Managing Files When the Device Functions as an FTP Server

Pre-configuration Tasks

Before connecting to the FTP server to manage files, complete the following tasks:

Ensure that routes are reachable between the terminal and the device.
Ensure that the terminal functions as the FTP client.

Configuration Procedure

The FTP protocol brings security risks. Therefore, the SFTPv2, SCP, or FTPS mode is recommended.

Table 1 describes the procedure for managing files when the device functions as an FTP server.

**Table 1** Managing files when the device functions as an FTP server
No.	Task	Description	Remarks
1	Set FTP server parameters	Configure FTP server parameters including the port number, source address, and timeout duration.	Perform these three steps in any sequence.
2	Configure local FTP user information	Configure local FTP user information including the service type, user level, and authorized directory.
3	(Optional) Configure the FTP ACL	Configure the ACL rule and FTP basic ACL to improve FTP access security.
4	Connect to the device using FTP	Connect to the device using FTP on the terminal.	-

Default Parameter Settings

**Table 2** Default parameter settings
Parameter	Default Setting
FTP server function	Disabled
Listening port number	21
FTP user	No local user is created.

Procedure

Set FTP server parameters.

**Table 3** Setting FTP server parameters
Operation	Command	Description
Enter the system view.	system-view	-
(Optional) Specify a port number for the FTP server.	ftp [ ipv6 ] server port port-number	The default port number is 21. If a new port number is configured, the FTP server disconnects all FTP clients and uses this new port number to listen for connection requests. Attackers do not know the port number and cannot access the listening port of the FTP server.
Enable the FTP server function.	ftp [ ipv6 ] server enable	By default, the FTP server function is disabled.
(Optional) Configure the source address of the FTP server.	ftp server-source { -a source-ip-address \| -i interface-type interface-number }	This configuration helps to improve device security by filtering both incoming and outgoing packets. After the source address of the FTP server is configured, you must enter this address to log in to the FTP server.
(Optional) Configure the timeout duration of the FTP server.	ftp [ ipv6 ] timeout minutes	By default, the idle timeout duration is 10 minutes. If no operation is performed on the FTP server during the timeout duration, the FTP client automatically disconnects from the FTP server.

If the FTP service is enabled, the port number of the FTP service cannot be changed. To change the port number, run the undo ftp [ ipv6 ] server command to disable the FTP service first.
After operations on files are complete, run the undo ftp [ ipv6 ] server to disable the FTP server function to ensure the device security.

Configure local FTP user information.

Before performing operations on files using FTP, configure the local user name and password, service type, and authorized directory on the FTP server.

**Table 4** Configuring local FTP user information
Operation	Command	Description
Enter the system view.	system-view	-
Enter the AAA view.	aaa	-
Configure the local user name and password.	local-user user-name password irreversible-cipher password	-
Configure the local user level.	local-user user-name privilege level level	NOTE: The user level must be set to 3 or higher to ensure successful connection establishment.
Configure the service type for local users.	local-user user-name service-type ftp	By default, a local user can use any access type.
Configure an authorized directory.	local-user user-name ftp-directory directory	By default, the FTP directory of a local user is empty. When multiple FTP users use the same authorized directory, you can use the set default ftp-directory directory command to configure a default directory for these FTP users. In this case, you do not need run the local-user user-name ftp-directory directory command to configure an authorized directory for each user.

(Optional) Configure an ACL for the FTP server.

An ACL is a list of rules that classify and filter packets according to their source address, destination address, port number, and other values. ACL rules are used to classify packets. After these rules are applied to routing devices, the routing devices determine the packets to be received and rejected.

Users can configure a basic ACL to allow only specified clients to connect to the FTP server.

The ACL rules are as follows:

When permit is used in the ACL rule, devices that match the ACL rule can establish FTP connections with the local device.
When deny is used in the ACL rule, devices that match the ACL rule cannot establish FTP connections with the local device.
When the ACL rule is configured but packets from devices do not match the rule, other devices cannot establish FTP connections with the local device.
When the ACL contains no rule, any device can establish FTP connections with the local device.

**Table 5** (Optional) Configuring an ACL for the FTP server
Operation	Command	Description
Enter the system view.	system-view	-
Enter the ACL view.	acl [ number ] acl-number	-
Configure the ACL rule.	rule [ rule-id ] { deny \| permit } [ source { source-address source-wildcard \| any } \| fragment \| logging \| time-range time-name \| { vpn-instance vpn-instance-name \| public } ] ^*	-
Return to the system view.	quit	-
Configure a basic ACL for the FTP server.	ftp [ ipv6 ] acl acl-number	-

Connect to the device using FTP.
Users can use the Windows CLI or third-party software to connect to the device from a terminal using FTP. The following describes how to connect to the device using commands in the Windows CLI:
- Run the ftp ip-address command to connect to the device using FTP.
  
  In the preceding command, ip-address indicates the IP address configured on the device. Routes between the terminal and the device are reachable.
- Enter the user name and password as prompted and press Enter. If command prompt ftp> is displayed in the FTP client view, the user accesses the working directory on the FTP server. (The following information is only for reference.)
```
C:\Documents and Settings\Administrator> ftp 192.168.150.208Connected to 192.168.150.208220 FTP service ready.User(192.168.150.208:(none)):huawei331 Password required for huawei.Password:230 User logged in.ftp>
```

Run FTP commands to perform file-related operations.

After connecting to the FTP server, users can run FTP commands to perform file-related operations including performing operations on directories and files, configuring the file transfer mode, and viewing the online help about FTP commands.

User rights are configured on the FTP server.

The file system limits the number of files in the root directory to 50. Creation of files in excess of this limit in the root directory may fail.

Users can perform the following operations in any sequence.

**Table 6** Running FTP commands to perform file-related operations
Operation	Command	Description
Change the working directory on the server.	cd remote-directory	-
Change the current working directory to its parent directory.	cdup	-
Display the working directory on the server.	pwd	-
Display or change the local working directory.	lcd [ local-directory ]	The lcd command displays the local working directory on the client, and the pwd command displays the working directory on the remote server.
Create a directory on the server.	mkdir remote-directory	The directory name can consist of letters and digits. The following special characters are not supported: < > ? \ :
Delete a directory from the server.	rmdir remote-directory	-
Display information about the specified directory or file on the server.	dir/ls [ remote-filename [ local-filename ] ]	The ls command displays only the directory or file name, whereas the dir command displays detailed directory or file information such as name, size, and creation date. If no directory is specified in the command, the system searches for the file in the user's authorized directories.
Delete a file from the server.	delete remote-filename	-
Upload one or more files.	put local-filename [ remote-filename ] Or mput local-filenames	To upload a file, run the put command. To upload multiple files, run the mput command.
Download one or more files.	get remote-filename [ local-filename ] Or mget remote-filenames	To download a file, run the get command. To download multiple files, run the mget command.
Set the file transfer mode to ASCII or Binary.	ascii Or binary	Select either of them. The default file transfer mode is ASCII. The ASCII mode is used to transfer text files, and the binary mode is used to transfer programs, system software, and database files.
Set the data transmission mode to passive or active.	passive Or undo passive	Select either of them. The default data transmission mode is active.
View the online help about FTP commands.	remotehelp [ command ]	-
Enable the system prompt function.	prompt	By default, the prompt function is disabled.
Enable the verbose function.	verbose	After the verbose function is enabled, all FTP response messages are displayed on the FTP client.

(Optional) Change the login user.

The current user can switch to another user in the FTP client view. The new FTP connection is the same as that established by running the ftp command.

Operation	Command	Description
Change the current user in the FTP client view.	user user-name [ password ]	When the login user is switched to another user, the original user is disconnected from the FTP server.

Disconnect the FTP client from the FTP server.

Users can run different commands in the FTP client view to disconnect the FTP client from the FTP server.

Operation	Command	Description
Disconnect the FTP client from the FTP server and return to the user view.	bye or quit	Select one of them.
Disconnect the FTP client from the FTP server and return to the FTP client view.	close or disconnect	Select one of them.

Verifying the Configuration

Run the display [ ipv6 ] ftp-server command to check the FTP server configuration and status.
Run the display ftp-users command to view information about the FTP users who log in to the FTP server.