126
• The device uses the acl ipv4-acl-number or acl ipv6-acl-number option to identify the peer
device that can use the key ID only when an SNTP session for the peer device is required to be
established or after the SNTP session has been established.
• If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for
authentication.
• If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for
authentication.
To ensure a successful authentication, configure the same key ID, authentication algorithm, and key
on the time server and client.
After you configure an SNTP authentication key, use the sntp reliable authentication-keyid
command to set it as a trusted key. The key automatically changes to untrusted after you delete the
key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid
command.
The security strength of the five algorithms, in descending order, is HMAC-SHA-512,
HMAC-SHA-384, HMAC-SHA-256, HMAC-SHA-1, and MD5.
You can set a maximum of 128 authentication keys by executing the command.
Examples
# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey. Input the key in
plain text.
<Sysname> system-view
[Sysname] sntp authentication enable
[Sysname] sntp authentication-keyid 10 authentication-mode md5 simple BetterKey
Related commands
sntp authentication enable
sntp reliable authentication-keyid
sntp enable
Use sntp enable to enable the SNTP service.
Use undo sntp enable to disable the SNTP service.
Syntax
sntp enable
undo sntp enable
Default
The SNTP service is disabled.
Views
System view
Predefined user roles
network-admin
Examples
# Enable the SNTP service.
<Sysname> system-view
[Sysname] sntp enable
To Next Page
Loading...
Need help?
General