Configuration prerequisites, Configuration procedure, Configuring ntp authentication – H3C Technologies H3C SR8800 User Manual
Page 75
63
•
query—Control query permitted. This level of right permits the peer router to perform control query
to the NTP service on the local router but does not permit the peer router to synchronize its clock to
the local router. The so-called “control query” refers to query of some states of the NTP service,
including alarm information, authentication status, clock source information, and so on.
•
synchronization—Server access only. This level of right permits the peer router to synchronize its
clock to the local router but does not permit the peer router to perform control query.
•
server—Server access and query permitted. This level of right permits the peer router to perform
synchronization and control query to the local router but does not permit the local router to
synchronize its clock to the peer router.
•
peer—Full access. This level of right permits the peer router to perform synchronization and control
query to the local router and also permits the local router to synchronize its clock to the peer router.
From the highest NTP service access-control right to the lowest one are peer, server, synchronization,
and query. When a router receives an NTP request, it performs an access-control right match and uses
the first matched right. If no matched right is found, the router discards the NTP request.
Configuration prerequisites
Prior to configuring the NTP service access-control right to the local router, you need to create and
configure an ACL associated with the access-control right. For more information about ACLs, see ACL
and QoS Configuration Guide.
Configuration procedure
To configure the NTP service access-control right to the local router:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the NTP service
access-control right for a peer
router to access the local
router.
ntp-service access { peer | query |
server | synchronization }
acl-number
peer by default
NOTE:
The access-control right mechanism provides only a minimum degree of security protection for the system
running NTP. A more secure method is identity authentication.
Configuring NTP authentication
The NTP authentication feature should be enabled for a system running NTP in a network where there is
a high security demand. This feature enhances the network security by means of client-server key
authentication, which prohibits a client from synchronizing with a router that has failed authentication.
NTP authentication configuration includes the following tasks:
•
Enable NTP authentication
•
Configure an authentication key
•
Configure the key as a trusted key
•
Associate the specified key with an NTP server or a symmetric peer