HP VPN Firewall Appliances System Management and Maintenance Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

131

132

133

134

135

136

137

138

139

140

124

The following describes how an association is established in different operation modes:

• Client/server mode—After you specify an NTP server, the system creates a static association on the

client. The server simply responds passively upon the receipt of a message, rather than creating an

association (static or dynamic).

• Symmetric active/passive mode—After you specify a symmetric-passive peer on a symmetric active

peer, static associations are created on the symmetric-active peer, and dynamic associations are

created on the symmetric-passive peer.

• Broadcast or multicast mode—Static associations are created on the server, and dynamic

associations are created on the client.

A single device can have a maximum of 128 concurrent associations, including static associations and

dynamic associations.

To configure the allowed maximum number of dynamic sessions:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Configure the maximum number of

dynamic sessions allowed to be

established locally.

ntp-service max-dynamic-sessions

number

The default is 100.

Configuring access-control rights

From the highest to lowest, the NTP service access-control rights are peer, server, synchronization, and

query. If a device receives an NTP request, it performs an access-control right match and uses the first

matched right. If no matched right is found, the device drops the NTP request.

• Query—Control query permitted. This level of right permits the peer devices to perform control

query to the NTP service on the local device but does not permit a peer device to synchronize its

clock to that of the local device. The so-called "control query" refers to query of some states of the

NTP service, including alarm information, authentication status, clock source information, and so

on.

• Synchronization—Server access only. This level of right permits a peer device to synchronize its

clock to that of the local device but does not permit the peer devices to perform control query.

• Server—Server access and query permitted. This level of right permits the peer devices to perform

synchronization and control query to the local device but does not permit the local device to

synchronize its clock to that of a peer device.

• Peer—Full access. This level of right permits the peer devices to perform synchronization and control

query to the local device and also permits the local device to synchronize its clock to that of a peer

device.

The access-control right mechanism provides only a minimum level of security protection for a system

running NTP. A more secure method is identity authentication.

Configuration prerequisites

Before you configure the NTP service access-control right to the local device, create and configure an

ACL associated with the access-control right. For more information about ACLs, see Access Control

Configuration Guide.