Configuring ntp authentication, Configuration prerequisites, Configuration procedure – H3C Technologies H3C WX6000 Series Access Controllers User Manual

54-13

The access-control right mechanism provides only a minimum degree of security protection for the
system running NTP. A more secure method is identity authentication.

Configuring NTP Authentication

The NTP authentication feature should be enabled for a system running NTP in a network where there
is a high security demand. This feature enhances the network security by means of client-server key
authentication, which prohibits a client from synchronizing with a switch that has failed authentication.

Configuration Prerequisites

The configuration NTP authentication involves configuration tasks to be implemented on the client and
on the server.

When configuring the NTP authentication feature, pay attention to the following principles:

z

For all synchronization modes, when you enable the NTP authentication feature, you should
configure an authentication key and specify it as a trusted key. Namely, the ntp-service

authentication enable

command must work together with the ntp-service authentication-keyid

command and the ntp-service reliable authentication-keyid command. Otherwise, the NTP
authentication function cannot be normally enabled.

z

For the server/client mode or symmetric mode, you need to associate the specified authentication
key on the client (symmetric-active peer if in the symmetric peer mode) with the corresponding
NTP server (symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTP
authentication feature cannot be normally enabled.

z

For the broadcast server mode or multicast server mode, you need to associate the specified
authentication key on the broadcast server or multicast server with the corresponding NTP server.
Otherwise, the NTP authentication feature cannot be normally enabled.

z

For the server/client mode, if the NTP authentication feature has not been enabled for the client,
the client can synchronize with the server regardless the NTP authentication feature has been
enabled for the server or not.

z

For all synchronization modes, the server side and the client side must be consistently configured.

z

If the NTP authentication is enabled on a client, the client can be synchronized only to a server that
can provide a trusted authentication key.

Configuration Procedure

Configuring NTP authentication for a client

Follow these steps to configure NTP authentication for a client:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable NTP
authentication

ntp-service authentication enable

Required
Disabled by default