WESM zl Management and Configuration Guide WT.01.28 and greater

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

241

242

243

244

245

246

247

248

249

250

2-142

Configuring the ProCurve Wireless Edge Services zl Module

Enabling Secure Network Time Protocol (NTP)

Configuring a Secure NTP Server

As an NTP server, the Wireless Edge Services zl Module sends the time to stations

and devices that request this information. To obtain the correct time, it can use its

internal clock, exchange messages with other servers in your network (called its NTP

neighbors), or both.

To configure secure NTP, first determine the module’s function in your network’s

NTP implementation:

1. If the Wireless Edge Services zl Module simply needs to accept the time from

an NTP server, complete one of the tasks below:

• Enable the module to listen for NTP broadcasts.

• Configure the module to request the time from NTP servers:

– Add up to three NTP neighbors in server mode.

– For additional security, require authentication.

When you require symmetric key authentication, first configure a key

that matches each server’s key.

When you require autokey authentication, make sure that your module

has the appropriate certificate.

■ If the module should act as an NTP server, complete these tasks:

• If you want the module to use its internal clock to serve the time, configure

it to act as the master clock.

• Optionally, apply ACLs to control access to the module’s NTP services.

• Optionally, require authentication for neighbors, configuring one of the

following options for keys:

– For auto-key, enable the feature and make sure that the module has the

necessary public and private keys (stored in a server certificate in a

trustpoint configuration).

– Manually create symmetric keys.

• Add up to three neighbors. The correct neighbor configuration depends on

your network’s NTP implementation:

– Your module acts as the master clock and is your network’s only time

server. No neighbors are required.

– Your module acts as your network’s only time server and receives its

time from one or more servers on the Internet. Specify up to three

Internet servers as neighbors in server mode.

– Your module works with other NTP servers in your network. You can

add a combination of up to three servers and peers. For example, you

might configure an NTP server on the Internet as a neighbor in server

mode and two other NTP servers on your LAN as neighbors in peer

mode.