Fips Compliance; Configuring The Tftp Client - HP 5120 series Configuration Manual

Table 10 Configuration when the device serves as the TFTP client
Device
Device (TFTP client)
PC (TFTP server)

FIPS compliance

The device supports the FIPS mode that complies with NIST FIPS 140-2 requirements. Support for features,
commands, and parameters might differ in FIPS mode and non-FIPS mode. For more information about
FIPS mode, see the Security Configuration Guide.
TFTP is not supported in FIPS mode. Use SFTP for file transfer.

Configuring the TFTP client

When a device acts as a TFTP client, you can upload a file on the device to a TFTP server and download
a file from the TFTP server to the local device. You can use either of the following methods to download
a file:
Normal download: The device writes the obtained file to the storage medium directly. In this way,
•
if you download a remote file using a filename destination-filename that exists in the directory, the
device deletes the original file and then saves the new one. If file download fails due to network
disconnection or other reasons, the original system file will never recover because it has been
deleted.
• Secure download: The device saves the obtained file to its memory and does not write it to the
storage medium until the whole file is obtained. If you download a remote file using a filename
destination-filename that exists in the directory, the original file is not overwritten. If file download
fails due to network disconnection or other reasons, the original file still exists. This mode is more
secure but consumes more memory.
HP recommends that you use the secure mode or, if you use the normal mode, specify a filename not
existing in the current directory as the target filename when downloading the boot file or the startup
configuration file.
Before using the tftp command to establish a TFTP connection, you can perform source address binding.
Source address binding means configuring an IP address on a stable interface such as a loopback
interface, and then using this IP address as the source IP address of a TFTP connection. The source
address binding function simplifies the configuration of ACL rules and security policies. You just need to
specify the source or destination address argument in an ACL rule as this address to filter inbound and
outbound packets on the device, ignoring the difference between interface IP addresses as well as the
affect of interface statuses. You can configure the source address by configuring the source interface or
source IP address. The primary IP address configured on the source interface is the source address of the
transmitted packets.
Follow these steps to configure the TFTP client:
To do...
Enter system view
Configuration
•
Configure the IP address and routing function, and ensure that the
route between the device and the TFTP server is available.
•
Use the tftp command to establish a connection to the remote TFTP
server to upload/download files to/from the TFTP server
Enable TFTP server on the PC, and configure the TFTP working directory.
Use the command...
system-view
96
Remarks
—