11
device discards the message. This function makes sure the device does not synchronize to an
unauthorized time server.
Figure 7 NTP authentication
As shown in Figure 7, NTP authentication works as follows:
1. The sender uses the MD5 algorithm to calculate the NTP message according to the key
identified by a key ID, and sends the calculated digest together with the NTP message and key
ID to the receiver.
2. Upon receiving the message, the receiver finds the key according to the key ID in the message,
uses the MD5 algorithm to calculate the digest, and compares the digest with the digest
contained in the NTP message. If they are the same, the receiver accepts the message.
Otherwise, it discards the message.
Protocols and standards
• RFC 1305, Network Time Protocol (Version 3) Specification, Implementation and Analysis
• RFC 5905, Network Time Protocol Version 4: Protocol and Algorithms Specification
Configuration restrictions and guidelines
Follow these restrictions and guidelines when you configure NTP:
• You cannot configure both NTP and SNTP on the same device.
• Do not configure NTP on an aggregate member port.
• The NTP service and SNTP service are mutually exclusive. You can only enable either NTP
service or SNTP service at a time.
• To ensure time synchronization accuracy, do not specify more than one reference source.
Doing so might cause frequent time changes or even synchronization failures.
• Make sure you use the clock protocol command to specify the time protocol as NTP. For more
information about the clock protocol command, see Fundamentals Command Reference.
Configuration task list
Tasks at a glance
(Required.) Enabling the NTP service
(Required.) Perform one or both of the following tasks:
• Configuring NTP association mode
• Configuring the local clock as a reference source
Key value
Message
Sender
Message
Sends to the
receiver
Digest
Receiver
Compare
Compute the
digest
Compute the
digest
Digest
Key ID
Message
Digest
Key ID
Key value
To Next Page
Loading...
Need help?
General
