1-12
Configuration Prerequisites
NTP authentication configuration involves:
z Configuring NTP authentication on the client
z Configuring NTP authentication on the server
Observe the following principles when configuring NTP authentication:
z If the NTP authentication function is not enabled on the client, the clock of the client can be
synchronized to a server no matter whether the NTP authentication function is enabled on the
server (assuming that other related configurations are properly performed).
z For the NTP authentication function to take effect, a trusted key needs to be configured on both the
client and server after the NTP authentication is enabled on them.
z The local clock of the client is only synchronized to the server that provides a trusted key.
z In addition, for the server/client mode and the symmetric peer mode, you need to associate a
specific key on the client (the symmetric-active peer in the symmetric peer mode) with the
corresponding NTP server (the symmetric-passive peer in the symmetric peer mode); for the NTP
broadcast/multicast mode, you need to associate a specific key on the broadcast/multicast server
with the corresponding NTP broadcast/multicast client. Otherwise, NTP authentication cannot be
enabled normally.
z Configurations on the server and the client must be consistent.
Configuration Procedure
Configuring NTP authentication on the client
Follow these steps to configure NTP authentication on the client:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable the NTP authentication
function
ntp-service authentication
enable
Required
Disabled by default.
Configure the NTP
authentication key
ntp-service
authentication-keyid key-id
authentication-model md5
value
Required
By default, no NTP
authentication key is
configured.
Configure the specified key as
a trusted key
ntp-service reliable
authentication-keyid key-id
Required
By default, no trusted key is
configured.
Configure on the
client in the
server/client mode
ntp-service unicast-server
{ remote-ip | server-name }
authentication-keyid key-id
Associat
e the
specified
key with
the
correspo
nding
NTP
server
Configure on the
symmetric-active
peer in the
symmetric peer
mode
ntp-service unicast-peer
{ remote-ip | peer-name }
authentication-keyid key-id
Required
For the client in the NTP
broadcast/multicast mode,
you just need to associate the
specified key with the client
on the corresponding server.
To Next Page
Loading...
