Example: Enabling FTP Lines

This example shows you how to enable FTP lines.

Requirements

This example uses the following software and hardware components:

Overview

To transfer files by the system’s FTP server, you must configure the FTP server and ensure that FTP client software is installed on the network host.

FTP sessions on the E Series router use the virtual terminal (vty) lines. The E Series router divides its vty resources between Telnet, SSH, and FTP services. Each FTP session requires one vty line. The FTP service uses the authentication method configured for the vty lines.

Topology

Figure 23 shows the scenario for this configuration example.

Figure 23: FTP Configuration Example

FTP Configuration Example

In this example, two FTP lines are required for administrators on the data center subnet, and two more lines are required for users on the POP subnet. The system verifies passwords of administrators on the data center subnet through either a RADIUS server or through simple line authentication if the RADIUS server is unreachable. However, the system verifies passwords of users on the POP subnet only through the RADIUS server.

Enabling the FTP Lines

Step-by-Step Procedure

The following example shows all steps for configuring this scenario, from specifying a RADIUS server to enabling the FTP line:

  1. Configure the RADIUS server.
    host1(config)#radius authentication server 10.6.131.51 host1(config-radius)#key abc123 host1(config-radius)#udp-port 1645
  2. Configure two access lists—one named “ DataCenter,” permitting only the data center subnet, and one named “ Pops,” permitting only the POP subnet.
    host1(config)#access-list DataCenter permit 10.6.128.0 255.255.128.0 host1(config)#access-list DataCenter deny any host1(config)#access-list Pops permit 199.125.128.0 255.255.128.0 host1(config)#access-list Pops deny any
  3. Configure two authentication method lists, named “ RadiusAndLine” and “ RadiusOnly.”
    host1(config)#aaa new-model host1(config)#aaa authentication login RadiusAndLine radius line host1(config)#aaa authentication login RadiusOnly radius
  4. Configure two FTP lines to be used by data center administrators.
    host1(config)#line vty 0 1 host1(config-line)#password foobar host1(config-line)#access-class DataCenter in host1(config-line)#login authentication RadiusAndLine
  5. Configure the remaining FTP lines to be used by POP administrators.
    host1(config)#line vty 2 4 host1(config-line)#password foobar host1(config-line)#access-class Pops in host1(config-line)#login authentication RadiusOnly
  6. Enable the FTP server. For more information, see Enabling the FTP Server.
    host1(config)#ftp-server enable

Related Documentation