HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

231

232

233

234

235

236

237

238

239

240

222

Ste

Command

Remarks

3. Use an ACL to control FTP

access to the server.

ftp server acl acl-number

Optional.

By default, no ACL is used for access

control.

4. Configure the idle-timeout

timer.

ftp timeout minutes

Optional.

The default idle-timeout timer is 30

minutes.

If no data is transferred within the

idle-timeout time, the connection is

terminated.

5. Set the file update mode for

the FTP server.

ftp update { fast | normal }

Optional.

By default, normal update is used.

6. Return to user view.

quit N/A

7. Manually release the FTP

connection established with

the specified username.

free ftp user username Optional.

Configuring authentication and authorization

Perform this task on the FTP server to authenticate FTP clients and specify the directories that

authenticated clients can access.

The following authentication modes are available:

• Local authentication—The device looks up the client's username and password in the local user

account database. If a match is found, authentication succeeds.

• Remote authentication—The device sends the client's username and password to a remote

authentication server for authentication. The user account is configured on the remote

authentication server rather than the device.

To assign an FTP user write access (including upload, delete, and create) to the device, assign level-3

(Manage) user privileges to the user. For read-only access to the file system, any user privilege level is

OK.

For more information, see the chapter on AAA configuration in Access Control Configuration Guide..

To configure authentication and authorization for the FTP server:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Create a local user

account and enter

its view.

local-user user-name

By default, no authorized local user account

exists, and the system does not support FTP

anonymous user access.

3. Set a password for

the user account.

password { simple | cipher }

password

N/A

4. Assign FTP service

to the user account.

service-type ftp

By default, no service type is specified. If the

FTP service is specified, the root directory of

the device is by default used.