66
Configuration prerequisites
The configuration of NTP authentication involves configuration tasks to be implemented on the client and
on the server.
When configuring NTP authentication:
• For all synchronization modes, when you enable the NTP authentication feature, configure an
authentication key and specify it as a trusted key. The ntp-service authentication enable command
must work together with the ntp-service authentication-keyid command and the ntp-service reliable
authentication-keyid command. Otherwise, the NTP authentication function cannot be normally
enabled.
• For the client/server mode or symmetric mode, associate the specified authentication key on the
client (symmetric-active peer if in the symmetric peer mode) with the NTP server (symmetric-passive
peer if in the symmetric peer mode). Otherwise, the NTP authentication feature cannot be normally
enabled.
• For the broadcast server mode or multicast server mode, associate the specified authentication key
on the broadcast server or multicast server with the NTP server. Otherwise, the NTP authentication
feature cannot be normally enabled.
• For the client/server mode, if the NTP authentication feature has not been enabled for the client, the
client can synchronize with the server regardless of whether the NTP authentication feature has been
enabled for the server or not. If the NTP authentication is enabled on a client, the client can only be
synchronized to a server that can provide a trusted authentication key.
• For all synchronization modes, the server side and the client side must be consistently configured.
Configuration procedure
Configuring NTP authentication for a client
To do… Use the command… Remarks
1. Enter system view.
system-view —
2. Enable NTP authentication.
ntp-service authentication enable
Required.
Disabled by default.
3. Configure an NTP
authentication key.
ntp-service authentication-keyid
keyid authentication-mode md5
value
Required.
No NTP authentication key by
default.
4. Configure the key as a trusted
key.
ntp-service reliable authentication-
keyid keyid
Required.
By default, no authentication key
is configured to be trusted.
Client/server mode:
ntp-service unicast-server { ip-
address | server-name }
authentication-keyid keyid
5. Associate the specified key
with an NTP server.
Symmetric peers mode:
ntp-service unicast-peer { ip-
address | peer-name }
authentication-keyid keyid
Required.
You can associate a non-existing
key with an NTP server. To enable
NTP authentication, you must
configure the key and specify it as
a trusted key after associating the
key with the NTP server.
To Next Page
Loading...
