R3204P16-HP Load Balancing Module System Management Configuration Guide-6PW101
103
NOTE:
The access-control right mechanism provides only a minimum level of security protection for a system
running NTP. A more secure method is identity authentication.
Configuring NTP authentication
NTP authentication should be enabled for a system running NTP in a network where there is a high
security demand. It enhances the network security by means of client-server key authentication, which
prohibits a client from synchronizing with a device that has failed authentication.
Configuration prerequisites
The configuration of NTP authentication involves configuration tasks to be implemented on the client and
on the server.
When configuring NTP authentication, note the following:
• For all synchronization modes, when you enable the NTP authentication feature, configure an
authentication key and specify it as a trusted key. In other words, the ntp-service authentication
enable command must work together with the ntp-service authentication-keyid command and the
ntp-service reliable authentication-keyid command. Otherwise, the NTP authentication function
cannot be normally enabled.
• For client/server mode or symmetric mode, associate the specified authentication key on the client
(symmetric-active peer if in the symmetric peer mode) with the corresponding NTP server
(symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTP authentication feature
cannot be normally enabled.
• For broadcast server mode or multicast server mode, associate the specified authentication key on
the broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTP
authentication feature cannot be normally enabled.
• For client/server mode, if the NTP authentication feature has not been enabled for the client, the
client can synchronize with the server regardless of whether the NTP authentication feature has
been enabled for the server or not. If the NTP authentication is enabled on a client, the client can
be synchronized only to a server that can provide a trusted authentication key.
• For all synchronization modes, the server side configuration and the client side configuration must
be consistently.
Configuration procedure
Configuring NTP authentication for a client
Follow these steps to configure NTP authentication for a client:
To do… Use the command…
Remarks
Enter system view system-view —
Enable NTP
authentication
ntp-service authentication enable
Required
Disabled by default
Configure an NTP
authentication key
ntp-service authentication-keyid keyid
authentication-mode md5 value
Required
No NTP authentication key by default