Ntp-Service Inbound Disable - H3C S5830V2 Series Command Reference Manual

Network management and monitoring

Hide thumbs Also See for S5830V2 Series:

Security configuration manual (332 pages)

Configuration manual (318 pages)

Command reference manual (301 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

page of 137

/ 137
Contents
Table of Contents
Bookmarks

Table of Contents

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time

server information) and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries, but does not allow the local device to synchronize

itself to a peer device.

synchronization: Allows only time requests from a system whose address passes the access list criteria.

acl-number: Specifies an ACL. The peer devices that match the ACL have the access right specified in this

command. The acl-number argument represents a basic ACL number, in the range of 2000 to 2999.

Usage guidelines

You can control IPv6 NTP access by using Access Control List (ACL). The access rights are in the following

order, from least restrictive to most restrictive: peer, server, synchronization, and query.

The device processes an NTP request by following these rules:

•

If no NTP access control is configured, peer is granted to the local device and peer devices.

If the IP address of the peer device matches a permit statement in an ACL for more than one access

•

right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is

matched, no access right is granted.

If no ACL is created for a specific access right, the associated access right is not granted.

•

If no ACL is created for any access right, peer is granted.

•

The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is more

secure.

Examples

# Configure the peer devices on subnet 2001::1 to have full access to the local device.

<Sysname> system-view

[Sysname] acl ipv6 number 2001

[Sysname-acl6-basic-2001] rule permit source 2001::1 64

[Sysname-acl6-basic-2001] quit

[Sysname] ntp-service ipv6 peer acl 2001

Related commands

ntp-service authentication enable

•

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

•