Configuring Ntp Security Mechanisms; Establishing The Configuration Task - Huawei S9300 Configuration Manual
Hide thumbs
Also See for S9300:
- Configuration manual - network management (630 pages) ,
- Configuration manual (567 pages) ,
- Configuration manual - multicast (262 pages)
Table of Contents
Advertisement
S9300&S9300E Terabit Routing Switch
Configuration Guide - Network Management
4.4 Configuring NTP Security Mechanisms
This section describes how to configure NTP security mechanisms to guarantee reliable clock
synchronization on networks demanding high security.
4.4.1 Establishing the Configuration Task
Before configuring NTP security mechanisms, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the required data. This can help
you complete the configuration task quickly and accurately.
Applicable Environment
NTP supports two security mechanisms: access authority and NTP authentication.
l
l
Pre-configuration Tasks
Before configuring NTP security mechanisms, complete the following tasks:
Issue 01 (2012-03-15)
Access authority
Access authority is a type of simple security method provided by the S9300&S9300E to
protect local NTP services.
The S9300&S9300E provides four access authority levels. When an NTP access request
packet reaches the local end, it is matched in an order from the minimum access authority
to the maximum access authority. The first matched authority level takes effect. The
matching order is as follows:
– peer: indicates the minimum access authority. The remote end can send the request of
the local time and the control query to the local end. The local clock can also be
synchronized with that of the remote server.
– server: indicates the remote end can perform the time request and control query to the
local end but the local clock cannot be synchronized with that of the remote end.
– synchronization: indicates that the remote end can perform only the time request to the
local end.
– query: indicates the maximum access authority. The remote end can perform only the
control query to the local end.
NTP authentication
NTP authentication is required in some networks with high security demands.
The configuration of NTP authentication involves configuring NTP authentication on both
the client and the server.
During the configuration of NTP authentication, pay attention to the following rules:
– Configure NTP authentication on both the client and the server; otherwise, the
authentication does not take effect.
– If NTP authentication is enabled, a reliable key needs to be configured at the same time.
– The authentication key configured on the server and that on the client should be
consistent.
– In NTP peer mode, the symmetric active end equals the client, and the symmetric passive
end equals the server.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
4 NTP Configuration
226
Advertisement
Table of Contents
