HP VPN Firewall Appliances System Management and Maintenance Command Reference
132
Usage guidelines
In a security-demanding network, the NTP authentication feature should be enabled for a system running
NTP. This feature enhances the network security by using the client-server key authentication, which
prohibits a client from synchronizing with a device that has failed authentication.
After you specify an NTP authentication key, configure the key as a trusted key by using the ntp-service
reliable authentication-keyid command.
For security purposes, all keys, including keys configured in plain text, are saved in cipher text.
The system supports only the MD5 algorithm for key authentication.
A maximum of 1,024 keys can be set for each device.
If an NTP authentication key is specified as a trusted key, the key automatically changes to untrusted after
you delete the key. In this case, you do not need to execute the undo ntp-service reliable
authentication-keyid command.
Examples
# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey.
<Sysname> system-view
[Sysname] ntp-service authentication enable
[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey
Related commands
ntp-service reliable authentication-keyid
ntp-service broadcast-client
Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and
use the current interface to receive NTP broadcast packets.
Use undo ntp-service broadcast-client to remove the configuration.
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
Default
The device does not operate in any NTP operation mode.
Views
Interface view
Default command level
3: Manage level
Examples
# Configure the device to operate in broadcast client mode and receive NTP broadcast messages on
GigabitEthernet 0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 0/1
[Sysname-GigabitEthernet0/1] ntp-service broadcast-client