Configuring the dscp value for ntp messages, Configuring access-control rights – H3C Technologies H3C WX5500E Series Access Controllers User Manual
Page 26
18
•
Symmetric active/passive mode—After you specify a symmetric-passive peer on a symmetric active
peer, static associations are created on the symmetric-active peer, and dynamic associations are
created on the symmetric-passive peer.
•
Broadcast or multicast mode—Static associations are created on the server, and dynamic
associations are created on the client.
A single device can have a maximum of 128 concurrent associations, including static associations and
dynamic associations.
To configure the allowed maximum number of dynamic sessions:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the maximum
number of dynamic sessions
allowed to be established
locally.
ntp-service max-dynamic-sessions
number
The default is 100.
Configuring the DSCP value for NTP messages
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the Differentiated
Service Code Point (DSCP)
value for NTP messages.
ntp-service dscp dscp-value
Optional.
The default setting is 16.
Configuring access-control rights
From the highest to lowest, the NTP service access-control rights are peer, server, synchronization, and
query. If a device receives an NTP request, it performs an access-control right match and uses the first
matched right. If no matched right is found, the device drops the NTP request.
•
Query—Control query permitted. This level of right permits the peer devices to perform control
query to the NTP service on the local device, but it does not permit a peer device to synchronize to
the local device. "Control query" refers to the query of some states of the NTP service, including
alarm information, authentication status, and clock source information.
•
Synchronization—Server access only. This level of right permits a peer device to synchronize to the
local device, but it does not permit the peer devices to perform control query.
•
Server—Server access and query permitted. This level of right permits the peer devices to perform
synchronization and control query to the local device, but it does not permit the local device to
synchronize to a peer device.
•
Peer—Full access. This level of right permits the peer devices to perform synchronization and control
query to the local device, and it permits the local device to synchronize to a peer device.
The access-control right mechanism provides only a minimum level of security protection for a system
running NTP. A more secure method is identity authentication.