Configuration prerequisites, Configuring ntp authentication for a client – H3C Technologies H3C SecBlade NetStream Cards User Manual

198

Configuration prerequisites

The configuration of NTP authentication involves configuration tasks to be implemented on the client and

on the server. The SecBlade NetStream card functions only as the client.
When configuring NTP authentication, note the following:

•

For all synchronization modes, when you enable the NTP authentication feature, configure an

authentication key and specify it as a trusted key. In other words, the ntp-service authentication
enable command must work together with the ntp-service authentication-keyid command and the

ntp-service reliable authentication-keyid command. Otherwise, the NTP authentication function

cannot be normally enabled.

•

For the client/server mode, associate the specified authentication key on the client with the
corresponding NTP server. Otherwise, the NTP authentication feature cannot be normally enabled.

•

For the broadcast server mode or multicast server mode, associate the specified authentication key

on the broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTP
authentication feature cannot be normally enabled.

•

For the client/server mode, if the NTP authentication feature has not been enabled for the client, the
client can synchronize with the server regardless of whether the NTP authentication feature has

been enabled for the server or not. If the NTP authentication is enabled on a client, the client can

be synchronized only to a server that can provide a trusted authentication key.

•

For all synchronization modes, the server side and the client side must be consistently configured.

Configuring NTP authentication for a client

Follow these steps to configure NTP authentication for a client:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable NTP authentication

ntp-service authentication enable

Required
Disabled by default

Configure an NTP
authentication key

ntp-service authentication-keyid
keyid authentication-mode md5

value

Required
No NTP authentication key by default

Configure the key as a trusted
key

ntp-service reliable
authentication-keyid keyid

Required
By default, no authentication key is
configured to be trusted.

Associate the specified key
with an NTP server

ntp-service unicast-server
{ ip-address | server-name }

authentication-keyid keyid

Required
You can associate a non-existing key with
an NTP server. To enable NTP

authentication, you must configure the key

and specify it as a trusted key after
associating the key with the NTP server.

NOTE:

After you enable the NTP authentication feature for the client, make sure that you configure for the client
an authentication key that is the same as on the server and specify that the authentication key is trusted.
Otherwise, the client cannot be synchronized to the server.