The implementation of an FTP server within the enterprise network allows for effective backup and retrieval of important system and user files, which may be used to maintain the daily operation of an enterprise network. Typical examples of how an FTP server may be applied include the backing up and retrieval of VRP image and configuration files. This may also include the retrieval of log files from the FTP server to monitor the FTP activity that has occurred
The transfer of FTP files relies on two TCP connections. The first of these is a control connection which is set up between the FTP client and the FTP server. The server enables common port 21 and then waits for a connection request from the client. The client then sends a request for setting up a connection to the server. A control connection always waits for communication between the client and the server, transmits related commands from the client to the server, as well as responses from the server to the client.
The server uses TCP port 20 for data connections. Generally, the server can either open or close a data connection actively. For files sent from the client to the server in the form of streams, however, only the client can close a data connection. FTP transfers each file in streams, using an End of File (EOF) indicator to identify the end of a file. A new data connection is therefore required for each file or directory list to be transferred. When a file is being transferred between the client and the server, it indicates that a data connection is set up
There are two FTP transmission modes which are supported by Huawei, these are ASCII mode and binary mode. ASCII mode is used for text, in which data is converted from the sender's character representation to "8-bit ASCII" before transmission. Put simply, ASCII characters are used to separate carriage returns from line feeds. In binary mode the sender sends each file byte for byte. This mode is often used to transfer image files and program files for which characters can be transferred without format converting.
Implementing the FTP service is achievable on both the AR2200 series router and S5700 series switch, for which the service can be enabled through the ftp server enable command. After the FTP server function is enabled, users can manage files in FTP mode. The set default ftp-directory command sets the default working directory for FTP users. Where no default FTP working directory is set, the user will be unable to log into the router, and will instead be prompted with a message notifying that the user has no authority to access any working directory.
Access to the FTP service can be achieved by assigning individual user login to manage access on a per user basis. AAA is used to configure local authentication and authorization. Once the AAA view is entered, the local user can be created, by defining a user account and password. The account is capable of associating with a variety of services, which are specified using the service-type command, to allow for the ftp service type to be supported by AAA.
If the ftp directory of the user should vary from the default directory, the ftpdirectory command can be used to specify the directory for the user. If the number of active connections possible with a local user account is to be limited, the access-limit command can be applied. This can range from 1 to 800, or unlimited where an access limit is not applied.
The configuration of an idle timeout helps to prevent unauthorized access in the event that a session window is left idle for a period of time by a user. The idle timeout command is defined in terms of minutes and seconds, with an idle timeout of 0 0 representing that no timeout period is applied. Finally the privilege level defines the authorized level of the user in terms of the commands that can be applied during ftp session establishment. This can be set for any level from 0 through to 15, with a greater value indicating a higher level of the user.
Following configuration of the FTP service on the FTP server, it is possible for users to establish a connection between the client and the server. Using the ftp command on the client will establish a session through which the AAA authentication will be used to validate the user using AAA password authentication. If correctly authenticated, the client will be able to configure as well as send/retrieve files to and from the FTP server
SUMMARY
In order for the control connection and data connection of the FTP service to be established successfully, TCP ports 20 and 21 must be enabled.
When a user is considered to have no authority to access any working directory, a default FTP directory needs to be defined. This is done by using the command set default ftp-directory <directory location>, where the directory name may be, for example, the system flash.