No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Basic Configuration

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Basic, including CLI Overview, EasyDeploy Configuration, USB-based Deployment Configuration, Logging In to a Device for the First Time, CLI Login Configuration, Web System Login Configuration, File Management, Configuring System Startup, BootLoad Menu Operation.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Managing Files When the Device Functions as a TFTP Client

Managing Files When the Device Functions as a TFTP Client

Pre-configuration Tasks

Before connecting to a device as a TFTP client to manage files, complete the following tasks:

  • Ensure that routes are reachable between the current device and the TFTP server.
  • Obtain the host name or IP address of the TFTP server and the directory for storing files to be downloaded or uploaded.

Configuration Procedure

NOTE:

TFTP is insecure and will bring security risks. Using SFTPv2, SCP or FTPS is recommended.

Table 8-32 describes the procedure for managing files when the device functions as a TFTP client.

Table 8-32  Procedure for managing files when the device functions as a TFTP client
No. Task Description Remarks
1 (Optional) Configure the TFTP client source address

Configure the TFTP client source address. To ensure communication security, the source address can be set to a source IP address or source interface.

You can configure the TFTP client source address and TFTP ACL rule in any sequence.
2 (Optional) Configure the TFTP ACL

Configure the ACL rule and TFTP basic ACL to improve TFTP access security.

3 Run TFTP commands to upload or download files

Upload and download files.

Procedure

  • (Optional) Configure the TFTP client source address.

    When specifying the source address in an ACL, use the address of a stable interface, for example, a loopback interface. This simplifies the ACL rule and security policy configuration. After the client source address is configured as the source or destination address in the ACL rule, IP address differences and interface status impact are shielded, and incoming and outgoing packets are filtered.

    Table 8-33  (Optional) Configuring the TFTP client source address
    Operation Command Description
    Enter the system view. system-view -
    Configure the TFTP client source address. tftp client-source { -a source-ip-address | -i interface-type interface-number }

    The TFTP client source address can be set to a source IP address or source interface. If a source interface is specified, configure an IP address for the interface. This is used for establishing TFTP connections.

    By default, the TFTP client source address is the IP address of the outbound interface connecting to the TFTP server, and it is displayed as 0.0.0.0.

  • (Optional) Configure the TFTP ACL.

    An ACL is a list of rules that classify and filter packets according to their source address, destination address, port number, and other values.

    Multiple rules can be defined in an ACL. ACLs are classified into basic ACLs, advanced ACLs, and Layer 2 ACLs.

    TFTP supports only basic ACLs, which are numbered from 2000 to 2999.

    ACL rule:
    • If permit is defined in an ACL rule, the device can establish TFTP connections with any devices that match the rule.

    • If deny is defined in an ACL rule, the device cannot establish TFTP connections with devices that match the rule.

    Table 8-34  (Optional) Configuring the TFTP ACL
    Operation Command Description
    Enter the system view. system-view -
    Create an ACL and enter the ACL view.

    acl [ number ] acl-number

    By default, no ACL is created.

    Configure the ACL rule. rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | fragment | logging | time-range time-name | vpn-instance vpn-instance-name ] *

    By default, no ACL rule is configured.

    NOTE:

    The vpn-instance parameter is supported only when a software-based ACL is applied to the S5720EI, S5720HI, S5720I-SI, S5720S-SI, S5720SI, S5730HI, S5730S-EI, S5730SI, S6720EI, S6720HI, S6720S-EI, S6720S-SI, or S6720SI. For usage scenarios of software-based ACLs, see "ACL Implementations" in the S2720, S5700, and S6720 V200R013C00 Configuration Guide - Security ACL Configuration - ACL Fundamentals.

    Return to the system view. quit -
    Configure the TFTP ACL.

    tftp-server [ ipv6 ] acl acl-number

    -

  • Run TFTP commands to upload or download files.

    Operation Command Description

    IPv4 address

    tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server [ public-net | vpn-instance vpn-instance-name ] { get | put } source-filename [ destination-filename ]
    • get: downloads a file.

    • put: uploads a file.

    IPv6 address

    tftp ipv6 [ -a source-ip-address ] tftp-server-ipv6 [ -oi interface-type interface-number ] { get | put } source-filename [ destination-filename ]
    NOTE:

    The file system limits the number of files in the root directory to 50. Creation of files in excess of this limit in the root directory may fail.

    The source address or interface specified in the tftp command has a higher priority than that specified in the tftp client-source command. If you specify different source addresses or interfaces in the tftp client-source and tftp commands, the source address or interface specified in the tftp command takes effect. The source address or interface specified in the tftp client-source command applies to all TFTP connections. The source address or interface specified in the tftp command applies only to the current TFTP connection.

Verifying the Configuration

  • Run the display tftp-client command to check source address of the TFTP client.
  • Run the display acl { acl-number | all } command to check the ACL configurations of the TFTP client.
Translation
Download
Updated: 2019-04-04

Document ID: EDOC1100066063

Views: 29211

Downloads: 654

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next