Configuration prerequisites, Configuration procedure, Configuring ntp authentication – H3C Technologies H3C WX3000 Series Unified Switches User Manual

46-10

z

query

: Control query right. This level of right permits the peer device to perform control query to the

NTP service on the local device but does not permit the peer device to synchronize its clock to the
local device. The so-called “control query” refers to query of state of the NTP service, including
alarm information, authentication status, clock source information, and so on.

z

synchronization

: Synchronization right. This level of right permits the peer device to synchronize

its clock to the local device but does not permit the peer device to perform control query.

z

server

: Server right. This level of right permits the peer device to perform synchronization and

control query to the local device but does not permit the local device to synchronize its clock to the
peer device.

z

peer

: Peer access. This level of right permits the peer device to perform synchronization and

control query to the local device and also permits the local device to synchronize its clock to the
peer device.

From the highest NTP service access-control right to the lowest one are peer, server,

synchronization

, and query. When a device receives an NTP request, it will perform an

access-control right match in this order and use the first matched right.

Configuration Prerequisites

Prior to configuring the NTP service access-control right to the local device for peer devices, you need
to create and configure an ACL associated with the access-control right. For the configuration of ACL,
refer to ACL in H3C WX3000 Series Unified Switches Switching Engine Configuration Guide.

Configuration Procedure

Follow these steps to configure the NTP service access-control right to the local device for peer
devices:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the NTP service
access-control right to the local
device for peer devices

ntp-service access

{ peer |

server

| synchronization | query }

acl-number

Optional

peer

by default

The access-control right mechanism provides only a minimum degree of security protection for the local
device. A more secure method is identity authentication.

Configuring NTP Authentication

In networks with higher security requirements, the NTP authentication function must be enabled to run
NTP. Through password authentication on the client and the server, the clock of the client is
synchronized only to that of the server that passes the authentication. This improves network security.

Table 46-2

shows the roles of devices in the NTP authentication function.