.0, TLS1.1, and TLS1.2 in ascending order of security.

Example

# Configure the minimum SSL version for the SSL policy ftp_server to be TLS1.2.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] ssl minimum version tls1.2

ssl policy

Function

The ssl policy command creates an SSL policy and displays the SSL policy view. If the SSL policy has been created before you run this command, the command directly displays the SSL policy view.

The undo ssl policy command deletes an SSL policy.

By default, no SSL policy is created.

Format

ssl policy policy-name

undo ssl policy policy-name

Parameters

Parameter Description Value
policy-name Specifies the name of an SSL policy.

The value is a string of 1 to 23 case-insensitive characters without spaces. The value can contain digits, letters, and underscores (_).

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

Traditional FTP and HTTP protocols does not have the security mechanism. Data that is transmitted in plain text can be modified. User identity cannot be authenticated and data security cannot be ensured. The SSL security policy uses the data encryption, user identity authentication, and message integrity check mechanisms to ensure the security of the TCP-based application layer.

Follow-up Procedure

After you have run the ssl policy command to display the SSL policy view, perform either of the following operations:
  • When the device functions as a server, run the certificate load to load the certificate or certificate chain.
  • When the device functions as a client, run the trusted-ca load and crl load commands to load the trusted CA and CRL so that the server validity can be authenticated.

Precautions

  • You can run the ssl policy command to create an SSL policy for the secure FTP and HTTP services.

  • A maximum of four SSL policies can be created.

Example

# Create SSL policy https_der and displays the SSL policy view.

<HUAWEI> system-view
[HUAWEI] ssl policy https_der
[HUAWEI-ssl-policy-https_der]

tftp

Function

The tftp command uploads a file to the TFTP server or downloads a file to the local device.

Format

# Upload a file to the TFTP server or download a file to the local device based on the IPv4 address

tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server [ public-net | vpn-instance vpn-instance-name ] { get | put } source-filename [ destination-filename ]

# Upload a file to the TFTP server or download a file to the local device based on the IPv6 address

tftp ipv6 [ -a source-ip-address ] tftp-server-ipv6 [ -oi interface-type interface-number ] { get | put } source-filename [ destination-filename ]

Parameters

Parameter

Description

Value

-a source-ip-address Specifies the source IP address for connecting to the TFTP client. You are advised to use the loopback interface IP address.

-

-i interface-type interface-number

Specifies the source interface used by the TFTP client to set up connections. It consists of the interface type and number. It is recommended that you specify a loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the TFTP connection cannot be set up.

-
-oi interface-type interface-number

Specifies an outbound interface on the local device.

If the remote host uses an IPv6 address, you must specify the outbound interface on the local device.
tftp-server Specifies the IPv4 address or host name for the TFTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

tftp-server-ipv6

Specifies the IPv6 address of the IPv6 TFTP server.

The value is a string of 1 to 255 case-insensitive characters without spaces.

public-net Specifies the TFTP server on the public network. -
vpn-instance vpn-instance-name

Name of the VPN instance where the TFTP server is located.

The value must be an existing VPN instance name.
get Download a file. -
put Upload a file. -
source-filename Specifies the source file name. The value is a string of 1 to 64 case-insensitive characters without spaces.
destination-filename Specifies the destination file name. The value is a string of 1 to 64 case-insensitive characters without spaces. By default, source and destination file names are the same.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

When upgrading the system, you can run the tftp command to upload an important file to the TFTP server or download a system software to the local device.

Precautions

  • When you run the tftp command to upload a file to the TFTP server in TFTP mode, files are transferred in binary mode by default. The tftp does not support the ASCII mode for file transfer.
  • After specifying a source IP address, you can use this IP address to communicate with the server and implement packet filtering to ensure data security.
  • You can run the set net-manager vpn-instance command to configure the NMS management VPN instance before running the open command to connect the FTP client and server.
    • If public-net or vpn-instance is not specified, the FTP client accesses the FTP server in the VPN instance managed by the NMS.

    • If public-net is specified, the FTP client accesses the FTP server on the public network.

    • If vpn-instance vpn-instance-name is specified, the FTP client accesses the FTP server in a specified VPN instance.

NOTE:

The file system has a restriction on the number of files in the root directory. Therefore, if more than 50 files exist in the root directory, creating new files in this directory may fail.

Example

# Download file vrpcfg.txt from the root directory of the TFTP server to the local device. The IP address of the TFTP server is 10.1.1.1. Save the downloaded file to the local device as file vrpcfg.bak.

<HUAWEI> tftp 10.1.1.1 get vrpcfg.txt cfcard:/vrpcfg.bak

# Upload file vrpcfg.txt from the root directory of the storage device to the default directory of the TFTP server. The IP address of the TFTP server is 10.1.1.1. Save file vrpcfg.txt on the TFTP server as file vrpcfg.bak.

<HUAWEI> tftp 10.1.1.1 put cfcard:/vrpcfg.txt vrpcfg.bak

# Obtain the link local IP address and interface name from the TFTP server.

<HUAWEI> tftp ipv6 FC00::/7 -oi gigabitethernet 1/0/1 get file1 file2
Info: Transfer file in binary mode.
Downloading the file from the remote TFTP server. Please wait...
100%
TFTP: Downloading the file successfully.
249704 byte(s) received in 10 second(s).
Related Topics

tftp client-source

Function

The tftp client-source command specifies the source IP address for the TFTP client to send packets.

The undo tftp client-source command restores the default source IP address for the TFTP client to send packets.

By default, the TFTP client source address is the IP address of the outbound interface connecting to the TFTP server, and it is displayed as 0.0.0.0.

Format

tftp client-source { -a source-ip-address | -i interface-type interface-number }

undo tftp client-source

Parameters

Parameter Description Value
-a source-ip-address

Specifies the source IP address of the TFTP client. You are advised to use the loopback interface IP address.

The value is in dotted decimal notation.
-i interface-type interface-number

Source interface type and ID. You are advised to use the loopback interface.

The IP address configured for this interface is the source IP address for sending packets. If no IP address is configured for the source interface, the TFTP connection cannot be set up.

-

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

If no source IP address is specified, the client uses the source IP address that the router specifies to send packets. The source IP address must be configured for an interface with stable performance. The loopback interface is recommended. Using the loopback interface as the source interface simplifies the ACL rule and security policy configuration. This shields the IP address differences and interface status impact, filters incoming and outgoing packets, and implements security authentication.

Prerequisites

The source interface specified using the command must exist and have an IP address configured.

Precautions

  • The tftp command also configures the source IP address whose priority is higher than that of the source IP address specified in the tftp client-source command. If you specify source addresses in the tftp client-source and tftp commands, the source IP address specified in the tftp command is used for data communication. The source address specified in the tftp client-source command applies to all TFTP connections. The source address specified in the tftp command applies only to the current TFTP connection.

  • You can query the source IP address or source interface IP address specified in the TFTP connection on the TFTP server.

Example

# Set the source IP address of the TFTP client to 10.1.1.1.

<HUAWEI> system-view
[HUAWEI] tftp client-source -a 10.1.1.1
Info: Succeeded in setting the source address of the TFTP client to 10.1.1.1.

tftp-server acl

Function

The tftp-server acl command specifies the ACL number for the local device so that the device can access TFTP servers with the same ACL number.

The undo tftp-server acl command deletes the ACL number from the local device.

By default, no ACL number is specified on the local client.

Format

tftp-server [ ipv6 ] acl acl-number

undo tftp-server [ ipv6 ] acl

Parameters

Parameter Description Value
acl-number Specifies the number of the basic ACL. The value is an integer that ranges from 2000 to 2999.
ipv6 Specifies the IPv6 address of a specific server. -

Views

System view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

To ensure the security of the local device, you need to run the tftp-server acl command to specify an ACL to specify TFTP servers that the local device can access.

Precautions

  • The tftp-server acl command takes effect only after you run the rule command to configure the ACL rule. If no ACL rule is configured, the local device can access a specified TFTP server in TFTP mode.
  • The TFTP supports only the basic ACL whose number ranges from 2000 to 2999.

Example

# Allow the local device to the access the TFTP server whose ACL number is 2000.

<HUAWEI> system-view
[HUAWEI] acl 2000
[HUAWEI-acl-basic-2000] rule permit source 10.10.10.1 0
[HUAWEI-acl-basic-2000] quit
[HUAWEI] tftp-server acl 2000
Related Topics

trusted-ca load

Function

The trusted-ca load command loads the trusted CA file for the SSL policy for the FTP client.

The undo trusted-ca load command unloads the trusted CA file of the SSL policy.

By default, no trusted CA file is loaded for the SSL policy.

Format

# Load the trusted CA file for the SSL policy in ASN1 format.

trusted-ca load asn1-ca ca-filename

# Load the trusted CA file for the SSL policy in PEM format.

trusted-ca load pem-ca ca-filename

# Load the trusted CA file for the SSL policy in PFX format.

trusted-ca load pfx-ca ca-filename auth-code cipher auth-code

# Unload the trusted CA file for the SSL policy.

undo trusted-ca load { asn1-ca | pem-ca | pfx-ca } ca-filename

Parameters

Parameter

Description

Value

asn1-ca

Load the trusted CA file for the SSL policy in ASN1 format.

-
pem-ca

Load the trusted CA file for the SSL policy in PEM format.

-
pfx-ca

Load the trusted CA file for the SSL policy in PFX format.

-
ca-filename

Specifies the name of the trusted CA file.

The file is in the subdirectory of the system directory security. If the security directory does not exist in the system, create this directory.

The value is a string of 1 to 64 characters.

The file name is the same as that of the uploaded file.

auth-code cipher auth-code

Specifies the verification code for the trusted CA file in PFX format.

The authentication code verifies user identity to ensure that only authorized users can log in to the server.

The value is a string of case-sensitive characters without spaces. If the value begins and ends with double quotation marks (" "), the string of characters can contain spaces. When the value is displayed in plaintext, its length ranges from 1 to 31. When the value is displayed in ciphertext, its length is 48 or 68. A ciphertext password with the length of 32 or 56 characters is also supported.

Views

SSL policy view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

CAs that are widely trusted in the world are called root CAs. Root CAs can authorize other lower-level CAs. The identity information about a CA is provided in the file of a trusted CA. To ensure the communication security and verify the server validity, you must run the trusted-ca load command to load the trusted CA file.

Prerequisites

Before running the trusted-ca load command, you have run the ssl policy command to create the SSL policy in the system view.

Precautions

A maximum of four trusted CA files can be loaded for an SSL policy. For the sake of security, deleting the installed trusted CA file is not recommended; otherwise, services using the SSL policy will be affected.

Example

# Load the trusted CA file for the SSL policy in ASN1 format.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] trusted-ca load asn1-ca servercert.der

# Load the trusted CA file for the SSL policy in PEM format.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] trusted-ca load pem-ca servercert.pem

# Load the trusted CA file for the SSL policy in PFX format.

<HUAWEI> system-view
[HUAWEI] ssl policy ftp_server
[HUAWEI-ssl-policy-ftp_server] trusted-ca load pfx-ca servercert.pfx auth-code cipher 123456

undelete

Function

The undelete command restores a file that has been has been temporally deleted and moved to the recycle bin.

Format

undelete { filename | devicename }

Parameters

Parameter Description Value
filename Specifies the name of a file to be restored.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

devicename Specifies the storage device name.

-

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the undelete command to restore a file that has been temporally deleted and moved to the recycle bin. However, files that are permanently deleted by running the delete or reset recycle-bin command with the /unreserved parameter cannot be restored.

The following describes the drive name.

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Like devicename, drive specifies the storage device name.

Precautions

  • To display information about a temporally deleted file, run the dir /all command. The file name is displayed in square brackets ([ ]).

  • If the name of a file is the same as an existing directory, the file cannot be restored. If the destination file has the same name as an existing file, the system prompts you whether to overwrite the existing file. The system prompt is displayed only when file prompt is set to alert.

Example

# Restore file sample.bak from the recycle bin.

<HUAWEI> undelete sample.bak
Undelete cfcard:/sample.bak ?[Y/N] :y
%Undeleted file cfcard:/sample.bak.

# Restore a file that has been moved from the root directory to the recycle bin.

<HUAWEI> undelete cfcard:
Undelete cfcard:/test.txt?[Y/N]:y
%Undeleted file cfcard:/test.txt.
Undelete cfcard:/rr.bak?[Y/N]:y
%Undeleted file cfcard:/rr.bak. 

unzip

Function

The unzip command decompresses a file.

Format

unzip source-filename destination-filename

Parameters

Parameter Description Value
source-filename Specifies the name of a source file to be decompressed.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

destination-filename Specifies the name of a destination file that is decompressed.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can decompress files, especially log files that are stored on the storage device and run the more command to query the file.

The following describes the drive name.

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • If the destination file path is specified while the file name is not specified, the designation file name is the same as the source file name.

  • The source file persists after being decompressed.

  • The compressed file must be a .zip file. If a file to be decompressed is not a zip file, the system displays an error message during decompression.

  • The source file must be a single file. If you attempt to decompress a directory or mutiple files, the decompression cannot succeed.

Example

# Decompress log file 2012-03-14.01-53-11.log.zip that are stored in the logfile directory and save it to the root directory as file log.txt.

<HUAWEI> pwd
cfcard:/logfile 
<HUAWEI> unzip 2012-03-14.01-53-11.log.zip cfcard:/log.txt
Extract cfcard:/logfile/2012-03-14.01-53-11.log.zip to cfcard:/log.txt?[Y/N]:y  
100%  complete                                                                  
%Decompressed file cfcard:/logfile/2012-03-14.01-53-11.log.zip to cfcard:/log.tx
t.

user

Function

The user command changes the current FTP user when the local device is connected to the FTP server.

Format

user user-name [ password ]

Parameters

Parameter Description Value
user-name Specifies the name of a login user. The value is a string of 1 to 255 case-insensitive characters without space.
password Specifies the login password. The value is a string of 1 to 255 case-sensitive characters without space, single quotation mark, or question mark.

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

You can run the user command to change the current user on the FTP server.

Precautions

After you run the user command to change the current user, a new FTP connection is set up, which is the same as that you specify in the ftp command.

Example

# Log in to the FTP server using the user name tom.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] user tom
331 Password required for tom.
Enter password: 
230 User logged in.
Related Topics

verbose

Function

The verbose command enables the verbose function on the FTP client.

The undo verbose command disables the verbose function.

By default, the verbose function is enabled.

Format

verbose

undo verbose

Parameters

None

Views

FTP client view

Default Level

3: Management level

Usage Guidelines

After the verbose function is enabled, all FTP response messages are displayed on the FTP client.

Example

# Enable the verbose function.

<HUAWEI> ftp 10.137.217.201
Trying 10.137.217.201 ...
Press CTRL+K to abort
Connected to 10.137.217.201.
220 FTP service ready.
User(10.137.217.201:(none)):huawei
331 Password required for huawei.
Enter password:
230 User logged in. 
[ftp] verbose
Info: Succeeded in switching verbose on.
[ftp] get h1.txt
200 Port command okay.
150 Opening ASCII mode data connection for h1.txt.

226 Transfer complete.
FTP: 69 byte(s) received in 0.160 second(s) 431.25byte(s)/sec.
                                                             

# Disable the verbose function.

[ftp] undo verbose
Info: Succeeded in switching verbose off.
[ftp] get h1.txt

FTP: 69 byte(s) received in 0.150 second(s) 460.00byte(s)/sec. 

xmodem get

Function

The xmodem get command downloads files from the Console port to the device through the Xmodem protocol.

Format

xmodem get { filename | devicename }

Parameters

Parameter Description Value
filename Specifies the name of the received file that is saved. The name is a string. The absolute path of the file ranges from 1 to 64 characters.
devicename Specifies the name of the storage device. The name is a string of 1 to 64 characters.

Views

User view

Default Level

3: Management level

Usage Guidelines

If filename is specified, the system saves the file with the specified name to a specified path. If no filename is specified, the system saves the file with the original name to the specified device.

Example

# Download files from the Console port through the Xmodem protocol and save the received file tocfcard with the name as test.txt.

<HUAWEI> xmodem get cfcard:/test.txt

zip

Function

The zip command compresses a file.

Format

zip source-filename destination-filename

Parameters

Parameter Description Value
source-filename Specifies the name of a source file to be compressed.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

destination-filename Specifies the name of a destination file that is compressed.

The value is a string of 1 to 160 case-insensitive characters without spaces in the [ drive ] [ path ] file name format.When double quotation marks are used around the string, spaces are allowed in the string.

In the preceding parameter, drive specifies the storage device name, and path specifies the directory and subdirectory.

You are advised to add : and / between the storage device name and directory. Characters ~, *, /, \, :, ', " cannot be used in the directory name.

Views

User view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

The following describes the drive name.

  • drive is the storage device and is named as follows:
    • cfcard: root directory of the CF card on the master MPU. If no CF card is available, this drive is unavailable.
    • flash: root directory of the flash memory on the master MPU.
    • slave#cfcard: root directory of the CF card on the slave MPU. If there is no slave MPU or CF card, this drive is unavailable.
    • slave#flash: enters the root directory of the flash memory on the slave MPU. If there is no slave MPU, this drive is unavailable.
  • If devices are in CSS, drive can be named as:

    • cfcard: root directory of the CF card on the master MPU.
    • flash: root directory of the flash memory on the master MPU.
    • chassis ID/slot number#cfcard: root directory of the CF card on a CSS device.
    • chassis ID/slot number#flash: root directory of the flash memory on a CSS device.

    For example, 1/14#flash: indicates a flash memory whose chassis ID is 1 and slot number is 14.

The path can be an absolute path or relative path. A relative path can be designated relative to either the root directory or the current working directory. A relative path beginning with a slash (/) is a path relative to the root directory.
  • cfcard:/my/test/ is an absolute path.

  • /selftest/ is a path relative to the root directory and indicates the selftest directory in the root directory.

  • selftest/ is a path relative to the current working directory and indicates the selftest directory in the current working directory.

Precautions

  • If the destination file path is specified while the file name is not specified, the designation file name is the same as the source file name.

  • The source file persists after being compressed.

  • Directories cannot be compressed.

Example

# Compress file log.txt that is stored in the root directory and save it to the test directory as file log.zip.

<HUAWEI> dir
Directory of cfcard:/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-            155  Dec 02 2011 01:28:48   log.txt
    1  -rw-          9,870  Oct 01 2011 00:22:46   patch.pat
    2  drw-              -  Mar 22 2012 00:00:48   test
    3  -rw-            836  Dec 22 2011 16:55:46   rr.dat
...

509,256 KB total (52,752 KB free)
<HUAWEI> zip log.txt cfcard:/test/log.zip
Compress cfcard:/log.txt  to cfcard:/test/log.zip?[Y/N]:y
100%  complete
%Compressed file cfcard:/log.txt to cfcard:/test/log.zip.
<HUAWEI> cd test 
<HUAWEI> dir 
Directory of cfcard:/test/

  Idx  Attr     Size(Byte)  Date        Time       FileName
    0  -rw-            836  Mar 20 2012 19:49:14   test
    1  -rw-            239  Mar 22 2012 20:57:38   test.txt
    2  -rw-          1,056  Dec 02 2011 01:28:48   log.txt
    3  -rw-            240  Mar 22 2012 21:23:46   log.zip

509,256 KB total (52,751 KB free)
Related Topics
Translation
Download
Updated: 2019-10-18

Document ID: EDOC1000178288

Views: 25659

Downloads: 109

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next