Configuring authentication and authorization – H3C Technologies H3C S12500 Series Switches User Manual
Page 87
75
Step Command
Remarks
3.
Use an ACL to control FTP
clients' access to the device.
ftp server acl acl-number
Optional.
By default, no ACL is used to control
FTP clients' access to the device.
4.
Configure the idle-timeout
timer.
ftp timeout minutes
Optional.
30 minutes by default.
Within the idle-timeout time, if there is
no information interaction between
the FTP server and client, the
connection between them is
terminated.
5.
Set the file update mode for
the FTP server.
ftp update { fast | normal }
Optional.
Normal update is used by default.
6.
Return to user view.
quit
N/A
7.
Manually release the FTP
connection established with
the specified username.
free ftp user username
Optional.
Configuring authentication and authorization
Perform this task on the FTP server to authenticate FTP clients and specify the directories that
authenticated clients can access.
The following authentication modes are available:
•
Local authentication—The device looks up the client's username and password in the local user
account database. If a match is found, authentication succeeds.
•
Remote authentication—The device sends the client's username and password to a remote
authentication server for authentication. If this method is used, the user account is configured on the
remote authentication server rather than the device.
To assign an FTP user write access (including upload, delete, and create) to the device, assign level-3
(Manage) user privileges to the user. For read-only access to the file system, any user privilege level is
OK.
For more information, see the chapter on AAA configuration in Security Configuration Guide.
To configure authentication and authorization for FTP server:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create a local user
and enter its view. local-user user-name
No FTP authorized local user exists by default,
and the system does not support FTP
anonymous user access.
3.
Assign a password
to the user.
password { simple | cipher }
password
N/A