958 CHAPTER 77: NTP CONFIGURATION
n
The access-control right mechanism provides only a minimum degree of security
protection for the system running NTP. A more secure method is identity
authentication.
Configuring NTP
Authentication
The NTP authentication feature should be enabled for a system running NTP in a
network where there is a high security demand. This feature enhances the
network security by means of client-server key authentication, which prohibits a
client from synchronizing with a switch that has failed authentication.
Configuration
Prerequisites
The configuration NTP authentication involves configuration tasks to be
implemented on the client and on the server.
When configuring the NTP authentication feature, pay attention to the following
principles:
■ For all synchronization modes, when you enable the NTP authentication
feature, you should configure an authentication key and specify it as a trusted
key. Namely, the ntp-service authentication enable command must work
together with the ntp-service authentication-keyid command and the
ntp-service reliable authentication-keyid command. Otherwise, the NTP
authentication function cannot be normally enabled.
■ For the server/client mode or symmetric mode, you need to associate the
specified authentication key on the client (symmetric-active peer if in the
symmetric peer mode) with the corresponding NTP server (symmetric-passive
peer if in the symmetric peer mode). Otherwise, the NTP authentication feature
cannot be normally enabled.
■ For the broadcast server mode or multicast server mode, you need to associate
the specified authentication key on the broadcast server or multicast server
with the corresponding NTP server. Otherwise, the NTP authentication feature
cannot be normally enabled.
■ For the server/client mode, if the NTP authentication feature has not been
enabled for the client, the client can synchronize with the server regardless the
NTP authentication feature has been enabled for the server or not.
■ For all synchronization modes, the server side and the client side must be
consistently configured.
■ If the NTP authentication is enabled on a client, the client can be synchronized
only to a server that can provide a trusted authentication key.
Configuration Procedure Configuring NTP authentication for a client
Follow these steps to configure NTP authentication for a client:
To do… Use the command… Remarks
Enter system view system-view -
Enable NTP
authentication
ntp-service authentication enable Required
Disabled by default
Configure an NTP
authentication key
ntp-service authentication-keyid
keyid authentication-mode md5
value
Required
No NTP authentication key by
default
To Next Page
Loading...
