Configuration procedure, Configuring ntp authentication for a client, Configuring ntp authentication for a server – H3C Technologies H3C SecPath F1000-E User Manual

14

•

For the client/server mode or symmetric mode, associate the specified authentication key on the

client (symmetric-active peer if in the symmetric peer mode) with the corresponding NTP server

(symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTP authentication feature
cannot be normally enabled.

•

For the broadcast server mode or multicast server mode, associate the specified authentication key
on the broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTP

authentication feature cannot be normally enabled.

•

For the client/server mode, if the NTP authentication feature has not been enabled for the client, the
client can synchronize with the server regardless of whether the NTP authentication feature has

been enabled for the server or not. If the NTP authentication is enabled on a client, the client can

be synchronized only to a server that can provide a trusted authentication key.

•

For all synchronization modes, the server side and the client side must be consistently configured.

Configuration Procedure

Configuring NTP authentication for a client

Follow these steps to configure NTP authentication for a client:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable NTP authentication

ntp-service authentication
enable

Required
Disabled by default

Configure an NTP authentication
key

ntp-service
authentication-keyid keyid
authentication-mode md5

value

Required
No NTP authentication key by

default

Configure the key as a trusted key

ntp-service reliable
authentication-keyid keyid

Required
By default, no authentication key is

configured to be trusted.

Client/server mode:
ntp-service unicast-server
{ ip-address | server-name }
authentication-keyid keyid

Associate the specified key with an
NTP server

Symmetric peers mode:
ntp-service unicast-peer

{ ip-address | peer-name }
authentication-keyid keyid

Required
You can associate a non-existing
key with an NTP server. To enable

NTP authentication, you must

configure the key and specify it as
a trusted key after associating the

key with the NTP server.

NOTE:

After you enable the NTP authentication feature for the client, make sure that you configure for the client
an authentication key that is the same as on the server and specify that the authentication key is trusted.

Otherwise, the client cannot be synchronized to the server.

Configuring NTP authentication for a server

Follow these steps to configure NTP authentication for a server: