Dynabrade Dynabug 57810 Скачать руководство пользователя | Manualshive

Страница: 30 / 68

background image

of day and date is obtained when the router boots. The

server

statement identifies the

NTP server used for periodic time synchronization. The

authentication-key

statement

specifies that an HMAC-Message Digest 5 (MD5) scheme should be used to hash the
key value for authentication, which prevents the router or switch from synchronizing with
an attacker’s host posing as the time server.

[edit]
system {

ntp {

authentication-key 2 type md5 value "$9$aH1j8gqQ1gjyjgjhgjgiiiii"; # SECRET-DATA
boot-server 10.1.4.1;
server 10.1.4.2;

}

}

Related

Documentation

NTP Overview on page 3

•

•

Understanding NTP Time Servers on page 5

•

authentication-key

•

boot-server

•

server

•

show ntp associations on page 48

•

show ntp status on page 50

Configuring NTP Authentication Keys

Time synchronization can be authenticated to ensure that the local router or switch
obtains its time services only from known sources. By default, network time
synchronization is unauthenticated. The system will synchronize to whatever system
appears to have the most accurate time. We strongly encourage you to configure
authentication of network time services.

To authenticate other time servers, include the

trusted-key

statement at the

[edit system

ntp]

hierarchy level. Only time servers transmitting network time packets that contain

one of the specified key numbers and whose key matches the value configured for that
key number are eligible to be synchronized to. Other systems can synchronize to the local
router without being authenticated.

[edit system ntp]
trusted-key [ key-numbers ];

Each key can be any 32-bit unsigned integer except 0. Include the

key

option in the

peer

,

server

, or

broadcast

statements to transmit the specified authentication key when

transmitting packets. The key is necessary if the remote system has authentication
enabled so that it can synchronize to the local system.

To define the authentication keys, include the

authentication-key

statement at the

[edit

system ntp]

hierarchy level:

Copyright © 2014, Juniper Networks, Inc.

18

Time Management Administration Guide for Routing Devices

«
...
28
29
30
31
32
...
»

Содержание Dynabug 57810

Страница 1: ...Junos OS Time Management Administration Guide for Routing Devices Release 13 3 Published 2014 04 22 Copyright 2014 Juniper Networks Inc...

Страница 2: ...ime Management Administration Guide for Routing Devices 13 3 Copyright 2014 Juniper Networks Inc All rights reserved The information in this document is current as of the date on the title page YEAR 2...

Страница 3: ...nos OS 12 Synchronizing and Coordinating Time Distribution Using NTP 13 Configuring NTP 13 Configuring the NTP Boot Server 13 Specifying a Source Address for an NTP Server 13 Configuring the NTP Time...

Страница 4: ...31 broadcast 32 broadcast client 33 multicast client 33 ntp 34 peer NTP 35 server NTP 36 source address NTP RADIUS System Logging or TACACS 37 system 38 time zone 39 use imported time zones 41 Part 3...

Страница 5: ...Table 1 Notice Icons ix Table 2 Text and Syntax Conventions x Part 3 Administration Chapter 5 Monitoring Commands 47 Table 3 show ntp associations Output Fields 48 Table 4 show ntp status Output Field...

Страница 6: ...Copyright 2014 Juniper Networks Inc vi Time Management Administration Guide for Routing Devices...

Страница 7: ...http www juniper net techpubs If the information in the latest release notes differs from the information in the documentation follow the product Release Notes Juniper Networks Books publishes books b...

Страница 8: ...e procedures are described in the following sections Merging a Full Example To merge a full example follow these steps 1 From the HTML or PDF version of the manual copy a configuration example into a...

Страница 9: ...tents of the file into your routing platform configuration by issuing the load merge relative configuration mode command edit system scripts user host load merge relative var tmp ex script snippet con...

Страница 10: ...archy level The console port is labeled CONSOLE Represents names of configuration statements commands files and directories configuration hierarchy levels or labels on routing platform components Text...

Страница 11: ...roduct support is available through the Juniper Networks Technical Assistance Center JTAC If you are a customer with an active J Care or JNASC support contract or are covered under warranty and need p...

Страница 12: ...nline in the CSC Case Management tool http www juniper net cm To verify service entitlement by product serial number use our Serial Number Entitlement SNE Tool https tools juniper net SerialNumberEnti...

Страница 13: ...PART 1 Overview Time Management Overview on page 3 1 Copyright 2014 Juniper Networks Inc...

Страница 14: ...Copyright 2014 Juniper Networks Inc 2 Time Management Administration Guide for Routing Devices...

Страница 15: ...to within tens of milliseconds over the public internet NTP is defined in the RFC 5905 Network Time Protocol Version 4 Protocol and Algorithms Specification Junos devices can be configured to act as...

Страница 16: ...server relationships NOTE QFX devices cannot be act as NTP servers only clients Symmetric Active peer Mode Two or more devices are configured as NTP server peers to provide redundancy By default if an...

Страница 17: ...itative time source or time server and how time is synchronized between systems on the network To do this you configure the router switch or security device to operate in one of the following modes Cl...

Страница 18: ...ed on the authentication key match If the NTP request from the client comes without any authentication key the request is processed and answered without authentication Related Documentation Configurin...

Страница 19: ...PART 2 Configuration Configuring Time on page 9 Configuration Statements on page 23 7 Copyright 2014 Juniper Networks Inc...

Страница 20: ...Copyright 2014 Juniper Networks Inc 8 Time Management Administration Guide for Routing Devices...

Страница 21: ...Using NTP on page 19 Updating the IANA Time Zone Database on Junos Devices on page 20 Setting the Date and Time Locally You can set the device time on the command line using the set date operational...

Страница 22: ...system clocks of routers switches and other network equipment To configure NTP 1 Configure Junos OS to retrieve the time when it first boots up Use the boot server statement with the IP address of yo...

Страница 23: ...8 PDT System booted 2013 07 11 17 14 25 PDT 1w6d 23 19 ago Protocols started 2013 07 11 17 16 35 PDT 1w6d 23 17 ago Last configured 2013 07 23 12 32 42 PDT 2d 04 00 ago by user 4 33PM up 13 days 23 19...

Страница 24: ...the Greenwich meridian is commonly indicated as GMT n for example the Central European Time CET zone is indicated as GMT 1 However this is not true for POSIX time zone designations POSIX indicates CET...

Страница 25: ...r that the router or switch uses to determine the time when the router or switch boots If you configure an NTP boot server then when the router or switch boots it immediately synchronizes with the boo...

Страница 26: ...source address 10 0 10 100 specified in the from statement included at the edit firewall filter firewall filter name hierarchy edit firewall filter Loopback Interface Firewall Filter term Allow NTP fr...

Страница 27: ...in Configuring NTP Authentication Keys on page 18 By default the router or switch sends NTP version 4 packets to the time server To set the NTP version level to 1 2 or 3 include the version option If...

Страница 28: ...key option The key corresponds to the key number you specify in the authentication key statement as described in Configuring NTP Authentication Keys on page 18 By default the router or switch sends NT...

Страница 29: ...ed so that a host is accepted as a string without DNS resolution Related Documentation Understanding NTP Time Servers on page 5 Example Configuring NTP as a Single Time Source for Router and Switch Cl...

Страница 30: ...enticated The system will synchronize to whatever system appears to have the most accurate time We strongly encourage you to configure authentication of network time services To authenticate other tim...

Страница 31: ...al or malicious disruption in this mode both the local and remote systems must use authentication and the same trusted key and key identifier Related Documentation Configuring the Router or Switch to...

Страница 32: ...Installing Time Zone Files on page 20 2 Configuring a Custom Time Zone on page 21 Importing and Installing Time Zone Files The IANA Time Zone Database is maintained by the Internet Assigned Numbers A...

Страница 33: ...Custom Time Zone To use a custom time zone follow these steps 1 Download a time zones archive from a known or designated source to the router or switch Compile the time zone archive using the zic tim...

Страница 34: ...ing NTP as a Single Time Source for Router and Switch Clock Synchronization on page 17 use imported time zones on page 41 Copyright 2014 Juniper Networks Inc 22 Time Management Administration Guide fo...

Страница 35: ...CACS on page 37 system on page 38 time zone on page 39 use imported time zones on page 41 System Management Configuration Statements This topic lists all the configuration statements that you can incl...

Страница 36: ...ze synchronize compress configuration files no compress configuration files default address selection dump device compact flash remove compact usb diag port authentication encrypted password password...

Страница 37: ...s end access start allow commands regular expression allow configuration allow configuration regexps regular expression 1 regular expression 2 allowed days deny commands regular expression deny config...

Страница 38: ...mber version value prefer source address source address server address key key number version value prefer trusted key key numbers ports auxiliary type terminal type pic console authentication encrypt...

Страница 39: ...ns file filename files number size size world readable no world readable flag flag no remote trace op file filename arguments argument name description descriptive text command filename alias descript...

Страница 40: ...limit web management http interfaces interface names port port https interfaces interface names local certificate name port port session idle timeout minutes session limit session limit xnm clear tex...

Страница 41: ...facility override facility log prefix string match regular expression source address source address structured data brief source address source address time format year millisecond year millisecond us...

Страница 42: ...entication scheme MD5 must be identical between a set of peers sharing the same key number Options key number Positive integer that identifies the key type type Authentication type It can only be md5...

Страница 43: ...a hostname for the boot server If you configure a hostname instead of an IP address the ntpdate request resolves the hostname to an IP address when the router or switch boots up If you configure an N...

Страница 44: ...address on one of the local networks or a multicast address assigned to NTP You must specify an address not a hostname If the multicast address is used it must be 224 0 1 1 key key number Optional All...

Страница 45: ...Syntax multicast client address Hierarchy Level edit system ntp Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switche...

Страница 46: ...tem Release Information Statement introduced before Junos OS Release 7 4 Statement introduced in Junos OS Release 9 0 for EX Series switches Description Configure NTP on the router or switch The remai...

Страница 47: ...e remote system You must specify an address not a hostname key key number Optional All packets sent to the address include authentication fields that are encrypted using the specified key number Range...

Страница 48: ...still synchronizes with the server but it also generates a system log message noting that the threshold was exceeded Options address Address of the remote system You must specify an address not a hos...

Страница 49: ...o a remote machine Options source address A valid IP address configured on one of the router or switch interfaces For system logging the address is recorded as the message source in messages sent to t...

Страница 50: ...re system management properties Set values in the edit system hierarchy of the configuration Required Privilege Level system To view this statement in the configuration system control To add this stat...

Страница 51: ...Monrovia Africa Nairobi Africa Ndjamena Africa Niamey Africa Nouakchott Africa Ouagadougou Africa Porto Novo Africa Sao_Tome Africa Timbuktu Africa Tripoli Africa Tunis Africa Windhoek America Adak Am...

Страница 52: ...tlantic Stanley Australia Adelaide Australia Brisbane Australia Broken_Hill Australia Darwin Australia Hobart Australia Lindeman Australia Lord_Howe Australia Melbourne Australia Perth Australia Sydne...

Страница 53: ...Release Information Statement introduced in Junos OS Release 9 0 Description Configure a custom time zone from a locally generated time zone database Required Privilege Level admin To view this statem...

Страница 54: ...Copyright 2014 Juniper Networks Inc 42 Time Management Administration Guide for Routing Devices...

Страница 55: ...PART 3 Administration Operational Commands on page 45 Monitoring Commands on page 47 43 Copyright 2014 Juniper Networks Inc...

Страница 56: ...Copyright 2014 Juniper Networks Inc 44 Time Management Administration Guide for Routing Devices...

Страница 57: ...CHAPTER 4 Operational Commands set date 45 Copyright 2014 Juniper Networks Inc...

Страница 58: ...d time in one of the following formats YYYYMMDDHHMM SS month DD YYYY HH MM am pm ntp Configure the router to synchronize the current date and time setting with a Network Time Protocol NTP server ntp s...

Страница 59: ...CHAPTER 5 Monitoring Commands show ntp associations show ntp status 47 Copyright 2014 Juniper Networks Inc...

Страница 60: ...w ntp associations command Output fields are listed in the approximate order in which they appear Table 3 show ntp associations Output Fields Field Description Field Name Address or name of the remote...

Страница 61: ...list Discarded by the clustering algorithm Included in the final selection set Selected for synchronization but the distance exceeds the maximum Selected for synchronization o Selected for synchroniza...

Страница 62: ...resenting the status items listed status Indicates a normal synchronized state with no leap seconds imminent Other options could be leap_add_sec leap_del_sec or leap_alarm indicating a leap second wil...

Страница 63: ...e polling interval in seconds poll The current time on the local router clock clock The current mode of NTP operation where 1 is symmetric active 2 is symmetric passive 3 is client 4 is server and 5 i...

Страница 64: ...Copyright 2014 Juniper Networks Inc 52 Time Management Administration Guide for Routing Devices...

Страница 65: ...PART 4 Index Index on page 55 53 Copyright 2014 Juniper Networks Inc...

Страница 66: ...Copyright 2014 Juniper Networks Inc 54 Time Management Administration Guide for Routing Devices...

Страница 67: ...5 comments in configuration statements x conventions text and syntax ix curly braces in configuration statements x customer support xi contacting JTAC xi D date setting from CLI 46 date and time setti...

Страница 68: ...S 37 system logging 37 support technical See technical support symmetric active mode NTP configuring 15 defined 5 14 syntax conventions ix system statement 38 usage guidelines 23 T technical support c...

Отзывы:

Нет отзывов

Похожие инструкции для Dynabug 57810

Бренд: Energer Страницы: 17

Бренд: Zenit Powertools Страницы: 10

Бренд: Ryobi Страницы: 12

Бренд: Scheppach Страницы: 36

Бренд: Axminster Страницы: 20

Бренд: Sealey Страницы: 3

Бренд: F.F. Group Страницы: 40

Бренд: Parkside Страницы: 55

Бренд: Parkside Страницы: 88

Бренд: Haussmann Страницы: 21

Бренд: Raider Страницы: 32

Бренд: pro.point Страницы: 44

Бренд: Festool Страницы: 63

Бренд: Festool Страницы: 40

Бренд: 3M Страницы: 7

Бренд: ACDelco Страницы: 43

Бренд: Porter-Cable Страницы: 17

Бренд: Promac Страницы: 17

Бренды по названию

0 1 2 3 4 5 6 7 8 9 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

Популярные бренды

Загрузить еще бренды