Ntp-Service Ipv6 Acl - HPE FlexFabric 5930 Series Network Management And Monitoring Command Reference
Hide thumbs
Also See for FlexFabric 5930 Series:
- Ip multicast configuration manual (391 pages) ,
- Command reference manual (62 pages)
Table of Contents
Advertisement
ntp-service ipv6 acl
Use ntp-service ipv6 acl to configure the access-control right for the peer devices to access the
IPv6 NTP services of the local device.
Use undo ntp-service ipv6 acl to remove the configured NTP service access-control right.
Syntax
ntp-service ipv6 { peer | query | server | synchronization } acl acl-number
undo ntp-service ipv6 { peer | query | server | synchronization } acl acl-number
Default
The access-control right for the peer devices to access the IPv6 NTP services of the local device is
peer.
Views
System view
Predefined user roes
network-admin
Parameters
peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time
server information) and allows the local device to synchronize itself to a peer device.
query: Allows only NTP control queries from a peer device to the local device.
server: Allows time requests and NTP control queries, but does not allow the local device to
synchronize itself to a peer device.
synchronization: Allows only time requests from a system whose address passes the access list
criteria.
acl acl-number: Specifies an ACL. The peer devices that match the ACL have the access right
specified in the command. The acl-number argument represents a basic ACL number in the range of
2000 to 2999.
Usage guidelines
You can control IPv6 NTP access by using ACL. The access rights are in the following order, from
least restrictive to most restrictive: peer, server, synchronization, and query.
The device processes an NTP request by following these rules:
•
If no NTP access control is configured, peer is granted to the local device and peer devices.
•
If the IP address of the peer device matches a permit statement in an ACL for more than one
access right, the least restrictive access right is granted to the peer device. If a deny statement
or no ACL is matched, no access right is granted.
•
If no ACL is created for an access right, the associated access right is not granted.
•
If no ACL is created for any access right, peer is granted.
The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is
more secure.
Examples
# Configure the peer devices on subnet 2001::1 to have full access to the local device.
<Sysname> system-view
[Sysname] acl ipv6 number 2001
[Sysname-acl6-basic-2001] rule permit source 2001::1 64
[Sysname-acl6-basic-2001] quit
28
Advertisement
Table of Contents
