R211x-HP Flexfabric 11900 Network Management and Monitoring Command Reference
25
Usage guidelines
You can control NTP access by using ACL. The access rights are in the following order, from least
restrictive to most restrictive: peer, server, synchronization, and query.
The device processes an NTP request by following these rules:
• If no NTP access control is configured, peer is granted to the local device and peer devices.
• If the IP address of the peer device matches a permit statement in an ACL for more than one access
right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is
matched, no access right is granted.
• If no ACL is created for a specific access right, the associated access right is not granted.
• If no ACL is created for any access right, peer is granted.
The ntp-service acl command provides minimal security for a system running NTP. A more secure method
is NTP authentication.
Examples
# Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ntp-service access peer acl 2001
Related commands
• ntp-service authentication enable
• ntp-service authentication-keyid
• ntp-service reliable authentication-keyid
ntp-service authentication enable
Use ntp-service authentication enable to enable NTP authentication.
Use undo ntp-service authentication enable to disable NTP authentication.
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
Default
NTP authentication is disabled.
Views
System view
Predefined user roles
network-admin
mdc-admin