14
ntp-service authentication-keyid
Use
ntp-service authentication-keyid
to set an NTP authentication key.
Use
undo ntp-service authentication-keyid
to remove an NTP authentication key.
Syntax
ntp-service
authentication-keyid
keyid
authentication-mode
{
hmac-sha-1
|
hmac-sha-256
|
hmac-sha-384
|
hmac-sha-512
|
md5
}
{
cipher
|
simple
}
string
[
acl
ipv4-acl-number
|
ipv6
acl ipv6-acl-number
]
*
undo ntp-service authentication-keyid
keyid
Default
No NTP authentication key exists.
Views
System view
Predefined user roles
network-admin
Parameters
keyid
: Specifies an authentication key ID in the range of 1 to 4294967295.
authentication-mode
: Specifies an authentication algorithm.
•
hmac-sha-1
: Specifies the HMAC-SHA-1 algorithm.
•
hmac-sha-256
: Specifies the HMAC-SHA-256 algorithm.
•
hmac-sha-384
: Specifies the HMAC-SHA-384 algorithm.
•
hmac-sha-512
: Specifies the HMAC-SHA-512 algorithm.
•
md5
: Specifies the MD5 algorithm.
cipher
: Specifies an authentication key in encrypted form.
simple
: Specifies an authentication key in plaintext form. For security purposes, the authentication
key specified in plaintext form will be stored in encrypted form.
string
: Specifies a case-sensitive authentication key. Its plaintext form is a string of 1 to 32
characters. Its encrypted form is a string of 1 to 73 characters.
acl
ipv4-acl-number
: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999.
Only the devices permitted by the ACL can use the key ID for authentication.
ipv6
acl
ipv6-acl-number
: Specifies an IPv6 basic ACL by its number in the range of 2000 to
2999. Only the devices permitted by the ACL can use the key ID for authentication.
Usage guidelines
In a network where there is a high security demand, the NTP authentication feature must be enabled
for a system running NTP. This feature enhances the network security by using client-server key
authentication, which prohibits a client from synchronizing to a device that has failed the
authentication.
The key ID in the message from the peer device identifies the key used for authentication. The
acl
ipv4-acl-number
or
acl
ipv6-acl-number
option is used to identify the peer device that can
use the key ID.
•
The device uses the
acl
ipv4-acl-number
or
acl
ipv6-acl-number
option to identify
whether the peer device can use the key ID only when an NTP session to the peer device is to
be established or has already existed.
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...