Configuration prerequisites, Configuring ntp authentication for a client – H3C Technologies H3C SecBlade NetStream Cards User Manual
Page 213
198
Configuration prerequisites
The configuration of NTP authentication involves configuration tasks to be implemented on the client and
on the server. The SecBlade NetStream card functions only as the client.
When configuring NTP authentication, note the following:
•
For all synchronization modes, when you enable the NTP authentication feature, configure an
authentication key and specify it as a trusted key. In other words, the ntp-service authentication
enable command must work together with the ntp-service authentication-keyid command and the
ntp-service reliable authentication-keyid command. Otherwise, the NTP authentication function
cannot be normally enabled.
•
For the client/server mode, associate the specified authentication key on the client with the
corresponding NTP server. Otherwise, the NTP authentication feature cannot be normally enabled.
•
For the broadcast server mode or multicast server mode, associate the specified authentication key
on the broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTP
authentication feature cannot be normally enabled.
•
For the client/server mode, if the NTP authentication feature has not been enabled for the client, the
client can synchronize with the server regardless of whether the NTP authentication feature has
been enabled for the server or not. If the NTP authentication is enabled on a client, the client can
be synchronized only to a server that can provide a trusted authentication key.
•
For all synchronization modes, the server side and the client side must be consistently configured.
Configuring NTP authentication for a client
Follow these steps to configure NTP authentication for a client:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable NTP authentication
ntp-service authentication enable
Required
Disabled by default
Configure an NTP
authentication key
ntp-service authentication-keyid
keyid authentication-mode md5
value
Required
No NTP authentication key by default
Configure the key as a trusted
key
ntp-service reliable
authentication-keyid keyid
Required
By default, no authentication key is
configured to be trusted.
Associate the specified key
with an NTP server
ntp-service unicast-server
{ ip-address | server-name }
authentication-keyid keyid
Required
You can associate a non-existing key with
an NTP server. To enable NTP
authentication, you must configure the key
and specify it as a trusted key after
associating the key with the NTP server.
NOTE:
After you enable the NTP authentication feature for the client, make sure that you configure for the client
an authentication key that is the same as on the server and specify that the authentication key is trusted.
Otherwise, the client cannot be synchronized to the server.