Configuring access-control rights, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

1-13

Configuring Access-Control Rights

With the following command, you can configure the NTP service access-control right to the local device.

There are four access-control rights, as follows:

z

query: control query permitted. This level of right permits the peer devices to perform control query

to the NTP service on the local device but does not permit a peer device to synchronize its clock to

that of the local device. The so-called “control query” refers to query of some states of the NTP

service, including alarm information, authentication status, clock source information, and so on.

z

synchronization: server access only. This level of right permits a peer device to synchronize its

clock to that of the local device but does not permit the peer devices to perform control query.

z

server: server access and query permitted. This level of right permits the peer devices to perform

synchronization and control query to the local device but does not permit the local device to

synchronize its clock to that of a peer device.

z

peer: full access. This level of right permits the peer devices to perform synchronization and control

query to the local device and also permits the local device to synchronize its clock to that of a peer

device.

From the highest NTP service access-control right to the lowest one are peer, server,

synchronization, and query. When a device receives an NTP request, it will perform an

access-control right match and will use the first matched right.

Configuration Prerequisites

Prior to configuring the NTP service access-control right to the local device, you need to create and

configure an ACL associated with the access-control right. For the configuration of ACL, refer to ACL

Configuration.

Configuration Procedure

Follow these steps to configure the NTP service access-control right to the local device:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the NTP service
access-control right for a peer
device to access the local
device

ntp-service access { peer |
query | server |
synchronization } acl-number

Required

peer by default

The access-control right mechanism provides only a minimum degree of security protection for the

system running NTP. A more secure method is identity authentication.