R3721-F3210-F3171-HP High-End Firewalls System Management and Maintenance Configuration Guide-6PW101
106
Configuring the maximum number of dynamic sessions
allowed
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the maximum number of
dynamic sessions allowed to be
established locally.
ntp-service max-dynamic-sessions
number
The default is 100.
Configuring access-control rights
You can configure the NTP service access-control right to the local device. Four access-control rights are
available, from the lowest to the highest. When a device receives an NTP request, it performs an
access-control right match and uses the first matched right. If no matched right is found, the device drops
the NTP request.
• query—Control query permitted. This level of right permits the peer device to perform control query
to the NTP service on the local device but does not permit the peer device to synchronize its clock
to the local device. The so-called "control query" refers to query of some states of the NTP service,
including alarm information, authentication status, and clock source information.
• synchronization—Server access only. This level of right permits the peer device to synchronize its
clock to the local device but does not permit the peer device to perform control query.
• server—Server access and query permitted. This level of right permits the peer device to perform
synchronization and control query to the local device but does not permit the local device to
synchronize its clock to the peer device.
• peer—Full access. This level of right permits the peer device to perform synchronization and control
query to the local device and also permits the local device to synchronize its clock to the peer
device.
The access-control right mechanism provides only a minimum level of security protection for a system
running NTP. A more secure method is identity authentication.
Configuration prerequisites
Before you configure the NTP service access-control right to the local device, create and configure an
ACL associated with the access-control right. For more information about ACLs, see ACL and QoS
Configuration Guide.
Configuration procedure
To configure the NTP service access-control right to the local device:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the NTP service
access-control right for a peer device to
access the local device.
ntp-service access { peer | query |
server | synchronization } acl-number
The default is peer.