Ntp Access Control - Huawei AR530 Series Configuration Manual

Industrial switch router

Hide thumbs Also See for AR530 Series:

Configuration manual (409 pages)

Quick start manual (9 pages)

Hardware installation and maintenance manual (219 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

page of 117

/ 117
Contents
Table of Contents
Bookmarks

Table of Contents

Huawei AR530&AR550 Series Industrial Switch Routers

Configuration Guide - Device Management

NOTE

In NTP implementation, a peer structure is established for each synchronization source, and these peer

structures are stored in a chain in a Hash form. Each peer structure is corresponding to a connection.

Figure 4-7 Manycast mode

Perform clock filtering and

c l o c k s e l e c t i o n , a n d

synchronize its clock to that

of the preferred server

4.2.4 NTP Access Control

When a time server on a synchronization subnet is faulty or encounters a malicious attack,

timekeeping on other clock servers on the subnet should not be affected. To meet this

requirement, NTP provides the following security mechanisms to ensure network security:

access authority, Kiss-o'-Death (KOD) and NTP authentication.

Access Authority

A device provides access authority, which is simpler and more secure, to protect a local clock.

NTP access control is implemented based on an access control list (ACL). NTP supports five

levels of access authority, and a corresponding ACL rule can be specified for each level. If an

NTP access request hits the ACL rule for a level of access authority, they are successfully

matched and the access request enjoys the access authority at this level.

When an NTP access request reaches the local end, the access request is successively matched

with the access authority from the maximum one to the minimum one. The first successfully

matched access authority takes effect. The matching order is as follows:

Issue 01 (2014-11-30)

Client

peer: indicates that a time request may be made for the local clock and a control query may

be performed on the local clock. The local clock can also be synchronized to a remote

server.

server: indicates that a time request may be made for the local clock and a control query

may be performed on the local clock, but the local clock cannot be synchronized with the

clock of the remote server.

synchronization: indicates that only a time request can be made for the local clock.

query: indicates that only a control query can be performed on the local clock.

limited: When the rate of NTP packets exceeds the upper limit, the incoming NTP packets

are discarded, and a Kiss code is sent if the KOD function is enabled.

Huawei Proprietary and Confidential

Periodic request packets

(mode3)

Reply packets (mode4)

4 NTP Configuration

Server

Automatically run in server mode,

and send reply packets

Table of Contents

This manual is also suitable for:

Ar550 series

Ntp Access Control - Huawei AR530 Series Configuration Manual

4.2.4 NTP Access Control

Related Manuals for Huawei AR530 Series

Related Content for Huawei AR530 Series

This manual is also suitable for:

Table of Contents