Configuring Access
Control Right
Configuring NTP
Authentication
Configuration
Prerequisites
NTP broadcast server mode
When a Switch 4500 operates in NTP broadcast server mode, it broadcasts clock
synchronization packets periodically. The devices in NTP broadcast client mode will
respond to these packets and start the clock synchronization process.
NTP multicast server mode
When a Switch 4500 operates in NTP multicast server mode, it multicasts clock
synchronization packets periodically. The devices in the NTP multicast client mode
will respond to these packets and start the clock synchronization process. The
switch operating in this mode can support up to 1,024 multicast clients.
The total number of the servers and peers configured for a switch is up to 128.
■
After the configuration, a Switch 4500 does not establish connections with
■
peers if it operates in NTP server mode. Whereas if it operates in any of the
other modes, it establishes connections with peers.
If a Switch 4500 operates in passive peer mode, NTP broadcast client mode, or
■
NTP multicast client mode, it establishes connections with peers dynamically. If
it operates in any of the other modes, it establishes connections with peers
statically.
The access control right to the NTP server only provides a minimal degree of
security measure. A more secure way is to perform identity authentication.
The right of an access request received by the NTP server is matched from the
highest to the lowest in order of peer, server, synchronization, and query.
Table 337 Configure the access control right to the local NTP server
Operation
Enter system view
Configure the access
control right to the local
NTP server
In networks with higher security requirements, the NTP authentication function
must be enabled to run NTP. Through password authentication on the client and
the server, the client is synchronized only to the server that passes the
authentication. This improves network security.
NTP authentication configuration involves:
Configuring NTP authentication on the client
■
Configuring NTP authentication on the server
■
Observe the following principles when configuring NTP authentication:
If the NTP authentication function is not enabled on the client, the client can be
■
synchronized to a server no matter whether the NTP authentication function is
Configuring Access Control Right
Command
system-view
ntp-service access { peer |
server | synchronization |
query } acl-number
Description
Optional
By default, the access control right
to the local NTP server is peer.
299