beautypg.com

Configuring access-control rights, Configuration prerequisites – H3C Technologies H3C MSR 50 User Manual

Page 49

background image

Step Command

Remarks

interface interface-type
interface-number

61.

Enter interface view.

N/A

62.

Disable the interface from
receiving NTP messages.

By default, an interface is enabled
to receive NTP messages.

ntp-service in-interface disable

Configuring the allowed maximum number of dynamic
sessions

Step Command

Remarks

63.

Enter system view.

system-view

N/A

64.

Configure the maximum
number of dynamic sessions

allowed to be established
locally.

ntp-service max-dynamic-sessions
number

The default is 100.

Configuring access-control rights

From the highest to lowest, the NTP service access-control rights are peer, server, synchronization, and

query. If a device receives an NTP request, it performs an access-control right match and uses the first
matched right. If no matched right is found, the device drops the NTP request.

Query—Control query permitted. This level of right permits the peer devices to perform control
query to the NTP service on the local device but does not permit a peer device to synchronize its

clock to that of the local device. The so-called "control query" refers to query of some states of the

NTP service, including alarm information, authentication status, clock source information, and so
on.

Synchronization—Server access only. This level of right permits a peer device to synchronize its
clock to that of the local device but does not permit the peer devices to perform control query.

Server—Server access and query permitted. This level of right permits the peer devices to perform
synchronization and control query to the local device but does not permit the local device to

synchronize its clock to that of a peer device.

Peer—Full access. This level of right permits the peer devices to perform synchronization and control
query to the local device and also permits the local device to synchronize its clock to that of a peer

device.

The access-control right mechanism provides only a minimum level of security protection for a system

running NTP. A more secure method is identity authentication.

Configuration prerequisites

Before you configure the NTP service access-control right to the local device, create and configure an

ACL associated with the access-control right. For more information about ACLs, see ACL and QoS

Configuration Guide.

36

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: