No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CLI-based Configuration Guide - Basic Configuration

AR500, AR510, AR531, AR550, AR1500, and AR2500 V200R010

This document provides the basic concepts, configuration procedures, and configuration examples in different application scenarios of the Basic configuration supported by the device.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Files When the Device Functions as a TFTP Client

Managing Files When the Device Functions as a TFTP Client

The device can function as a TFTP client to log in to the TFTP server remotely to upload or download files.

Pre-configuration Tasks

Before connecting to a device as a TFTP client to manage files, complete the following tasks:

  • Ensure that routes are reachable between the current device and the TFTP server.
  • Obtain the host name or IP address of the TFTP server and the directory for storing files to be downloaded or uploaded.

Configuration Process

NOTE:

The TFTP protocol will bring risk to device security. The SFTPv2 mode is recommended.

Table 11-20 describes the procedure for managing files when the device functions as a TFTP client.

Table 11-20  Procedure for managing files when the device functions as a TFTP client
No. Task Description Remarks
1 (Optional) Configure the TFTP client source address

Configure the TFTP client source address. To ensure communication security, the source address can be set to a source IP address or source interface.

You can configure the TFTP client source address and TFTP ACL rule in any sequence.
2 (Optional) Configure the TFTP ACL

Configure the ACL rule and TFTP basic ACL to improve TFTP access security.

3 Run TFTP commands to upload or download files

Upload and download files.

Procedure

  • (Optional) Configure the TFTP client source address.

    When you specify the source address in an ACL, use the address of an interface in stable state, for example, a loopback interface. This simplifies the ACL rule and security policy configuration. After the client source address is configured as the source or destination address in the ACL rule, IP address differences and interface status impact are shielded, and incoming and outgoing packets are filtered.

    Table 11-21  (Optional) Configuring the TFTP client source address
    Operation Command Description
    Enter the system view. system-view -
    Configure the TFTP client source address. tftp client-source { -a source-ip-address | -i interface-type interface-number }

    The TFTP client source address can be set to a source IP address or source interface. If the source address is set to source interface, configure an IP address for the interface for establishing TFTP connections.

  • (Optional) Configure the TFTP ACL.

    An ACL is composed of a list of rules such as the source address, destination address, and port number of packets. ACL rules are used to classify packets. After these rules are applied to routing devices, the routing devices determine the packets to be received and rejected.

    An ACL can define multiple rules. ACLs are classified into basic ACLs, advanced ACLs, and Layer 2 ACLs.

    TFTP supports only the basic ACL whose number ranges from 2000 to 2999.

    ACL rule:
    • If permit is defined in an ACL rule, the device can establish TFTP connections with any devices that match the rule.

    • If deny is defined in an ACL rule, the device cannot establish TFTP connections with devices that match the rule.

    Table 11-22  (Optional) Configuring the TFTP ACL
    Operation Command Description
    Enter the system view. system-view -
    Create an ACL and enter the ACL view.

    acl [ number ] acl-number

    By default, no ACL is created.

    Configure the ACL rule. rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | vpn-instance vpn-instance-name | [ fragment | none-first-fragment ] | logging | time-range time-name ] *

    By default, no ACL rule is configured.

    Return to the system view. quit -
    Configure the TFTP ACL.

    tftp-server acl acl-number

    -

  • Run TFTP commands to upload or download files.

    Operation Command Description

    IPv4 address

    tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server [ public-net | vpn-instance vpn-instance-name ] { get | put } source-filename [ destination-filename ]

    Run either of the commands based on the IP address type.

    • get: downloads a file.

    • put: uploads a file.

    IPv6 address

    tftp ipv6 [ -a source-ip-address ] tftp-server-ipv6 [ -oi interface-type interface-number ] [ vpn6-instance vpn6-instance-name ] { get | put } source-filename [ destination-filename ]
    NOTE:

    You can use either or both of the following methods to increase the TFTP uploading or downloading rate.

    • Use the third-party software TFTPD32 (Windows operating system) or TFTPD-HPA (Linux operating system) on the TFTP server.
    • Configure CPCAR on the TFTP client to increase the rate threshold. After performing the TFTP operation, run the undo cpu-defend-policy [ global | slot slot-id ] command to cancel the application of an attack defense policy.

    The source address or interface specified in the tftp command has a higher priority than that specified in the tftp client-source command. If you specify different source addresses or interfaces in the tftp client-source and tftp commands, the source address or interface specified in the tftp command takes effect. The source address or interface specified in the tftp client-source command applies to all TFTP connections. The source address or interface specified in the tftp command applies only to the current TFTP connection.

Verifying the Configuration

  • Run the display tftp-client command to check source address of the TFTP client.
  • Run the display acl { acl-number | all } command to check the ACL configurations of the TFTP client.
Translation
Download
Updated: 2019-05-20

Document ID: EDOC1100034225

Views: 44668

Downloads: 100

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next