Configuring ntp authentication for an active peer – H3C Technologies H3C SR8800 User Manual
Page 77
65
Step Command
Remarks
3.
Configure an NTP
authentication key.
ntp-service authentication-keyid
keyid authentication-mode md5
value
No NTP authentication key by
default
4.
Configure the key as a trusted
key.
ntp-service reliable
authentication-keyid keyid
No authentication key is
configured to be trusted by default
NOTE:
The same authentication key must be configured on both the server and client sides.
Configuring NTP authentication in symmetric peers mode
When configuring NTP authentication in symmetric peers mode, configure the required tasks on both the
active and passive peers, and on the active peer associate the key with the passive peer.
1.
When the active peer has a greater stratum level than the passive peer:
{
If NTP authentication is not enabled or no key is associated with the passive peer on the active
peer, the active peer synchronizes its clock to the passive peer as long as NTP authentication
is disabled on the passive peer.
{
If NTP authentication is enabled and a key is associated with the passive peer on the active
peer, but the key is not a trusted key, no matter the NTP authentication is enabled on the passive
peer or not, the active peer does not synchronize its clock to the passive peer.
2.
When the active peer has a smaller stratum level than the passive peer:
If NTP authentication is not enabled, no key is associated with the passive peer on the active peer,
or the key is not a trusted key, the clock of the active peer can be synchronized to the passive peer
as long as NTP authentication is disabled on the passive peer.
Configuring NTP authentication for an active peer
To configure NTP authentication for an active peer:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable NTP authentication.
ntp-service authentication enable
Disabled by default
3.
Configure an NTP
authentication key.
ntp-service authentication-keyid
keyid authentication-mode md5
value
No NTP authentication key is
configured by default.
4.
Configure the key as a trusted
key.
ntp-service reliable
authentication-keyid keyid
No authentication key is
configured to be trusted by default
5.
Associate the specified key
with the passive peer.
ntp-service unicast-peer
{ ip-address | peer-name }
authentication-keyid keyid
You can associate a non-existing
key with a passive peer. To enable
NTP authentication, you must
configure the key and specify it as
a trusted key after associating the
key with the passive peer.