< Home

FTP Login Failure

Possible Causes

  • The FTP server is not running.
  • The listening port number of the FTP server is not the default one, and no port number is specified when you log in to the FTP server.
  • The authentication information, authorized directory, and user level of the FTP user are not configured.
  • The number of online FTP users who have logged in to the FTP server reaches the upper threshold.
  • An ACL is configured on the FTP server, and the FTP client IP address is not specified in the ACL.
  • Multiple authentication modes are configured on the FTP server.

Procedure

  1. Check whether the FTP server is running properly.

    Run the display ftp-server command in any view to check the FTP server status.

    • The following information indicates that the FTP server is not running: 
      <HUAWEI> display ftp-server
Info: The FTP server is already disabled.
      Run the ftp server enable command in the system view to start the FTP server.
      <HUAWEI> system-view
[HUAWEI] ftp server enable
Info: Succeeded in starting the FTP server.
    • The following information indicates that the FTP server is running properly:
      <HUAWEI> display ftp-server
   FTP server is running 
   Max user number                 5
   User count                      0
   Timeout value(in minute)        30
   Listening port                  21
   Acl number                      0
   FTP server's source address     0.0.0.0
   FTP SSL policy
   FTP Secure-server is stopped

  2. Check whether the listening port number of the FTP server is the default port number 21.

    1. Run the display tcp status command in any view to check the current TCP port listening status.

      <HUAWEI> display tcp status
TCPCB     Tid/Soid Local Add:port         Foreign Add:port       VPNID  State
2a67f47c  6  /1    0.0.0.0:21            0.0.0.0:0              23553  Listening
2b72e6b8  115/4    0.0.0.0:22             0.0.0.0:0              23553  Listening
3265e270  115/1    0.0.0.0:23             0.0.0.0:0              23553  Listening
2a6886ec  115/23   10.137.129.27:23       10.138.77.43:4053      0      Establish
ed
2a680aac  115/14   10.137.129.27:23       10.138.80.193:1525     0      Establish
ed
2a68799c  115/20   10.137.129.27:23       10.138.80.202:3589     0      Establish
ed

    2. Run the display ftp-server command in any view to check the listening port number of the FTP server.

      <HUAWEI> display ftp-server
   FTP server is running 
   Max user number                 5
   User count                      0
   Timeout value(in minute)        30
   Listening port              21
   Acl number                      0
   FTP server's source address     0.0.0.0
   FTP SSL policy
   FTP Secure-server is stopped

    If the listening port number is not 21, run the ftp server port command to set the listening port number to 21. 

    <HUAWEI> system-view
[HUAWEI] undo ftp server
Warning: The operation will stop the FTP server. Continue? [Y/N]:y
Info: Succeeded in closing the FTP server.
[HUAWEI] ftp server port 21
[HUAWEI] ftp server enable
Info: Succeeded in starting the FTP server.

    Alternatively, enter the port number configured on the server when setting up an FTP connection on the FTP client.

  3. Check whether the authentication information, authorized directory, and user level of the FTP user are correctly configured.

    The FTP user name, password, authorized directory, and user level must be configured. If the FTP authorized directory and user level are not configured, login fails.

    1. Run the aaa command to enter the AAA view.
    2. Run the local-user user-name password irreversible-cipher password command to configure the local FTP user name and password.
    3. Run the local-user user-name ftp-directory directory command to specify an FTP authorized directory for the FTP user.
    4. Run the local-user user-name privilege level level command to set the FTP user level. The user level must be set to 3 or higher to ensure successful connection establishment.

    The service type is optional. By default, the system supports all service types. If you set the service-type parameter, only the service types that you set are available to the FTP user.

    Run the local-user user-name service-type ftp command to set the service types for the FTP user.

  4. Check whether the number of online FTP users who have logged in to the FTP server reaches the upper threshold.

    Run the display ftp-users command to check the number of online FTP users.

  5. Check the ACL rule on the FTP server.

    Run the display [ ipv6 ] ftp-server command to check the ACL rule on the FTP server.

    If an ACL is configured on the FTP server, only IP addresses specified in the ACL can log in to the FTP server.

  6. Check whether multiple authentication modes are configured on the FTP server.

    1. Run the aaa command to enter the AAA view.
    2. Run the display this command to check whether multiple authentication modes are configured. For details, see AAA Configuration.

Parent Topic: Troubleshooting File Management
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >