Configuration procedure
To configure the NTP service access-control right to the local device:
Step
1.
Enter system view.
2.
Configure the NTP service
access-control right for a peer
device to access the local
device.
The access-control right mechanism provides only a minimum degree of security protection for the system
running NTP. A more secure method is identity authentication.
Configuring NTP authentication
Enable NTP authentication for a system running NTP in a network where there is a high security demand.
NTP authentication enhances network security by using client-server key authentication, which prohibits
a client from synchronizing with a device that fails authentication.
To configure NTP authentication, do the following:
Enable NTP authentication
•
•
Configure an authentication key
Configure the key as a trusted key
•
Associate the specified key with an NTP server or a symmetric peer
•
These tasks are required. If any task is omitted, NTP authentication cannot function.
Configuring NTP authentication in client/server mode
Follow these instructions to configure NTP authentication in client/server mode:
A client can synchronize to the server only when you configure all the required tasks on both the
•
client and server.
•
On the client, if NTP authentication is not enabled or no key is specified to associate with the NTP
server, the client is not authenticated. No matter whether NTP authentication is enabled or not on
the server, the clock synchronization between the server and client can be performed.
On the client, if NTP authentication is enabled and a key is specified to associate with the NTP
•
server, but the key is not a trusted key, the client does not synchronize to the server no matter whether
NTP authentication is enabled or not on the server.
Configuring NTP authentication for a client
Step
1.
Enter system view.
2.
Enable NTP authentication.
Command
system-view
ntp-service access { peer | query |
server | synchronization }
acl-number
Command
system-view
ntp-service authentication enable
35
Remarks
N/A
The default is peer.
Remarks
N/A
By default, NTP authentication is
disabled.