Configuration Prerequisites; Configuration Procedure; Configuring Ntp Authentication - H3C S5100-SI Operation Manual

From the highest NTP service access-control right to the lowest one are peer, server,
synchronization, and query. When a device receives an NTP request, it will perform an
access-control right match in this order and use the first matched right.

Configuration Prerequisites

Prior to configuring the NTP service access-control right to the local switch for peer devices, you need
to create and configure an ACL associated with the access-control right. For the configuration of ACL,
refer to ACL Configuration in Security Volume.

Configuration Procedure

Follow these steps to configure the NTP service access-control right to the local device for peer
devices:
To do...
Enter system view
Configure the NTP service
access-control right to the local
switch for peer devices
The access-control right mechanism provides only a minimum degree of security protection for the local
switch. A more secure method is identity authentication.

Configuring NTP Authentication

In networks with higher security requirements, the NTP authentication function must be enabled to run
NTP. Through password authentication on the client and the server, the clock of the client is
synchronized only to that of the server that passes the authentication. This improves network security.
Table 1-2 shows the roles of devices in the NTP authentication function.
Table 1-2 Description on the roles of devices in NTP authentication function
Role of device
Client
Server
Use the command...
system-view
ntp-service access { peer |
server | synchronization |
query } acl-number
Client in the server/client mode
Client in the broadcast mode
Client in the multicast mode
Symmetric-active peer in the symmetric peer mode
Server in the server/client mode
Server in the broadcast mode
Server in the multicast mode
Symmetric-passive peer in the symmetric peer mode
1-11
—
Optional
peer by default
Working mode
Remarks