upgrade { local-ftp-server | local-sftp-server }

Function

The upgrade { local-ftp-server | local-sftp-server } command configures a local file server.

The undo upgrade { local-ftp-server | local-sftp-server } command deletes a local file server.

By default, no local file server is configured.

This command can only be executed on a parent switch.

Format

upgrade { local-ftp-server | local-sftp-server } username username password password

undo upgrade { local-ftp-server | local-sftp-server }

Parameters

Parameter	Description	Value
local-ftp-server	Specifies the file server type as FTP server.	-
local-sftp-server	Specifies the file server type as SFTP server.	-
username username	Specifies the user name for accessing the file server.	The value is a string of 1 to 64 characters. It cannot contain spaces, asterisk, double quotation mark and question mark. NOTE: During local authentication or authorization, run the authentication-mode { local \| local-case } or authorization-mode { local \| local-case } command to configure case sensitivity for user names. If the parameter is set to local, user names are case-insensitive. If the parameter is set to local-case, user names are case-sensitive. Note the following when configuring case sensitivity for user names: Only the user name is case-sensitive and the domain name is case-insensitive. For user security purposes, you cannot configure multiple local users with the user names that differ only in uppercase or lowercase. For example, after configuring ABC, you cannot configure Abc or abc as the user name. When a device is upgraded from V200R011C10 or an earlier version to a version later than V200R011C10, all local user names in the original configuration file are saved in lowercase. When a configuration file that is manually configured or generated using the third-party tool is used for configuration restoration, local user names that differ only in uppercase or lowercase are considered as one user name and the first one among these local user names is used.
password password	Specifies the password for accessing the file server.	The value is a string of case-sensitive characters without spaces. By default, the value is a string of 8 to 128 characters or 48 to 188 characters. You can enter a password in plain text or cipher text. The password is displayed in cipher text in the configuration file regardless of whether the password is input in plain or cipher text. The password in plain text is a string of 8 to 128 characters. The password in cipher text is a string of 48 to 188 characters. The password in cipher text cannot be generated using the irreversible algorithm. The newly configured password cannot be the default password admin@huawei.com of local users.

Views

uni-mng view

Default Level

3: Management level

Usage Guidelines

Usage Scenario

In an AS automatic upgrade or in-service AS batch upgrade, you need to download the version file or patch file from the parent. Before the upgrade, you need to configure the parent as an FTP/SFTP server. The AS then can work as a client to download files from the FTP/SFTP server.

Precautions

The files used to upgrade an AS are often saved in the root directory unimng/ of the parent. These files can also be saved on an AS when the AS is upgraded or downgraded to the software version that is consistent with that of the parent.
FTP has potential security risks, and so SFTP is recommended. If you want to use FTP, you are advised to configure ACLs to improve security. For details, see Configure the FTP ACL in "File Management" in the S2720, S5700, and S6700 V200R019C10 Configuration Guide - Basic Configuration.
When the file server is an FTP server, the FTP service is automatically enabled and an FTP user is created on the parent, removing the need to perform the FTP configuration.
When the file server type is set to SFTP, the SFTP service is not automatically enabled and no SFTP user is created on the parent. You need to manually pre-configure SFTP on the parent.
After the upgrade { local-ftp-server | local-sftp-server } command is executed, the same user name and password configuration is also generated in the AAA view. If you modify the configured local user information (the user password for example) in AAA view, the version management function does not take effect.
If information about a user already exists in the AAA view, running this command to create the same user will change the user password in the AAA view to the configured password and change the user level to level 3. Changing the user password is allowed only when the user level of the user running this command is higher or equal to the user level configured in the AAA view. Otherwise, the command does not take effect.
Running this command multiple times to create new users will delete previous user information. Previous user information can be deleted only when the user level of the user running this command is higher or equal to the user level configured in the AAA view. Otherwise, the command does not take effect.
If a remote authentication server is used for AAA authentication, the user name and password configured using this command must also be configured on the remote authentication server.
If a remote authentication server is used for AAA authentication and the remote authentication server does not support FTP or SFTP, ASs will fail to be authenticated. In this case, run the authentication-scheme authentication-scheme-name command in the AAA view to create an authentication scheme and run the authentication-mode local command in the authentication scheme view to set the authentication mode to local authentication. Then, run the domain command in the AAA view to create a domain and run the authentication-scheme authentication-scheme-name command in the AAA domain view to apply the created authentication scheme to the domain. ASs can be authenticated when they use the newly created domain for local authentication.

Example

# Set the local file server type to FTP server.

<HUAWEI> system-view
[HUAWEI] uni-mng
[HUAWEI-um] upgrade local-ftp-server username test password Pwd@12345