Configuration prerequisites, Configuration procedure, Configuring ntp authentication – H3C Technologies H3C SecBlade LB Cards User Manual
Page 133
123
•
Synchronization—Server access only. This level of right permits a peer device to synchronize its
clock to that of the local device but does not permit the peer devices to perform control query.
•
Server—Server access and query permitted. This level of right permits the peer devices to perform
synchronization and control query to the local device but does not permit the local device to
synchronize its clock to that of a peer device.
•
Peer—Full access. This level of right permits the peer devices to perform synchronization and control
query to the local device and also permits the local device to synchronize its clock to that of a peer
device.
The access-control right mechanism provides only a minimum level of security protection for a system
running NTP. A more secure method is identity authentication.
Configuration prerequisites
Before you configure the NTP service access-control right to the local device, create and configure an
ACL associated with the access-control right. For more information about ACLs, see Security
Configuration Guide.
Configuration procedure
To configure the NTP service access-control right to the local device:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Configure the NTP service
access-control right for a peer
device to access the local device.
ntp-service access { peer | query |
server | synchronization }
acl-number
The default is peer.
Configuring NTP authentication
Enable NTP authentication for a system running NTP in a network where there is a high security demand.
NTP authentication enhances network security by using client-server key authentication, which prohibits
a client from synchronizing with a device that fails authentication.
To configure NTP authentication, do the following:
•
Enable NTP authentication
•
Configure an authentication key
•
Configure the key as a trusted key
•
Associate the specified key with an NTP server or a symmetric peer
These tasks are required. If any task is omitted, NTP authentication cannot function.
Configuring NTP authentication in client/server mode
Follow these instructions to configure NTP authentication in client/server mode:
•
A client can synchronize to the server only when you configure all the required tasks on both the
client and server.
•
On the client, if NTP authentication is not enabled or no key is specified to associate with the NTP
server, the client is not authenticated. No matter whether NTP authentication is enabled or not on
the server, the clock synchronization between the server and client can be performed.