FTP Login Failure

Procedure

1. Check whether the FTP server is running properly.

   Run the display ftp-server command in any view to check the FTP server status.

   • The following information indicates that the FTP server is not running:

     <HUAWEI> display ftp-server
     Info: The FTP server is already disabled.

     Run the ftp server enable command in the system view to start the FTP server.

     <HUAWEI> system-view
     [HUAWEI] ftp server enable
     Info: Succeeded in starting the FTP server.

   • The following information indicates that the FTP server is running properly:

     <HUAWEI> display ftp-server
        FTP server is running 
        Max user number                 5
        User count                      0
        Timeout value(in minute)        30
        Listening port                  21
        Acl number                      0
        FTP server's source address     0.0.0.0
        FTP SSL policy
        FTP Secure-server is stopped

2. Check whether the listening port number of the FTP server is the default port number 21.

   1. Run the display tcp status command in any view to check the current TCP port listening status.

      <HUAWEI> display tcp status
      TCPCB     Tid/Soid Local Add:port         Foreign Add:port       VPNID  State
      2a67f47c  6  /1    0.0.0.0:21            0.0.0.0:0              23553  Listening
      2b72e6b8  115/4    0.0.0.0:22             0.0.0.0:0              23553  Listening
      3265e270  115/1    0.0.0.0:23             0.0.0.0:0              23553  Listening
      2a6886ec  115/23   10.137.129.27:23       10.138.77.43:4053      0      Establish
      ed
      2a680aac  115/14   10.137.129.27:23       10.138.80.193:1525     0      Establish
      ed
      2a68799c  115/20   10.137.129.27:23       10.138.80.202:3589     0      Establish
      ed
      

   2. Run the display ftp-server command in any view to check the listening port number of the FTP server.

      <HUAWEI> display ftp-server
         FTP server is running 
         Max user number                 5
         User count                      0
         Timeout value(in minute)        30
         Listening port              21
         Acl number                      0
         FTP server's source address     0.0.0.0
         FTP SSL policy
         FTP Secure-server is stopped

   If the listening port number is not 21, run the ftp server port command to set the listening port number to 21.

   <HUAWEI> system-view
   [HUAWEI] undo ftp server
   Warning: The operation will stop the FTP server. Continue? [Y/N]:y
   Info: Succeeded in closing the FTP server.
   [HUAWEI] ftp server port 21
   [HUAWEI] ftp server enable
   Info: Succeeded in starting the FTP server.

   Alternatively, enter the port number configured on the server when setting up an FTP connection on the FTP client.

3. Check whether the authentication information, authorized directory, and user privilege level of the FTP user are correctly configured.

   The FTP user name, password, authorized directory, and user privilege level must be configured. If the FTP authorized directory and user privilege level are not configured, login fails.

   1. Run the aaa command to enter the AAA view.
   2. Run the local-user user-name password irreversible-cipher password command to configure the local FTP user name and password.
   3. Run the local-user user-name ftp-directory directory command to specify an FTP authorized directory for the FTP user.
   4. Run the local-user user-name privilege level level command to set the FTP user privilege level. The user privilege level must be set to 3 or higher to ensure successful connection establishment.

   The service type is optional. By default, the system supports all service types. If you set the service-type parameter, only the service types that you set are available to the FTP user.

   Run the local-user user-name service-type ftp command to set the service types for the FTP user.

4. Check whether the number of online FTP users who have logged in to the FTP server reaches the upper threshold.

   Run the display ftp-users command to check the number of online FTP users.

5. Check the ACL rule on the FTP server.

   Run the display [ ipv6 ] ftp-server command to check the ACL rule on the FTP server.

   If an ACL is configured on the FTP server, only IP addresses specified in the ACL can log in to the FTP server.

6. Check whether multiple authentication modes are configured on the FTP server.
   1. Run the aaa command to enter the AAA view.
   2. Run the display this command to check whether multiple authentication modes are configured. For details, see AAA Configuration.