Operation Manual – NTP
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 NTP Configuration
1-15
1.6 Configuring NTP Authentication
The NTP authentication feature should be enabled for a system running NTP in a
network where there is a high security demand. This feature enhances the network
security by means of client-server key authentication, which prohibits a client from
synchronizing with a device that has failed authentication.
1.6.1 Configuration Prerequisites
The configuration NTP authentication involves configuration tasks to be implemented
on the client and on the server.
When configuring the NTP authentication feature, pay attention to the following
principles:
z
For all synchronization modes, when you enable the NTP authentication feature,
you should configure an authentication key and specify it as a trusted key. Namely,
the
ntp-service authentication enable
command must work together with the
ntp-service authentication-keyid
command and the
ntp-service reliable
authentication-keyid
command. Otherwise, the NTP authentication function
cannot be normally enabled.
z
For the server/client mode or symmetric mode, you need to associate the
specified authentication key on the client (symmetric-active peer if in the
symmetric peer mode) with the corresponding NTP server (symmetric-passive
peer if in the symmetric peer mode). Otherwise, the NTP authentication feature
cannot be normally enabled.
z
For the broadcast server mode or multicast server mode, you need to associate
the specified authentication key on the broadcast server or multicast server with
the corresponding NTP server. Otherwise, the NTP authentication feature cannot
be normally enabled.
z
For the server/client mode, if the NTP authentication feature has not been enabled
for the client, the client can synchronize with the server regardless the NTP
authentication feature has been enabled for the server or not.
z
For all synchronization modes, the server side and the client side must be
consistently configured.
z
If the NTP authentication is enabled on a client, the client can be synchronized
only to a server that can provide a trusted authentication key.
1.6.2 Configuration Procedure
I. Configuring NTP authentication for a client
Follow these steps to configure NTP authentication for a client: