Configuring access-control rights
You can configure the NTP service access-control right to the local device. The following access control
rights are available:
query—Control query permitted. Permits the peer devices to perform control query to the NTP
•
service on the local device but does not permit a peer device to synchronize its clock to that of the
local device. The "control query" refers to query of some states of the NTP service, including alarm
information, authentication status, clock source information, and so on.
•
synchronization—Server access only. Permits a peer device to synchronize its clock to that of the
local device but does not permit the peer devices to perform control query.
server—Server access and query permitted. Permits the peer devices to perform synchronization and
•
control query to the local device but does not permit the local device to synchronize its clock to that
of a peer device.
•
peer—Full access. Permits the peer devices to perform synchronization and control query to the local
device and also permits the local device to synchronize its clock to that of a peer device.
From the highest NTP service access-control right to the lowest one are peer, server, synchronization, and
query. When a device receives an NTP request, it performs an access-control right match and uses the
first matched right.
Configuration prerequisites
Before you configure the NTP service access-control right to the local device, create and configure an ACL
associated with the access-control right. For more information about ACLs, see ACL and QoS
Configuration Guide.
Configuration procedure
To configure the NTP service access-control right to the local device:
To do...
1.
Enter system view.
2.
Configure the NTP service
access-control right for a peer
device to access the local
device.
NOTE:
The access-control right mechanism only provides a minimum degree of security protection for the
system running NTP. A more secure method is identity authentication.
Configuring NTP authentication
NTP authentication should be enabled for a system running NTP in a network where there is a high
security demand. It enhances the network security by means of client-server key authentication, which
prohibits a client from synchronizing with a device that has failed authentication.
Use the command...
system-view
ntp-service access { peer | query
| server | synchronization } acl-
number
65
Remarks
—
Required.
peer by default