Configuring access-control rights, Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual

109

Step Command

Remarks

2.

Enter interface view.

interface interface-type
interface-number

N/A

3.

Disable the interface from
receiving NTP messages.

ntp-service in-interface disable

By default, an interface is enabled
to receive NTP messages.

Configuring the maximum number of dynamic sessions
allowed

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Configure the maximum
number of dynamic sessions

allowed to be established
locally.

ntp-service max-dynamic-sessions
number

The default is 100.

Configuring access-control rights

You can configure the NTP service access-control right to the local device. Four access-control rights are

available, from the lowest to the highest. When a switch receives an NTP request, it performs an
access-control right match and uses the first matched right. If no matched right is found, the switch drops

the NTP request.

•

query—Control query permitted. This level of right permits the peer router to perform control query
to the NTP service on the local router but does not permit the peer router to synchronize its clock to

the local router. The so-called "control query" refers to query of some states of the NTP service,
including alarm information, authentication status, and clock source information.

•

synchronization—Server access only. This level of right permits the peer router to synchronize its
clock to the local router but does not permit the peer router to perform control query.

•

server—Server access and query permitted. This level of right permits the peer router to perform
synchronization and control query to the local router but does not permit the local router to

synchronize its clock to the peer router.

•

peer—Full access. This level of right permits the peer router to perform synchronization and control
query to the local router and also permits the local router to synchronize its clock to the peer router.

The access-control right mechanism provides only a minimum level of security protection for a system
running NTP. A more secure method is identity authentication.

Configuration prerequisites

Before you configure the NTP service access-control right to the local router, create and configure an ACL

associated with the access-control right. For more information about ACLs, see ACL and QoS

Configuration Guide.