Configuring ntp authentication for an active peer – H3C Technologies H3C SR8800 User Manual
Page 77
65
Step Command
Remarks
3.
Configure an NTP
authentication key.
ntp-service authentication-keyid
keyid authentication-mode md5
value
No NTP authentication key by
default
4.
Configure the key as a trusted
key.
ntp-service reliable
authentication-keyid keyid
No authentication key is
configured to be trusted by default
NOTE:
The same authentication key must be configured on both the server and client sides.
Configuring NTP authentication in symmetric peers mode
When configuring NTP authentication in symmetric peers mode, configure the required tasks on both the
active and passive peers, and on the active peer associate the key with the passive peer.
1.
When the active peer has a greater stratum level than the passive peer:
{
If NTP authentication is not enabled or no key is associated with the passive peer on the active
peer, the active peer synchronizes its clock to the passive peer as long as NTP authentication
is disabled on the passive peer.
{
If NTP authentication is enabled and a key is associated with the passive peer on the active
peer, but the key is not a trusted key, no matter the NTP authentication is enabled on the passive
peer or not, the active peer does not synchronize its clock to the passive peer.
2.
When the active peer has a smaller stratum level than the passive peer:
If NTP authentication is not enabled, no key is associated with the passive peer on the active peer,
or the key is not a trusted key, the clock of the active peer can be synchronized to the passive peer
as long as NTP authentication is disabled on the passive peer.
Configuring NTP authentication for an active peer
To configure NTP authentication for an active peer:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable NTP authentication.
ntp-service authentication enable
Disabled by default
3.
Configure an NTP
authentication key.
ntp-service authentication-keyid
keyid authentication-mode md5
value
No NTP authentication key is
configured by default.
4.
Configure the key as a trusted
key.
ntp-service reliable
authentication-keyid keyid
No authentication key is
configured to be trusted by default
5.
Associate the specified key
with the passive peer.
ntp-service unicast-peer
{ ip-address | peer-name }
authentication-keyid keyid
You can associate a non-existing
key with a passive peer. To enable
NTP authentication, you must
configure the key and specify it as
a trusted key after associating the
key with the passive peer.
- H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000 H3C WX3000E Series Wireless Switches H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module