Ftp server configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

9

Configuring Authentication and Authorization on the FTP
Server

To allow an FTP user to access certain directories on the FTP server, you need to create an account for the

user, authorizing access to the directories and associating the username and password with the account.
The following configuration is used when the FTP server authenticates and authorizes a local FTP user. If

the FTP server needs to authenticate a remote FTP user, you need to configure authentication,

authorization and accounting (AAA) policy instead of the local user. For detailed configuration, refer to

RADIUS Configuration in the Firewall Web Configuration Manual.
Follow these steps to configure authentication and authorization for FTP server:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Create a local user and

enter its view

local-user user-name

Required
No local user exists by default, and the system

does not support FTP anonymous user access.

Assign a password to
the user

password { simple | cipher }
password

Required

Assign the FTP service to
the user

service-type ftp

Required
By default, the system does not support
anonymous FTP access, and does not assign

any service. If the FTP service is assigned, the

root directory of the device is used by default.

Configure user
properties

authorization-attribute { acl
acl-number | callback-number
callback-number | idle-cut
minute | level level |
user-profile profile-name | vlan
vlan-id | work-directory

directory-name } *

Optional
By default, the FTP/SFTP users can access the
root directory of the device, and the user level

is 0. You can change the default configuration
by using this command.

NOTE:

When the device serves as the FTP server, if the client is to perform the write operations (upload, delete,
create, and delete for example) on the device’s file system, the FTP login users must be level 3 users; if the

client is to perform other operations, for example, read operation, the device has no restriction on the user

level of the FTP login users, that is, any level from 0 to 3 is allowed.

FTP Server Configuration Example

Network requirements

•

As shown in

Figure 3

, use Device as an FTP server, and the PC as the FTP client. Their IP addresses

are 1.2.1.1/16 and 1.1.1.1/16 respectively. Device and PC are reachable to each other.

•

PC keeps the updated startup file of the device. Use FTP to upgrade the device and back up the
configuration file.

•

Set the username to ftp and the password to pwd for the FTP client to log in to the FTP server.