Configuring ntp authentication in broadcast mode – H3C Technologies H3C SecBlade LB Cards User Manual

125

•

When the active peer has a smaller stratum level than the passive peer:
On the active peer, if NTP authentication is not enabled, no key is specified to associate with the
passive peer, or the key is not a trusted key, the active peer can synchronize to the passive peer
as long as NTP authentication is disabled on the passive peer.

To configure NTP authentication for an active peer:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is
disabled.

3.

Configure an NTP

authentication key.

ntp-service authentication-keyid
keyid authentication-mode md5
[ cipher | simple ] value

By default, no NTP authentication
key is configured.
Configure the same authentication
key on the active symmetric peer

and passive symmetric peer.

4.

Configure the key as a trusted
key.

ntp-service reliable
authentication-keyid keyid

By default, no authentication key is
configured to be trusted.

5.

Associate the specified key

with the passive peer.

ntp-service unicast-peer
{ ip-address | peer-name }
authentication-keyid keyid

You can associate a non-existing
key with a passive peer. To enable
NTP authentication, you must

configure the key and specify it as

a trusted key after associating the
key with the passive peer.

To configure NTP authentication for a passive peer:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is
disabled.

3.

Configure an NTP

authentication key.

ntp-service authentication-keyid
keyid authentication-mode md5
[ cipher | simple ] value

By default, no NTP authentication
key is configured.
Configure the same authentication
key on the active symmetric peer

and passive symmetric peer.

4.

Configure the key as a trusted
key.

ntp-service reliable
authentication-keyid keyid

By default, no authentication key is
configured to be trusted.

Configuring NTP authentication in broadcast mode

Follow these instructions to configure NTP authentication in broadcast mode:

•

A broadcast client can synchronize to the broadcast server only when you configure all the required
tasks on both the broadcast client and server.

•

If NTP authentication is not enabled on the client, the broadcast client can synchronize to the
broadcast server no matter whether NTP authentication is enabled or not on the server.

To configure NTP authentication for a broadcast client: