95
Use undo ntp-service authentication-keyid to remove an NTP authentication key.
Syntax
ntp-service authentication-keyid keyid authentication-mode md5 { cipher | simple } string [ acl
ipv4-acl-number | ipv6 acl ipv6-acl-number ] *
undo ntp-service authentication-keyid keyed
Default
No NTP authentication key is set.
Views
System view
Predefined user roles
network-admin
Parameters
keyid: Specifies a key ID to identify an authentication key, in the range of 1 to 4294967295.
authentication-mode md5 value: Uses the MD5 algorithm for key authentication.
cipher: Specifies a key in encrypted form.
simple: Specifies a key in plaintext form. For security purposes, the key specified in plaintext form
will be stored in encrypted form.
string: Specifies the key. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its
encrypted form is a case-sensitive string of 1 to 73 characters.
acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only
the devices permitted by the ACL can use the key ID for authentication.
ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999.
Only the devices permitted by the ACL can use the key ID for authentication.
Usage guidelines
In a network where there is a high security demand, the NTP authentication feature must be enabled
for a system running NTP. This feature enhances the network security by using client-server key
authentication, which prohibits a client from synchronizing to a device that has failed the
authentication.
The key ID in the message from the peer device identifies the key used for authentication. The acl
ipv4-acl-number and acl ipv6-acl-number options are used to identify the peer device that can use
the key ID.
If the specified IPv4 or IPv6 ACL does not exist, any device can use the key ID for
authentication.
If the specified IPv4 or IPv6 ACL does not contain any rules, no device can use the key ID for
authentication.
To ensure a successful NTP authentication, configure the same key ID, authentication algorithm, and
key on the time server and client.
After you specify an NTP authentication key, use the ntp-service reliable authentication-keyid
command to configure the key as a trusted key. The key automatically changes to untrusted after you
delete the key. In this case, you do not need to execute the undo ntp-service reliable
authentication-keyid command.
You can set a maximum of 128 keys by executing the command.
Examples
# Set a plaintext MD5 authentication key, with the key ID of 10 and key value of BetterKey.
<Sysname> system-view
To Next Page
Loading...
Need help?
General
