R3204P16-HP Load Balancing Module System Maintenance Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Configuring authentication and authorization on the FTP server

To allow an FTP user to access certain directories on the FTP server, you need to create an account for the

user, authorize the user to access the directories and configure a password for the user.

Make the following configuration to perform authentication and authorization on a local FTP user. To

authenticate remote FTP users, you need to configure authentication, authorization and accounting

(AAA). For detailed configuration about AAA, see Security Configuration Guide.

In local authentication, the LB module checks the input username and password against those configured

on the LB module. In remote authentication, the LB module sends the input username and password to the

remote authentication server for authentication.

Follow these steps to configure authentication and authorization for FTP server:

To do… Use the command…

Remarks

Enter system view system-view —

Create a local user and

enter its view

local-user user-name

Required

No local user exists by default, and the system

does not support FTP anonymous user access.

Assign a password to

the user

password { simple | cipher }

password

Required

Assign the FTP service to

the user

service-type ftp

Required

By default, the system does not support

anonymous FTP access, and does not assign

any service. If the FTP service is assigned, the

root directory of the LB module is used by

default.

Configure user

properties

authorization-attribute { acl

acl-number | callback-number

callback-number | idle-cut minute

| level level | user-profile

profile-name | vlan vlan-id |

work-directory directory-name } *

Optional

By default, the FTP/SFTP users can access the

root directory of the LB module, and the user

level is 0. You can change the default

configuration by using this command.

NOTE:

• For more information about the local-user, password, service-type ftp, and authorization-attribute

commands, see AAA Commands in

Security Command Reference

• When the LB module serves as the FTP server, to perform the write operations (upload, delete, create,

and delete for example) on the LB module’s file system, the FTP login users must be level 3 users; to

perform other operations, for example, read operation, users of any level from 0 to 3 are allowed.

FTP server configuration example

Network requirements

• As shown in Figure 30, use LB module as an FTP server, and the PC as the FTP client. Their IP

addresses are 1.2.1.1/16 and 1.1.1.1/16 respectively. LB module and PC are reachable to each

other.

• PC keeps the newest boot file of the LB module. Use FTP to upgrade the LB module and back up the

configuration file.