beautypg.com

Configuring the dscp value for ntp messages, Configuring access-control rights – H3C Technologies H3C WX5500E Series Access Controllers User Manual

Page 26

background image

18

Symmetric active/passive mode—After you specify a symmetric-passive peer on a symmetric active

peer, static associations are created on the symmetric-active peer, and dynamic associations are
created on the symmetric-passive peer.

Broadcast or multicast mode—Static associations are created on the server, and dynamic
associations are created on the client.

A single device can have a maximum of 128 concurrent associations, including static associations and

dynamic associations.
To configure the allowed maximum number of dynamic sessions:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the maximum

number of dynamic sessions
allowed to be established

locally.

ntp-service max-dynamic-sessions
number

The default is 100.

Configuring the DSCP value for NTP messages

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the Differentiated
Service Code Point (DSCP)

value for NTP messages.

ntp-service dscp dscp-value

Optional.
The default setting is 16.

Configuring access-control rights

From the highest to lowest, the NTP service access-control rights are peer, server, synchronization, and

query. If a device receives an NTP request, it performs an access-control right match and uses the first

matched right. If no matched right is found, the device drops the NTP request.

Query—Control query permitted. This level of right permits the peer devices to perform control

query to the NTP service on the local device, but it does not permit a peer device to synchronize to
the local device. "Control query" refers to the query of some states of the NTP service, including

alarm information, authentication status, and clock source information.

Synchronization—Server access only. This level of right permits a peer device to synchronize to the
local device, but it does not permit the peer devices to perform control query.

Server—Server access and query permitted. This level of right permits the peer devices to perform
synchronization and control query to the local device, but it does not permit the local device to

synchronize to a peer device.

Peer—Full access. This level of right permits the peer devices to perform synchronization and control
query to the local device, and it permits the local device to synchronize to a peer device.

The access-control right mechanism provides only a minimum level of security protection for a system

running NTP. A more secure method is identity authentication.