Configuring ntp authentication for an active peer – H3C Technologies H3C SR8800 User Manual

65

Step Command

Remarks

3.

Configure an NTP

authentication key.

ntp-service authentication-keyid
keyid authentication-mode md5
value

No NTP authentication key by
default

4.

Configure the key as a trusted
key.

ntp-service reliable

authentication-keyid keyid

No authentication key is
configured to be trusted by default

NOTE:

The same authentication key must be configured on both the server and client sides.

Configuring NTP authentication in symmetric peers mode

When configuring NTP authentication in symmetric peers mode, configure the required tasks on both the

active and passive peers, and on the active peer associate the key with the passive peer.

1.

When the active peer has a greater stratum level than the passive peer:

{

If NTP authentication is not enabled or no key is associated with the passive peer on the active
peer, the active peer synchronizes its clock to the passive peer as long as NTP authentication

is disabled on the passive peer.

{

If NTP authentication is enabled and a key is associated with the passive peer on the active
peer, but the key is not a trusted key, no matter the NTP authentication is enabled on the passive

peer or not, the active peer does not synchronize its clock to the passive peer.

2.

When the active peer has a smaller stratum level than the passive peer:
If NTP authentication is not enabled, no key is associated with the passive peer on the active peer,
or the key is not a trusted key, the clock of the active peer can be synchronized to the passive peer

as long as NTP authentication is disabled on the passive peer.

Configuring NTP authentication for an active peer

To configure NTP authentication for an active peer:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable NTP authentication.

ntp-service authentication enable

Disabled by default

3.

Configure an NTP
authentication key.

ntp-service authentication-keyid
keyid authentication-mode md5

value

No NTP authentication key is
configured by default.

4.

Configure the key as a trusted
key.

ntp-service reliable
authentication-keyid keyid

No authentication key is
configured to be trusted by default

5.

Associate the specified key

with the passive peer.

ntp-service unicast-peer
{ ip-address | peer-name }
authentication-keyid keyid

You can associate a non-existing
key with a passive peer. To enable
NTP authentication, you must

configure the key and specify it as

a trusted key after associating the
key with the passive peer.