Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual
Page 130

119
**************************************************************************
[1234] 3.0.1.31 127.127.1.0 2 255 64 26 -16.0 40.0 16.6
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
Total associations : 1
For more information about IGMP and PIM configuration, see Network Management
Configuration Guide.
Configuration example for NTP client/server mode with
authentication
In this configuration example, either Device A or Device B is the SecPath firewall.
Network requirements
As shown in
, perform the following configurations to synchronize the time between Device B
and Device A and ensure network security.
The local clock of Device A is to be configured as a reference source, with the stratum level of 2.
Device B operates in client mode and Device A is to be used as the NTP server of Device B, with Device
B as the client.
NTP authentication is to be enabled on both Device A and Device B.
Figure 54 Network diagram
Configuration procedure
1.
Set the IP address for each interface as shown in
. (Details not shown.)
2.
Configure Device A:
# Specify the local clock as the reference source, with the stratum level of 2.
[DeviceA] ntp-service refclock-master 2
3.
Configure Device B:
# Enable NTP authentication on Device B.
[DeviceB] ntp-service authentication enable
# Set an authentication key.
[DeviceB] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey
# Specify the key as a trusted key.
[DeviceB] ntp-service reliable authentication-keyid 42
# Specify Device A as the NTP server of Device B.
[DeviceB] ntp-service unicast-server 1.0.1.11 authentication-keyid 42
Before Device B can synchronize its clock to that of Device A, enable NTP authentication for
Device A.
Perform the following configuration on Device A:
- H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS