ftp
Function
The ftp command sets up a control connection with the remote FTP server and displays the FTP client view.
Format
# Set up an FTP connection based on IPv4.
ftp [ [ -a source-ip-address | -i interface-type interface-number ] host [ port-number ] [ public-net | vpn-instance vpn-instance-name ] ]
# Set up an FTP connection based on IPv6.
ftp ipv6 host [ port-number ]
Parameters
| Parameter | Description | Value |
|---|---|---|
-a source-ip-address |
Specifies the IPv4 address of the local device. An IP address that has been configured on the device is used as the IPv4 address. It is recommended that an IP address be configured on the loopback interface and then used as the source IP address of the FTP connection. On an IPv4 network, the source IP address specified using the ftp command takes precedence over the source IP address specified using the ftp client-source command. If the ftp command is run after a source IP address has been specified using the ftp client-source command, the source IP address specified using the ftp command is used for communication. The source IP address specified using the ftp client-source command is available for all FTP connections; the source IP address specified using the ftp command is available only for the current FTP connection. |
- |
-i interface-type interface-number |
Specifies the source interface for the FTP client, including the type and number of the interface. The IP address configured in this interface view is the source IP address of the packet. If no IP address is configured for the source interface, the FTP connection cannot be set up. Setting the loopback interface as the source IP address is recommended. |
- |
host |
Specifies the IP address or the name of the remote FTP server. |
The value is a string of case-insensitive characters, spaces not supported.
When double quotation marks are used around the string, spaces are allowed in the string. |
port-number |
Specifies the listening port number of the FTP server. By default, the listening port number of a Telnet server is 21. You can directly log in to the device without specifying the port number. Attackers may access the default listening port, consuming bandwidth, deteriorating server performance, and causing authorized users unable to access the server. You can run the ftp command to change the listening port number of the Telnet server. After that, attackers do not know the new listening port number, preventing attackers from accessing the listening port. |
The value ranges from 1 to 65535. By default, the port number is 21. |
public-net |
Specifies the public network where the FTP server resides. If the IP address of the FTP server is a public network IP address, the ftp command must contain the parameter public-net. |
- |
vpn-instance vpn-instance-name |
Specifies the name of a VPN instance to which the FTP server belongs.
|
The value must be the name of an existing VPN instance. |
Usage Guidelines
Usage Scenario
An FTP client can access an FTP server after setting up a connection with the FTP server. The ftp command can be used to set up an FTP connection between the FTP client and FTP server.
Prerequisites
- The ftp server enable command has been run on the FTP server to enable the FTP server function and allow FTP users to log in.
- The FTP server and FTP client are routable.
Configuration Impact
After logging in to the FTP server from the FTP client, you can remotely manage files on the FTP server.
If the parameter -a or -i is specified in the ftp command running on an IPv4 network, when configuring ACL rules, configure the source IP address specified in the ftp command as the source IP address of the ACL rules, which simplifies the configuration of ACL rules and security policies. Consequently, packets unmatching the rules are filtered out and the device security is improved.
Follow-up Procedure
If the number of login users on an FTP server reaches the upper limit, new authorized users cannot log in to the FTP server. To ensure that new authorized users can log in to the FTP server, login users need to close the FTP connection after performing the FTP function. Run the following commands in the FTP client view as required:
- Run the bye or quit (FTP client view) command to close the connection with the FTP server and return to the user view.
- Run the close or disconnect command to close the connection with the FTP server, terminate the FTP session, and stay in the user view.
Precautions
- After the FTP command is run, the system prompts you to enter the user name and password for logging in to the FTP server. You can log in to the FTP server and enter the FTP client view only after the correct user name and password are entered.
- If no parameter is specified in the FTP command, only the FTP view is displayed, and the connection with the FTP server is not set up.
Parameter vpn-instance default is configured on GE0/0/0 by default. When GE0/0/0 is used for FTP file transfer, parameter vpn-instance default must be specified in the configuration command. The command is ftp -a source-ip-address host [ port-number ] vpn-instance default.