< Home

Managing Files When the Device Functions as a TFTP Client

Pre-configuration Tasks

Before connecting to a device as a TFTP client to manage files, complete the following tasks:

  • Ensure that routes are reachable between the current device and the TFTP server.
  • Obtain the host name or IP address of the TFTP server and the directory for storing files to be downloaded or uploaded.

Configuration Procedure

TFTP is insecure and will bring security risks. Using SFTPv2, SCP, or FTPS is recommended.

Table 1 describes the procedure for managing files when the device functions as a TFTP client.

Table 1 Procedure for managing files when the device functions as a TFTP client
No. Task Description Remarks
1 (Optional) Configure the TFTP client source address

Configure the TFTP client source address. To ensure communication security, the source address can be set to a source IP address or source interface.

 You can configure the TFTP client source address and TFTP ACL rule in any sequence.
2 (Optional) Configure the TFTP ACL

Configure the ACL rule and TFTP basic ACL to improve TFTP access security.
3 Run TFTP commands to upload or download files

Upload and download files.

Procedure

  • (Optional) Configure the TFTP client source address.

    When specifying the source address in an ACL, use the address of a stable interface, for example, a loopback interface. This simplifies the ACL rule and security policy configuration. After the client source address is configured as the source or destination address in the ACL rule, IP address differences and interface status impact are shielded, and incoming and outgoing packets are filtered.

    Table 2 (Optional) Configuring the TFTP client source address
    Operation Command Description
    Enter the system view. system-view -
    Configure the TFTP client source address. tftp client-source { -a source-ip-address | -i interface-type interface-number }

    The TFTP client source address can be set to a source IP address or source interface. If a source interface is specified, configure an IP address for the interface. This is used for establishing TFTP connections.

    By default, the TFTP client source address is the IP address of the outbound interface connecting to the TFTP server, and it is displayed as 0.0.0.0.

  • (Optional) Configure the TFTP ACL.

    An ACL is a list of rules that classify and filter packets according to their source address, destination address, port number, and other values. An ACL classifies packets based on rules. After the rules are applied to a router, the router determines whether a packet is permitted or denied in accordance with these rules.

    Multiple rules can be defined in an ACL. ACLs are classified into basic ACLs, advanced ACLs, and Layer 2 ACLs.

    TFTP supports only basic ACLs, which are numbered from 2000 to 2999.

    ACL rule:

    • If permit is defined in an ACL rule, the device can establish TFTP connections with any devices that match the rule.

    • If deny is defined in an ACL rule, the device cannot establish TFTP connections with devices that match the rule.

    Table 3 (Optional) Configuring the TFTP ACL
    Operation Command Description
    Enter the system view. system-view -
    Create an ACL and enter the ACL view.

    acl [ number ] acl-number

    By default, no ACL is created.
    Configure the ACL rule. rule [ rule-id ] { deny | permit } [ source { source-address source-wildcard | any } | fragment | logging | time-range time-name | { vpn-instance vpn-instance-name | public } ] *

    By default, no ACL rule is configured.

    NOTE:

    The vpn-instance and public parameter is supported only when a software-based ACL is applied to the S5720-EI, S5720-HI, S5720I-SI, S5720S-SI, S5720-SI, S5735-S, S5735S-S, S5735-S-I, S5730-HI, S5730S-EI, S5730-SI, S5731-H, S5731-S, S5731S-H, S5731S-S, S5732-H, S6720-EI, S6720-HI, S6720S-EI, S6720S-SI, S6720-SI, S6730-H, S6730S-H, S6730-S, or S6730S-S. For usage scenarios of software-based ACLs, see "ACL Implementations" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Security ACL Configuration - ACL Fundamentals.
    Return to the system view. quit -
    Configure the TFTP ACL.

    tftp-server [ ipv6 ] acl acl-number

    		 -

  • Run TFTP commands to upload or download files.

    Operation Command Description

    IPv4 address

    		 tftp [ -a source-ip-address | -i interface-type interface-number ] tftp-server [ public-net | vpn-instance vpn-instance-name ] { get | put } source-filename [ destination-filename ]

    • get: downloads a file.

    • put: uploads a file.

    IPv6 address

    		 tftp ipv6 [ -a source-ip-address ] tftp-server-ipv6 [ -oi interface-type interface-number ] { get | put } source-filename [ destination-filename ]

    The file system limits the number of files in the root directory to 50. Creation of files in excess of this limit in the root directory may fail.

    The source address or interface specified in the tftp command has a higher priority than that specified in the tftp client-source command. If you specify different source addresses or interfaces in the tftp client-source and tftp commands, the source address or interface specified in the tftp command takes effect. The source address or interface specified in the tftp client-source command applies to all TFTP connections. The source address or interface specified in the tftp command applies only to the current TFTP connection.

Verifying the Configuration

  • Run the display tftp-client command to check source address of the TFTP client.
  • Run the display acl { acl-number | all } command to check the ACL configurations of the TFTP client.
Parent Topic: File Management on Other Devices
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >