No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R013C00 Configuration Guide - Basic Configuration

This document describes the configurations of Basic, including CLI Overview, EasyDeploy Configuration, USB-based Deployment Configuration, Logging In to a Device for the First Time, CLI Login Configuration, Web System Login Configuration, File Management, Configuring System Startup, ISSU Configuration, BootLoad Menu Operation.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the FTPS Server

Example for Configuring the FTPS Server

Networking Requirements

As shown in Figure 8-6, routes between the PC and the device functioning as an FTPS server are reachable. 10.137.217.201 is the management IP address on the FTPS server.

The FTP server function does not provide security mechanisms. Because data is transmitted in plain text, the network is susceptible to man-in-the-middle attacks and MAC/IP address spoofing. To address this issue and ensure secure file transfer, configure the SSL policy, data encryption, user identity authentication, and message integrity check mechanisms on the FTPS server. SSL ensures secure connection based on the FTP server function.

Figure 8-6  Networking diagram for managing files when the device functions as an FTPS server

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure the FTP server function on the device and upload the digital certificate to the root directory on the device.

  2. On the device, copy the digital certificate to the security directory, configure the SSL policy, and load the digital certificate so that the client can authenticate the server.

  3. Enable the FTPS server function and configure the local FTP user.

  4. Connect to the FTPS server using third-party software.

Procedure

  1. Configure the FTP server function on the server and upload the digital certificate to the server.

    # Enable the FTP server function and configure FTP user information.
    <HUAWEI> system-view
    [HUAWEI] sysname FTPS_Server
    [FTPS_Server] ftp server enable
    [FTPS_Server] aaa
    [FTPS_Server-aaa] local-user admin password irreversible-cipher huawei@6789
    [FTPS_Server-aaa] local-user admin service-type ftp
    [FTPS_Server-aaa] local-user admin privilege level 3 
    [FTPS_Server-aaa] local-user admin ftp-directory flash:
    [FTPS_Server-aaa] quit
    [FTPS_Server] quit

    # Open the Windows CLI and run the ftp FTP server IP address command to connect to the FTP server. Enter the correct user name and password to connect to the FTP server. Upload the digital certificate and private key to the FTP server.

    Run the dir command on the FTP server to check that the digital certificate and private key are uploaded successfully.

    <FTPS_Server> dir
    Directory of flash:/
    
    Idx  Attr     Size(Byte)  Date        Time         FileName
        0  drw-              -  May 10 2011 05:05:40   src
        1  -rw-        524,575  May 10 2011 05:05:53   private-data.txt
        2  -rw-            446  May 10 2011 05:05:51   vrpcfg.zip
        3  -rw-          1,302  May 10 2011 05:32:05   4_servercert_der_dsa.der
        4  -rw-            951  May 10 2011 05:32:44   4_serverkey_der_dsa.der
    ...
    509,256 KB total (52,752 KB free)

  2. Configure the SSL policy and load the digital certificate.

    # Create the security directory and move the digital certificate to the security directory.
    <FTPS_Server> mkdir security/
    <FTPS_Server> move 4_servercert_der_dsa.der security/
    <FTPS_Server> move 4_serverkey_der_dsa.der security/
    Run the dir command in the security directory to check that the digital certificate and private key have been moved successfully.
    <FTPS_Server> cd security/
    <FTPS_Server> dir
    Directory of flash:/security/
    
      Idx  Attr     Size(Byte)  Date        Time       FileName
        0  -rw-          1,302  May 10 2011 05:44:34   4_servercert_der_dsa.der
        1  -rw-            951  May 10 2011 05:45:22   4_serverkey_der_dsa.der
    
    509,256 KB total (52,752 KB free)
    # Configure the SSL policy and load the digital certificate in the ASN1 format.
    <FTPS_Server> system-view
    [FTPS_Server] ssl policy ftp_server
    [FTPS_Server-ssl-policy-ftp_server] certificate load asn1-cert 4_servercert_der_dsa.der key-pair dsa key-file 4_serverkey_der_dsa.der
    [FTPS_Server-ssl-policy-ftp_server] quit

  3. Enable the FTPS server function and configure the local FTP user.

    # Enable the FTPS server function.

    NOTE:

    Disable the FTP server function before enabling the FTPS server function.

    [FTPS_Server] undo ftp server
    [FTPS_Server] ftp secure-server ssl-policy ftp_server
    [FTPS_Server] ftp secure-server enable

    # Configure the local FTP user.

    Use the admin user configured in Step 1.

  4. Connect to the FTPS server using third-party software.

    For details, see related third-party documentation.

  5. Verify the configuration.

    # Run the display ssl policy command on the FTPS server to view information about the SSL policy.

    [FTPS_Server] display ssl policy
    
           SSL Policy Name: ftp_server
         Policy Applicants:
             Key-pair Type: DSA
     Certificate File Type: ASN1
          Certificate Type: certificate
      Certificate Filename: 4_servercert_der_dsa.der
         Key-file Filename: 4_serverkey_der_dsa.der
                 Auth-code: 
                       MAC:
                  CRL File:
           Trusted-CA File:
               Issuer Name:
       Validity Not Before:
        Validity Not After:

    # Run the display ftp-server command on the FTPS server to view the SSL policy name and the FTPS server status.

    [FTPS_Server] display ftp-server
       FTP server is stopped
       Max user number                 5
       User count                      1
       Timeout value(in minute)        30
       Listening port                  21
       Acl number                      0
       FTP server's source address     0.0.0.0
       FTP SSL policy                  ftp_server
       FTP Secure-server is running

    # The FTP server supporting SSL can securely connect to the FTPS server, upload files, and download files.

Configuration File

FTPS_Server configuration file

#
sysname FTPS_Server
#
FTP secure-server enable
ftp secure-server ssl-policy ftp_server
#
aaa
 local-user admin password irreversible-cipher $1a$P2m&M5d"'JHR7b~SrcHF\Z\,2R"t&6V|zOLh9y$>M\bjG$D>%@Ug/<3I$+=Y$
 local-user admin privilege level 3 
 local-user admin ftp-directory flash:
 local-user admin service-type ftp
#
ssl policy ftp_server
 certificate load asn1-cert 4_servercert_der_dsa.der key-pair dsa key-file 4_serverkey_der_dsa.der
#
return
Translation
Download
Updated: 2019-04-08

Document ID: EDOC1100065643

Views: 10875

Downloads: 35

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next