H3C Technologies H3C S7500E Series Switches User Manual

6-13

remote authentication server, which then checks whether they are consistent with those configured on

the device.

Follow these steps to configure authentication and authorization for FTP server:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a local user and

enter its view

local-user user-name

Required

No local user exists by default, and the

system does not support FTP anonymous

user access.

Assign a password to

the user

password { simple | cipher }

password

Required

Assign the FTP service

to the user

service-type ftp

Required

By default, the system does not support

anonymous FTP access, and does not assign

any service. If the FTP service is assigned,

the root directory of the device is used by

default.

Configure user

properties

authorization-attribute { acl

acl-number | callback-number

callback-number | idle-cut minute

| level level | user-profile

profile-name | vlan vlan-id |

work-directory directory-name } *

Optional

By default, the FTP/SFTP users can access

the root directory of the device, and the user

level is 0. You can change the default

configuration by using this command.

z

For more information about the local-user,

password,

service-type ftp, and

authorization-attribute commands, refer to AAA Commands in the Security Command

Reference.

z

When the device serves as the FTP server, if the client is to perform the write operations (upload,

delete, create, and delete for example) on the device’s file system, the FTP login users must be

level 3 users; if the client is to perform other operations, for example, read operation, the device

has no restriction on the user level of the FTP login users, that is, any level from 0 to 3 is allowed.