Configuration prerequisites, Configuration procedure, Configuring ntp authentication – H3C Technologies H3C SecPath F1000-E User Manual
Page 125
13
•
server: Server access and query permitted. This level of right permits the peer devices to perform
synchronization and control query to the local device but does not permit the local device to
synchronize its clock to that of a peer device.
•
peer: Full access. This level of right permits the peer devices to perform synchronization and control
query to the local device and also permits the local device to synchronize its clock to that of a peer
device.
From the highest NTP service access-control right to the lowest one are peer, server,
synchronization, and query. When a device receives an NTP request, it performs an access-control
right match and uses the first matched right.
Configuration Prerequisites
Prior to configuring the NTP service access-control right to the local device, create and configure an ACL
associated with the access-control right. For more information about ACLs, see ACL in the Firewall Web
Configuration Manual.
Configuration Procedure
Follow these steps to configure the NTP service access-control right to the local device:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure the NTP service
access-control right for a peer
device to access the local device
ntp-service access { peer |
query | server |
synchronization } acl-number
Required
peer by default
NOTE:
The access-control right mechanism provides only a minimum degree of security protection for the system
running NTP. A more secure method is identity authentication.
Configuring NTP Authentication
NTP authentication should be enabled for a system running NTP in a network where there is a high
security demand. It enhances the network security by means of client-server key authentication, which
prohibits a client from synchronizing with a device that has failed authentication.
Configuration Prerequisites
The configuration of NTP authentication involves configuration tasks to be implemented on the client and
on the server.
When configuring NTP authentication, note the following:
•
For all synchronization modes, when you enable the NTP authentication feature, configure an
authentication key and specify it as a trusted key. In other words, the ntp-service
authentication enable command must work together with the ntp-service
authentication-keyid command and the ntp-service reliable authentication-keyid
command. Otherwise, the NTP authentication function cannot be normally enabled.