Configuring access-control rights – H3C Technologies H3C SecBlade LB Cards User Manual
Page 132
122
To disable an interface from receiving NTP messages:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enter interface view.
interface interface-type
interface-number
N/A
3.
Disable the interface from
receiving NTP messages.
ntp-service in-interface disable
By default, an interface is enabled
to receive NTP messages.
Configuring the allowed maximum number of dynamic sessions
NTP has the following types of associations:
•
Static association—A manually created association.
•
Dynamic association—Temporary association created by the system during NTP operation. A
dynamic association is removed if no messages are exchanged over a specific period of time.
The following describes how an association is established in different operation modes:
•
Client/server mode—After you specify an NTP server, the system creates a static association on the
client. The server simply responds passively upon the receipt of a message, rather than creating an
association (static or dynamic).
•
Symmetric active/passive mode—After you specify a symmetric-passive peer on a symmetric active
peer, static associations are created on the symmetric-active peer, and dynamic associations are
created on the symmetric-passive peer.
•
Broadcast or multicast mode—Static associations are created on the server, and dynamic
associations are created on the client.
A single device can have a maximum of 128 concurrent associations, including static associations and
dynamic associations.
To configure the allowed maximum number of dynamic sessions:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the maximum number
of dynamic sessions allowed to be
established locally.
ntp-service
max-dynamic-sessions
number
The default is 100.
Configuring access-control rights
From the highest to lowest, the NTP service access-control rights are peer, server, synchronization, and
query. If a device receives an NTP request, it performs an access-control right match and uses the first
matched right. If no matched right is found, the device drops the NTP request.
•
Query—Control query permitted. This level of right permits the peer devices to perform control
query to the NTP service on the local device but does not permit a peer device to synchronize its
clock to that of the local device. The so-called "control query" refers to query of some states of the
NTP service, including alarm information, authentication status, clock source information, and so
on.