104 
ntp-service authentication-keyid 
Use ntp-service authentication-keyid to set an NTP authentication key. 
Use undo ntp-service authentication-keyid to remove an NTP authentication key. 
Syntax 
ntp-service  authentication-keyid  keyid  authentication-mode { hmac-sha-1 | hmac-sha-256 | 
hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl 
ipv6-acl-number ] * 
undo ntp-service authentication-keyid keyid 
Default 
No NTP authentication key exists. 
Views 
System view 
Predefined user roles 
network-admin 
Parameters 
keyid: Specifies an authentication key ID in the range of 1 to 4294967295. 
authentication-mode: Specifies an authentication algorithm. 
• hmac-sha-1: Specifies the HMAC-SHA-1 algorithm. 
• hmac-sha-256: Specifies the HMAC-SHA-256 algorithm. 
• hmac-sha-384: Specifies the HMAC-SHA-384 algorithm. 
• hmac-sha-512: Specifies the HMAC-SHA-512 algorithm. 
• md5: Specifies the MD5 algorithm. 
cipher: Specifies an authentication key in encrypted form. 
simple: Specifies an authentication key in plaintext form. For security purposes, the authentication 
key specified in plaintext form will be stored in encrypted form. 
string: Specifies a case-sensitive authentication key. Its plaintext form is a string of 1 to 32 characters. 
Its encrypted form is a string of 1 to 73 characters. 
acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only 
the devices permitted by the ACL can use the key ID for authentication. 
ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. 
Only the devices permitted by the ACL can use the key ID for authentication. 
Usage guidelines 
In a network where there is a high security demand, the NTP authentication feature must be enabled 
for a system running NTP. This feature enhances the network security by using client-server key 
authentication, which prohibits a client from synchronizing to a device that has failed the 
authentication. 
The key ID in the message from the peer device identifies the key used for authentication. The acl 
ipv4-acl-number or acl ipv6-acl-number option is used to identify the peer device that can use the 
key ID. 
•  The device uses the acl ipv4-acl-number or acl ipv6-acl-number option to identify the peer 
device that can use the key ID only when an NTP session for the peer device is required to be 
established or after the NTP session has been established.