beautypg.com

Configuration procedure, Configuring ntp authentication, Configuration prerequisites – H3C Technologies H3C SecPath F1000-E User Manual

Page 121: Configuring ntp authentication for a client

background image

110

Configuration procedure

To configure the NTP service access-control right to the local device:

Step Command

Remarks

1.

Enter system view.

system-view N/A

2.

Configure the NTP service

access-control right for a peer device to

access the local device.

ntp-service access { peer | query
| server | synchronization }

acl-number

The default is peer.

Configuring NTP authentication

NTP authentication should be enabled for a system running NTP in a network where there is a high

security demand. It enhances the network security by means of client-server key authentication, which

prohibits a client from synchronizing with a device that has failed authentication.

Configuration prerequisites

The configuration of NTP authentication involves configuration tasks to be implemented on the client and

on the server.
When configuring NTP authentication, follow these guidelines:

For all synchronization modes, when you enable the NTP authentication feature, configure an
authentication key and specify it as a trusted key. In other words, the ntp-service authentication

enable command must work together with the ntp-service authentication-keyid command and the

ntp-service reliable authentication-keyid command. Otherwise, the NTP authentication function

cannot be normally enabled.

For the client/server mode or symmetric mode, associate the specified authentication key on the

client (symmetric-active peer if in the symmetric peer mode) with the corresponding NTP server
(symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTP authentication feature

cannot be normally enabled.

For the broadcast server mode or multicast server mode, associate the specified authentication key
on the broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTP

authentication feature cannot be normally enabled.

For the client/server mode, if the NTP authentication feature has not been enabled for the client, the

client can synchronize with the server regardless of whether the NTP authentication feature has
been enabled for the server or not. If the NTP authentication is enabled on a client, the client can

be synchronized only to a server that can provide a trusted authentication key.

For all synchronization modes, the server side and the client side must be consistently configured.

Configuration procedure

Configuring NTP authentication for a client

To configure NTP authentication for a client:

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: