Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Transferring Files

    This topic describes the following:

    File Transfer Overview

    You may need to transfer files between the following locations:

    • System space
    • User space
    • Network host
    • Standby SRP module

    You can transfer files in any of three ways: the copy command, the system’s FTP server, or a remote host that is configured as an FTP or a Trivial File Transfer Protocol (TFTP) server. See Types of Files Transferred Using the copy Command for the types of files that you can transfer between the locations using the copy command, which activates a hidden FTP or TFTP client on the E Series router.

    You can use the system’s FTP server to transfer files between a network host and the user space. When a firewall separates the E Series router from the network host, you must use the FTP server to transfer files to the user space. You can then install the files from the user space to the system space by using the copy command. However, if there is no firewall between the E Series router and the network host, you can use the copy command, the remote FTP server, or the remote TFTP server to transfer files.

    For example, you can transfer a file from a network host to an E Series router through FTP, and then transfer the file through the copy command from the E Series router to other E Series routers. See Figure 1.

    Figure 1: Transferring System Files to the E Series Router

    Transferring System Files to the E Series
Router

    File Transfer Protocols References

    For more information about file transfer protocols, consult the following resources:

    • RFC 959—File Transfer Protocol (FTP) (October 1985)
    • RFC 1350—Trivial File Transfer Protocol (TFTP) (Revision 2) (July 1992)

    Overview of Copying and Redirecting Files

    You have two options for copying or redirecting files to or from a remote FTP or TFTP server:

    • Include all remote file data in the copy command. You can specify remote files using the URL format and the file redirect option for the related show commands.
    • Use the host command to define the host and the appropriate file transfer protocol. FTP is the default if you do not specify a file transfer protocol or when Domain Name System (DNS) service is used to map IP addresses to the hostname.

    If you include the remote file data, the copy command contains a source and destination filename, either of which (but not both) can be remote files. The following URL format is supported for both source and destination files:

    protocol://[username [:password]@]location[/directory]/filename

    The location can be a hostname or an IP address.

    The two versions of the URL format are as follows:

    ftp://[username[:password ]@]location[/directory]/filenametftp://location[/directory]/filename

    Note: The TFTP protocol does not support username and password. Entering a username and password in the TFTP version results in a command error.

    The protocol specified in the command always overrides the protocol associated with the host entry, if any, in the host table. Some protocols, such as FTP, require a username and password with each request. For the URL version of the copy command, the following sequence is followed:

    • If the command contains a username, the username and password specified in the command are used. The password null is used if the command does not contain a password.
    • If the location in the URL is a hostname with a corresponding host entry (created by the host command), the username and password of the host entry are used. A host entry that is created without an explicit username is created with the default username of anonymous and password of null.

    The location is the IP address or hostname of the remote file server. The directory/filename is the full path of the file relative to the user login root path.

    The characters in the URL format can be encoded. Any of the delimiter characters can be used in the host, username, password, and directory and file fields when added as encoded characters. The encoded characters must be three characters, starting with a percent and followed by the two hexadecimal digits that are the ASCII equivalent. The system converts all printable characters before passing them to the protocol support. Unprintable characters (0-012F and 0x7f-0x7F) are not converted and are passed directly to the protocol. Printable characters (0x20– 0x7E) are decoded and all others (0x80–0xFF) are rejected.

    In the following example, the username contains the @ delimiter character encoded as %40, and the directory passed to the FTP protocol layer is /dirA/dirB/dirC. The delimiter between the hostname and directory is a forward slash (/) character. To add a slash to the start of the directory specification, add the encoded slash after the host and directory delimiter.

    ftp://user%40%40name:pwd@mary/%2fdirA/dirB/dirc/fileA

    In the following example, the directory passed to the FTP protocol layer is dirA/dirB/dirC.

    ftp://username:pwd@mary/dirA/dirB/dirc/fileA

    Types of Files Transferred Using the copy Command

    Table 1 shows the types of files that you can transfer between the locations by using the copy command.

    Table 1: File Types You Can Transfer Using the copy Command

    Destination

    Source

    System

    User Space

    (Linked Files and Unlinked Files)

    Network Host Within a Firewall

    Standby SRP Module

    System

    *.cnf

    *.hty (excluding reboot.hty)

    *.log (excluding system.log)

    *.mac

    *.scr

    *.txt

    *.cnf

    *.hty

    *.log

    *.mac

    *.pub

    *.scr

    *.txt

    *.cnf

    *.dmp

    *.hty

    *.log

    *.mac

    *.pub

    *.scr

    *.sts

    *.txt

    None

    User Space

    *.cnf

    *.hfx

    *.mac

    *.rel

    *.scr

    *.txt

    *.cnf

    *.hfx

    *.hty

    *.log

    *.mac

    *.pub

    *.rel
    ( *.rel file only, not files associated with the *.rel file)

    *.scr

    *.txt

    Nonsystem files

    None

    None

    Network Host Within a Firewall

    *.cnf

    *.hfx

    *.mac

    *.rel

    *.scr

    *.txt

    None

    None

    None

    Standby SRP Module

    system.log

    reboot.hty

    system.log

    reboot.hty

    *.dmp

    system.log

    reboot.hty

    *.dmp

    None

    Transferring Files Between the System Space and a Network Host

    To transfer files using the copy command between the system space and a network host:

    1. Determine whether there is a route to the network host, and create one if necessary. See JunosE IP, IPv6, and IGP Configuration Guide.
    2. Configure the network host as an FTP server, or use a remote host that is configured as a TFTP server.

      Note: This command takes place in the context of the current virtual router rather than the default virtual router. You must configure the FTP server so that any traffic destined for the virtual router can reach the virtual router; typically, you configure the FTP server to reach the default address of the E Series router, which will always be able to reach the virtual router.

    3. Add the FTP server to the static host table, and specify the file transport protocol (FTP or TFTP), so that the E Series router can access the network host. For more information, see Adding or Modifying an Entry in the Host Table.
    4. (Optional) Specify a source interface to use in FTP packets leaving the router. For more information, see Configuring the Source Interface for FTP Packets.
    5. Copy the files. For more information, see Copying a File and Example: Copying a File Using the copy Command.

    Copying a File

    You can use the copy command to copy a file from one location to another. In the copy command, you can specify the following:

    • A network path to copy to or from another device on the network.
    • An incoming or outgoing directory to copy to or from the user space.
    • A subdirectory name to create a subdirectory within the incoming or outgoing directory in the user space.

    Note:

    • You cannot use wildcards.
    • You cannot create or copy over files generated by the system; however, you can copy such files to an unreserved filename.
    • You cannot copy script (.scr) or macro (.mac) files while in Boot mode. You can copy only .cnf, .hty, and .rel files. If you issue the dir command from Boot mode, existing .scr and .mac files are not displayed. For more information about the types of files that you can copy, see Types of Files Transferred Using the copy Command.

    To copy a file from one location to another:

    • Issue the copy command in Privileged Exec mode.
      • Copy the contents of the source file to the existing or newly created file within same network host.
        host1#copy host1:westford.cnf boston.cnf
      • Copy a file from the incoming directory.
        host1#copy /incoming/releases/2-8-0a3-7.rel 2-8-0a3-7.rel
      • Copy a local file to a remote file.
        host1#copy /shconfig.txt ftp://joe:passwd@173.28.32.156/ftpDir/results/shConfigJoe.txt

    Adding or Modifying an Entry in the Host Table

    You can use the host command to add or modify an entry to the host table. You can enter the optional username and password in plain text (unencrypted). Or, if you know the correct encrypted forms of the username and password, you can enter the encrypted forms. For more information about the encrypted values, see Determining the Encrypted Values for Usernames and Passwords.

    This command allows network files to be accessible from a host. This command supports:

    • IPv4 and IPv6 address formats.
    • FTP and TFTP for copying and redirecting files.

    Note: You cannot invent an encrypted string to be used with the algorithm 8 option. You must use plain text (unencrypted) strings for the initial configuration. The only way to obtain a valid encrypted string is to enable password encryption (by issuing the service password-encryption command) and then examine the output of the show configuration command. Username and password encryption is made available primarily so that scripts generated from the show configuration output can be saved, used, and transferred without fear of password exposure.

    Caution: Because the capability to encrypt passwords that you configure using the service password-encryption command does not provide robust, effective protection from unauthorized attacks, we recommend that you also exercise additional network security mechanisms in conjunction with this command.

    To add or modify an entry to the host table:

    • Issue the host command in Global Configuration mode.
      host1(config)#host westford 10.10.8.7 ftp user25 easy53

    Determining the Encrypted Values for Usernames and Passwords

    To determine the encrypted values for usernames and passwords entered in cleartext, you must do the following:

    1. Issue the service password-encryption command. This causes subsequently issued show configuration commands to generate encrypted forms of the username and password for this command, as well as for all other commands that support encryption. For more information about the service password-encryption command, see Setting Basic and Enable Password Parameters.
      host1(config)#service password-encryption host1(config)#host test 10.2.3.4 ftp nick nick host1(config)#end
    2. Issue the show configuration command and search for the host command. The encrypted forms are preceded by the number 8.
      host1#show config | inc host
      hostname "host1"
      host test 10.2.3.4 ftp 8 CU&l,XM(S 8 X=emZn>'S
    3. Copy and paste the command showing the encrypted forms into a macro or script to use as desired. Specify the number 8 before the username and before the password to enter an encrypted value.

    Configuring the Source Interface for FTP Packets

    You can configure an operational interface as the source interface for FTP packets sent by the system’s FTP client using the ip ftp source-address and ip ftp source-interface commands.

    When you issue the ip ftp source-address command, the output of the show configuration command includes an entry of the following format:

    ip ftp source-address ipAddress

    This entry also appears in the output if you delete an interface or change its IP address after issuing the ip ftp source-interface command, in which case the IP address is the one that was configured on the interface before you issued the ip ftp source-interface command.

    When you issue the ip ftp source-interface command, the output of the show configuration command includes an entry of the following format:

    ip ftp source-interface interfaceType interfaceSpecifier
    • interfaceType—Type of interface.
    • interfaceSpecifier—Location of the interface

      For information about interface types and specifiers, see Interface Types and Specifiers in JunosE Command Reference Guide.

    If you delete the interface or change its IP address, the output of the show configuration command appears as if you had entered the ip ftp source-address command:

    ip ftp source-address ipAddress
    • ipAddress—IP address of the interface when you issued the ip ftp source-interface command.

    To configure an operational interface as the source interface for FTP packets sent by the system’s FTP client:

    • Issue the ip ftp source-address command in Global Configuration mode for configuring an operational interface as the source interface using the IP address.
      host1(config)#ip ftp source-address 10.10.5.21

      This command overrides a setting you configured previously with the ip ftp source-interface command. Use the no version to restore the default, in which the source address in the FTP packets is that of the interface where the FTP connection is made.

    • Issue the ip ftp source-interface command in Global Configuration mode for configuring an operational interface as the source interface using the interface type and interface specifier.
      host1(config)#ip ftp source-interface loopback1

      Note: The interface you specify must have an IP address.

      This command overrides a setting you configured previously with the ip ftp source-address command. Use the no version to restore the default, in which the source address in the FTP packets is that of the interface where the FTP connection is made.

    Example: Copying a File Using the copy Command

    This example shows you how to use the copy command to copy a file.

    Requirements

    This example uses the following software and hardware components:

    • JunosE Release 7.1.0 or higher-numbered releases
    • E Series router (ERX7xx models, ERX14xx models, the ERX310 router, the E120 router, or the E320 router)
    • ASIC-based line modules that support Fast Ethernet or Gigabit Ethernet

    Note: Before you copy the files, the following host entries should be defined in the host table:

    • host mary 172.28.32.156 ftp mike mikePwd
    • host joe 172.28.32.99 ftp joe jPasswd

    Overview

    You can use the system’s FTP server to transfer files between a network host and the user space. When a firewall separates the E Series router from the network host, you must use the FTP server to transfer files to the user space. You can then install the files from the user space to the system space by using the copy command. However, if there is no firewall between the E Series router and the network host, you can use the copy command, the remote FTP server, or the remote TFTP server to transfer files.

    Copying a Remote File to a Local File

    This section describes the following:

    Copying a File Using the CLI File copy Command Format

    Step-by-Step Procedure

    You can create or replace the local file autocfg.scr by copying the remote file autocfg.scr located in the directory ftpDir/scripts on the host mary. The username mike and password mikePwd from the host entry mary are used to access the remote file.

    1. Issue the copy command in Privileged Exec mode.
      host1#copy mary:ftpDir/scripts/autocfg.scr autocfg.scr

    Copying a File Using the URL Format

    Step-by-Step Procedure

    To create or replace the local file autocfg.scr by copying the remote file autocfg.scr located in the directory ftpDir/scripts on the host mary:

    1. Use the hostname to specify the location, and specify the username and password in the command. The username fred and the password passwd in the command are used; the username and password in the host entry are ignored.
      host1#copy ftp://fred:passwd@mary/ftpDir/scripts/autocfg.scr autocfg.scr
    2. Use the hostname to specify the location, specify the username in the command, and use the default value of the password. The username fred from the command and the default password null are used; the username and password in the host entry are ignored.
      host1#copy ftp://fred@mary/ftpDir/scripts/autocfg.scr autocfg.scr
    3. Use the hostname to specify the location. The protocol TFTP, which does not support usernames or passwords, is the protocol in the URL. The protocol specified in the command is used; the protocol for the host entry mary is ignored.
      host1#copy tftp://mary/ftpDir/scripts/autocfg.scr autocfg.scr
    4. Use the hostname to specify the location, and use the username and password from the host entry. The username mike and password mikePwd from the host entry are used.
      host1#copy ftp://mary/ftpDir/scripts/autocfg.scr autocfg.scr
    5. Use the host's IP address to specify the location, and the username fred to access the remote file.
      host1#copy ftp://fred@172.28.32.156/ftpDir/scripts/autocfg.scr autocfg.scr

    Copying a Local File to a Remote File

    This section describes the following:

    Copying a File Using the CLI File copy Command Format

    Step-by-Step Procedure

    You can create or replace the remote file shConfigForJoe.txt in the directory ftpDir/results on the host joe by copying the local file shConfig.txt. The username joe and password jPasswd from the host entry joe are used to access the remote file.

    1. Issue the copy command in Privileged Exec mode.
      host1#copy shConfig.txt joe:ftpDir/results/shConfigForJoe.txt

    Copying a File Using the URL Format

    Step-by-Step Procedure

    You can create or replace the remote file shConfigJoe.txt in the directory ftpDir/results on the host 172.28.32.156 by copying the local file shConfig.txt. The username joe and the password passwd from the command are used to access the remote file.

    1. Issue the copy command in Privileged Exec mode.
      host1#copy shConfig.txt ftp://joe:passwd@172.28.32.156/ftpDir/results/shConfigJoe.txt

    Redirecting the Output of a Command to a Remote File

    You can redirect the output of a command to a remote file by using the URL format, and using the host's IP address to specify the location.

    • Execute show configuration command in Privileged Exec mode, and redirect the output to the remote file shConfigJoe.txt in directory ftpDir/results on host 172.28.32.156 using username joe and password passwd.
      host1#show config > ftp://joe:passwd@172.28.32.156/ftpDir/results/shConfigJoe.txt

    File Transfer Using TFTP Overview

    You can use TFTP to copy files and redirect output from the E Series router to a remote server if the remote host supports TFTP. Before transferring files by the remote TFTP server, you must use the host command to define the host and to specify TFTP as the file transfer protocol.

    The maximum file size is 32 MB for file transfer. The release package for JunosE Release 6.1.0 and higher-numbered releases includes a split version of all release images that exceed 32 MB. Each chunk is less than 32 MB. You can therefore use TFTP with JunosE Release 6.1.0 and higher-numbered releases to transfer large software images. The JunosE Software copies the split images and reassembles them to full size on the router. The file system on the router does not contain any additional images as a result of this operation.

    Published: 2014-08-12