Applicable Environment
NTP supports two security mechanisms: access authority and NTP authentication.
l
Access authority
Access authority is a type of simple security method provided by the S5700 to protect local
NTP services.
The S5700 provides four access authority levels. When an NTP access request packet
reaches the local end, it is matched in an order from the minimum access authority to the
maximum access authority. The first matched authority level takes effect. The matching
order is as follows:
–
peer
: indicates the minimum access authority. The remote end can send the request of
the local time and the control query to the local end. The local clock can also be
synchronized with that of the remote server.
–
server
: indicates the remote end can perform the time request and control query to the
local end but the local clock cannot be synchronized with that of the remote end.
–
synchronization
: indicates that the remote end can perform only the time request to the
local end.
–
query
: indicates the maximum access authority. The remote end can perform only the
control query to the local end.
l
NTP authentication
NTP authentication is required in some networks with high security demands.
The configuration of NTP authentication involves configuring NTP authentication on both
the client and the server.
During the configuration of NTP authentication, pay attention to the following rules:
–
Configure NTP authentication on both the client and the server; otherwise, the
authentication does not take effect.
–
If NTP authentication is enabled, a reliable key needs to be configured at the same time.
–
The authentication key configured on the server and that on the client should be
consistent.
–
In NTP peer mode, the symmetric active end equals the client, and the symmetric passive
end equals the server.
Pre-configuration Tasks
Before configuring NTP security mechanisms, complete the following tasks:
l
Configuring the link layer protocol on the interface
l
Configuring the network layer address and routing protocol to make the server and client
reachable
l
Configuring ACL rules if the access authority is configured
Data Preparation
To configure NTP security mechanisms, you need the following data.
Quidway S5700 Series Ethernet Switches
Configuration Guide - Network Management
4 NTP Configuration
Issue 01 (2011-10-26)
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
222