Network requirements, Configuration procedure – H3C Technologies H3C SecPath F1000-E User Manual

119

**************************************************************************

[1234] 3.0.1.31 127.127.1.0 2 255 64 26 -16.0 40.0 16.6

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

Total associations : 1

For more information about IGMP and PIM configuration, see Network Management

Configuration Guide.

Configuration example for NTP client/server mode with
authentication

In this configuration example, either Device A or Device B is the SecPath firewall.

Network requirements

As shown in

Figure 54

, perform the following configurations to synchronize the time between Device B

and Device A and ensure network security.
The local clock of Device A is to be configured as a reference source, with the stratum level of 2.
Device B operates in client mode and Device A is to be used as the NTP server of Device B, with Device

B as the client.
NTP authentication is to be enabled on both Device A and Device B.

Figure 54 Network diagram

Configuration procedure

1.

Set the IP address for each interface as shown in

Figure 54

. (Details not shown.)

2.

Configure Device A:
# Specify the local clock as the reference source, with the stratum level of 2.

system-view

[DeviceA] ntp-service refclock-master 2

3.

Configure Device B:

system-view

# Enable NTP authentication on Device B.

[DeviceB] ntp-service authentication enable

# Set an authentication key.

[DeviceB] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey

# Specify the key as a trusted key.

[DeviceB] ntp-service reliable authentication-keyid 42

# Specify Device A as the NTP server of Device B.

[DeviceB] ntp-service unicast-server 1.0.1.11 authentication-keyid 42

Before Device B can synchronize its clock to that of Device A, enable NTP authentication for

Device A.
Perform the following configuration on Device A: