beautypg.com

Configuration prerequisites, Configuration procedure, Configuring ntp authentication – H3C Technologies H3C SR8800 User Manual

Page 75

background image

63

query—Control query permitted. This level of right permits the peer router to perform control query

to the NTP service on the local router but does not permit the peer router to synchronize its clock to
the local router. The so-called “control query” refers to query of some states of the NTP service,

including alarm information, authentication status, clock source information, and so on.

synchronization—Server access only. This level of right permits the peer router to synchronize its
clock to the local router but does not permit the peer router to perform control query.

server—Server access and query permitted. This level of right permits the peer router to perform
synchronization and control query to the local router but does not permit the local router to

synchronize its clock to the peer router.

peer—Full access. This level of right permits the peer router to perform synchronization and control
query to the local router and also permits the local router to synchronize its clock to the peer router.

From the highest NTP service access-control right to the lowest one are peer, server, synchronization,

and query. When a router receives an NTP request, it performs an access-control right match and uses

the first matched right. If no matched right is found, the router discards the NTP request.

Configuration prerequisites

Prior to configuring the NTP service access-control right to the local router, you need to create and

configure an ACL associated with the access-control right. For more information about ACLs, see ACL
and QoS Configuration Guide
.

Configuration procedure

To configure the NTP service access-control right to the local router:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the NTP service

access-control right for a peer

router to access the local
router.

ntp-service access { peer | query |
server | synchronization }

acl-number

peer by default

NOTE:

The access-control right mechanism provides only a minimum degree of security protection for the system
running NTP. A more secure method is identity authentication.

Configuring NTP authentication

The NTP authentication feature should be enabled for a system running NTP in a network where there is

a high security demand. This feature enhances the network security by means of client-server key
authentication, which prohibits a client from synchronizing with a router that has failed authentication.
NTP authentication configuration includes the following tasks:

Enable NTP authentication

Configure an authentication key

Configure the key as a trusted key

Associate the specified key with an NTP server or a symmetric peer