2060
C
111: NTP C
HAPTER
Configuration
Prerequisites
Configuration Procedure
Configuring NTP
Authentication
Configuration
Prerequisites
ONFIGURATION
query: control query permitted. This level of right permits the peer device to
■
perform control query to the NTP service on the local device but does not
permit the peer device to synchronize its clock to the local device. The so-called
"control query" refers to query of some states of the NTP service, including
alarm information, authentication status, clock source information, and so on.
synchronization: server access only. This level of right permits the peer device
■
to synchronize its clock to the local device but does not permit the peer device
to perform control query.
server: server access and query permitted. This level of right permits the peer
■
device to perform synchronization and control query to the local device but
does not permit the local device to synchronize its clock to the peer device.
peer: full access. This level of right permits the peer device to perform
■
synchronization and control query to the local device and also permits the local
device to synchronize its clock to the peer device.
From the highest NTP service access-control right to the lowest one are peer,
server, synchronization, and query. When a device receives an NTP request, it
will perform an access-control right match and will use the first matched right.
Prior to configuring the NTP service access-control right to the local device, you
need to create and configure an ACL associated with the access-control right. For
the configuration of ACL, refer to
Follow these steps to configure the NTP service access-control right to the local
device:
To do...
Enter system view
Configure the NTP service
access-control right to the
local device
n
The access-control right mechanism provides only a minimum degree of security
protection for the system running NTP. A more secure method is identity
authentication.
The NTP authentication feature should be enabled for a system running NTP in a
network where there is a high security demand. This feature enhances the
network security by means of client-server key authentication, which prohibits a
client from synchronizing with a device that has failed authentication.
The configuration NTP authentication involves configuration tasks to be
implemented on the client and on the server.
When configuring the NTP authentication feature, pay attention to the following
principles:
For all synchronization modes, when you enable the NTP authentication
■
feature, you should configure an authentication key and specify it as a trusted
"Configuring ACLs" on page
Use the command...
system-view
ntp-service access { peer |
query | server |
synchronization }
acl-number
1881.
Remarks
-
Required
peer by default