Configuring the tftp client – H3C Technologies H3C SecPath F1000-E User Manual
Page 224
213
Table 35 Configuration when the device serves as the TFTP client
Device Configuration
SecPath (TFTP client)
•
Configure the IP address and routing function, and make sure that the
route between the device and the TFTP server is available.
•
Use the tftp command to establish a connection to the remote TFTP
server to upload/download files to/from the TFTP server
PC (TFTP server)
Enable TFTP server on the PC, and configure the TFTP working directory.
Configuring the TFTP client
When the firewall acts as a TFTP client, you can upload a file on the firewall to a TFTP server and
download a file from the TFTP server to the local device. You can use either of the following methods to
download a file:
•
Normal download: The firewall writes the obtained file to the storage medium directly. If you
download a remote file using a filename destination-filename that exists in the target directory, the
firewall deletes the original file and saves the new one. If file download fails due to network
disconnection or other reasons, the original file will never recover because it has been deleted.
•
Secure download: The firewall saves the obtained file to its memory and does not write it to the
storage medium until the whole file is obtained. If you download a remote file using a filename
destination-filename that exists in the target directory, the original file is not overwritten. If file
download fails due to network disconnection or other reasons, the original file still exists. This mode
is more secure but consumes more memory.
H3C recommends that you use the secure mode or, if you use the normal mode, specify a filename
inexistent in the target directory.
When using the tftp client source or tftp command, you can specify the source interface (such as a
loopback interface) or source IP address. The primary IP address of the specified source interface or the
specified source IP address is used as the source IP address of sent TFTP packets.
The TFTP client follows these rules to select the source IP address of packets sent to the TFTP server:
•
If no source IP address is specified, the IP address of the output interface of the route to the server
is used as the source IP address.
•
The source IP address specified with the tftp client source or tftp command is used.
•
If you first use the tftp client source command to specify a source IP address and then use the tftp
command to specify another source IP address, the latter is used.
•
The source IP address specified with the tftp client source command applies to all TFTP connections
while the one specified with the tftp command applies to the current TFTP connection only.
To configure the TFTP client:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Use an ACL to control the
device’s access to TFTP
servers.
tftp-server [ ipv6 ] acl acl-number
Optional.
By default, no ACL is used to
control the device’s access to
TFTP servers.
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS