Configuration procedure, Configuring ntp authentication on the client – H3C Technologies H3C S3600 Series Switches User Manual
Page 879
1-12
z
If the NTP authentication function is not enabled on the client, the clock of the client can be
synchronized to a server no matter whether the NTP authentication function is enabled on the
server (assuming that other related configurations are properly performed).
z
For the NTP authentication function to take effect, a trusted key needs to be configured on both the
client and server after the NTP authentication is enabled on them.
z
The local clock of the client is only synchronized to the server that provides a trusted key.
z
In addition, for the server/client mode and the symmetric peer mode, you need to associate a
specific key on the client (the symmetric-active peer in the symmetric peer mode) with the
corresponding NTP server (the symmetric-passive peer in the symmetric peer mode); for the NTP
broadcast/multicast mode, you need to associate a specific key on the broadcast/multicast server
with the corresponding NTP broadcast/multicast client. Otherwise, NTP authentication cannot be
enabled normally.
z
Configurations on the server and the client must be consistent.
Configuration Procedure
Configuring NTP authentication on the client
Follow these steps to configure NTP authentication on the client:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable the NTP authentication
function
ntp-service authentication
enable
Required
Disabled by default.
Configure the NTP
authentication key
ntp-service
authentication-keyid key-id
authentication-model md5
value
Required
By default, no NTP
authentication key is
configured.
Configure the specified key as a
trusted key
ntp-service reliable
authentication-keyid key-id
Required
By default, no trusted key is
configured.
Configure on the
client in the
server/client mode
ntp-service unicast-server
{ remote-ip | server-name }
authentication-keyid key-id
Associat
e the
specified
key with
the
correspo
nding
NTP
server
Configure on the
symmetric-active
peer in the
symmetric peer
mode
ntp-service unicast-peer
{ remote-ip | peer-name }
authentication-keyid key-id
Required
For the client in the NTP
broadcast/multicast mode,
you just need to associate the
specified key with the client
on the corresponding server.
NTP authentication requires that the authentication keys configured for the server and the client be the
same. Besides, the authentication keys must be trusted keys. Otherwise, the clock of the client cannot
be synchronized with that of the server.