Configuration prerequisites, Configuration procedure, Configuring ntp authentication – H3C Technologies H3C SR8800 User Manual

Page 75

•

query—Control query permitted. This level of right permits the peer router to perform control query

to the NTP service on the local router but does not permit the peer router to synchronize its clock to
the local router. The so-called “control query” refers to query of some states of the NTP service,

including alarm information, authentication status, clock source information, and so on.

•

synchronization—Server access only. This level of right permits the peer router to synchronize its
clock to the local router but does not permit the peer router to perform control query.

•

server—Server access and query permitted. This level of right permits the peer router to perform
synchronization and control query to the local router but does not permit the local router to

synchronize its clock to the peer router.

•

peer—Full access. This level of right permits the peer router to perform synchronization and control
query to the local router and also permits the local router to synchronize its clock to the peer router.

From the highest NTP service access-control right to the lowest one are peer, server, synchronization,

and query. When a router receives an NTP request, it performs an access-control right match and uses

the first matched right. If no matched right is found, the router discards the NTP request.

Configuration prerequisites

Prior to configuring the NTP service access-control right to the local router, you need to create and

configure an ACL associated with the access-control right. For more information about ACLs, see ACL
and QoS Configuration Guide.

Configuration procedure

To configure the NTP service access-control right to the local router:

Step Command

Remarks

Enter system view.

system-view

N/A

Configure the NTP service

access-control right for a peer

router to access the local
router.

ntp-service access { peer | query |
server | synchronization }

acl-number

peer by default

NOTE:

The access-control right mechanism provides only a minimum degree of security protection for the system
running NTP. A more secure method is identity authentication.

Configuring NTP authentication

The NTP authentication feature should be enabled for a system running NTP in a network where there is

a high security demand. This feature enhances the network security by means of client-server key
authentication, which prohibits a client from synchronizing with a router that has failed authentication.
NTP authentication configuration includes the following tasks:

•

Enable NTP authentication

•

Configure an authentication key

•

Configure the key as a trusted key

•

Associate the specified key with an NTP server or a symmetric peer

This manual is related to the following products:

H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000 H3C WX3000E Series Wireless Switches H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module