beautypg.com

H3C Technologies H3C SecBlade LB Cards User Manual

Page 134

background image

124

On the client, if NTP authentication is enabled and a key is specified to associate with the NTP

server, but the key is not a trusted key, the client does not synchronize to the server no matter whether
NTP authentication is enabled or not on the server.

To configure NTP authentication for a client:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is
disabled.

3.

Configure an NTP
authentication key.

ntp-service authentication-keyid
keyid authentication-mode md5

[ cipher | simple ] value

By default, no NTP authentication
key is configured.
Configure the same authentication

key on the client and server.

4.

Configure the key as a trusted

key.

ntp-service reliable
authentication-keyid keyid

By default, no authentication key is
configured to be trusted.

5.

Associate the specified key
with an NTP server.

ntp-service unicast-server
{ ip-address | server-name }

authentication-keyid keyid

You can associate a non-existing
key with an NTP server. To enable

NTP authentication, you must
configure the key and specify it as

a trusted key after associating the

key with the NTP server.

To configure NTP authentication for a server:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is
disabled.

3.

Configure an NTP

authentication key.

ntp-service authentication-keyid

keyid authentication-mode md5
[ cipher | simple ] value

By default, no NTP authentication
key is configured.
Configure the same authentication
key on the client and server.

4.

Configure the key as a trusted
key.

ntp-service reliable
authentication-keyid keyid

By default, no authentication key is
configured to be trusted.

Configuring NTP authentication in symmetric peers mode

Follow these instructions to configure NTP authentication in symmetric peers mode:

An active symmetric peer can synchronize to the passive symmetric peer only when you configure
all the required tasks on both the active symmetric peer and passive symmetric peer.

When the active peer has a greater stratum level than the passive peer:

{

On the active peer, if NTP authentication is not enabled or no key is specified to associate with
the passive peer, the active peer synchronizes to the passive peer as long as NTP authentication

is disabled on the passive peer.

{

On the active peer, if NTP authentication is enabled and a key is associated with the passive
peer, but the key is not a trusted key, no matter whether NTP authentication is enabled or not on

the passive peer, the active peer does not synchronize to the passive peer.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: