Access Control
Permission
Configuration
NTP Authentication
Configuration
Prerequisites
The total number of the servers and peers configured for a switch can be up to
■
128.
After the configuration, the S4200G series switch does not establish connections
■
with the peer if it operates in NTP server mode. Whereas if it operates in any of the
other modes, it establishes connections with the peer.
If an S4200G series switch operates as a passive peer in peer mode, NTP broadcast
■
client mode, or NTP multicast client mode, the connections it establishes with the
peers are dynamic. If it operates in other modes, the connections it establishes
with the peers are static.
Access control permission to NTP server is a security measure that is of the minimum
extent. Authentication is more reliable comparing to it.
An access request made to an NTP server is matched from the highest permission to
the lowest, that is, in the order of peer, server, synchronization, and query.
Table 258 Configure the access control permission to the local NTP server
Operation
Command
Enter system view
system-view
Configure the access
ntp-service access { peer |
control permission to
server | synchronization |
the local NTP server
query } acl-number
For the networks with higher security requirements, you can specify to perform
authentications when enabling NTP. With the authentications performed on both the
client side and the server side, the client is synchronized only to the server that passes
the authentication. This improves network security.
NTP authentication configuration involves:
Configuring NTP authentication on the client
■
Configuring NTP authentication on the server
■
Note the following when performing NTP authentication configuration:
If the NTP authentication is not enabled on a client, the client can be synchronized
■
to a server regardless of the NTP authentication configuration performed on the
server (assuming that the related configurations are performed).
You need to couple the NTP authentication with a trusted key.
■
The configurations performed on the server and the client must be the same.
■
A client with NTP authentication enabled is only synchronized to a server that can
■
provide a trusted key.
Access Control Permission Configuration 297
Description
—
Optional
By default, the access control
permission to the local NTP server is
peer.