Configuring ntp authentication, Configuration prerequisites, Configuration procedure – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

20

Step Command

Remarks

2.

Configure the NTP service
access-control right for a peer

device to access the local
device.

ntp-service access { peer | query |
server | synchronization }
acl-number

The default is peer.

NOTE:

The access-control right mechanism provides only a minimum degree of security protection for the system
running NTP. A more secure method is identity authentication.

Configuring NTP authentication

NTP authentication should be enabled for a system running NTP in a network where there is a high

security demand. It enhances the network security by means of client-server key authentication, which
prohibits a client from synchronizing with a device that has failed authentication.

Configuration prerequisites

The configuration of NTP authentication involves configuration tasks to be implemented on the client and
on the server.
When configuring NTP authentication, note the following:

•

For all synchronization modes, when you enable the NTP authentication feature, configure an
authentication key and specify it as a trusted key. In other words, the ntp-service authentication

enable command must work together with the ntp-service authentication-keyid command and the

ntp-service reliable authentication-keyid command. Otherwise, the NTP authentication function
cannot be normally enabled.

•

For the client/server mode or symmetric mode, associate the specified authentication key on the
client (symmetric-active peer if in the symmetric peer mode) with the corresponding NTP server

(symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTP authentication feature

cannot be normally enabled.

•

For the broadcast server mode or multicast server mode, associate the specified authentication key

on the broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTP
authentication feature cannot be normally enabled.

•

For the client/server mode, if the NTP authentication feature has not been enabled for the client, the
client can synchronize with the server regardless of whether or not the NTP authentication feature

has been enabled for the server. If the NTP authentication is enabled on a client, the client can be

synchronized only to a server that can provide a trusted authentication key.

•

For all synchronization modes, the server side and the client side must be consistently configured.

Configuration procedure

To configure NTP authentication for a client:

Step Command

Remarks

1.

Enter system view.

system-view

N/A