Configuring ntp authentication, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual
Page 81: Configuring ntp authentication for a client
3-17
The access-control right mechanism provides only a minimum degree of security protection for
the system running NTP. A more secure method is identity authentication.
Configuring NTP Authentication
The NTP authentication feature should be enabled for a system running NTP in a network
where there is a high security demand. This feature enhances the network security by means of
client-server key authentication, which prohibits a client from synchronizing with a device that
has failed authentication.
Configuration Prerequisites
The configuration of NTP authentication involves configuration tasks to be implemented on the
client and on the server.
When configuring the NTP authentication feature, pay attention to the following principles:
z
For all synchronization modes, when you enable the NTP authentication feature, you
should configure an authentication key and specify it as a trusted key. Namely, the
ntp-service authentication enable command must work together with the ntp-service
authentication-keyid command and the ntp-service reliable authentication-keyid
command. Otherwise, the NTP authentication function cannot be normally enabled.
z
For the client/server mode or symmetric mode, you need to associate the specified
authentication key on the client (symmetric-active peer if in the symmetric peer mode) with
the corresponding NTP server (symmetric-passive peer if in the symmetric peer mode).
Otherwise, the NTP authentication feature cannot be normally enabled.
z
For the broadcast server mode or multicast server mode, you need to associate the
specified authentication key on the broadcast server or multicast server with the
corresponding NTP server. Otherwise, the NTP authentication feature cannot be normally
enabled.
z
For the client/server mode, if the NTP authentication feature has not been enabled for the
client, the client can synchronize with the server regardless of whether the NTP
authentication feature has been enabled for the server or not. If the NTP authentication is
enabled on a client, the client can be synchronized only to a server that can provide a
trusted authentication key.
z
For all synchronization modes, the server side and the client side must be consistently
configured.
Configuration Procedure
Configuring NTP authentication for a client
Follow these steps to configure NTP authentication for a client: