QTECH
Software Configuration Manual
17-216
17.2.7
SNTP client retransmit configuration
Uses following command to configure retransmit times inunicast and anycast operation mode. :
sntp client retransmit
times
no sntp client retransmit
sntp client retransmit-interval
seconds
no sntp client retransmit-interval
This command is effective in unicast and anycast operation mode. SNTP requirement packet is UDP packet,
overtime retransmission system is adopted because the requirement packet cannot be guaranteed to send to the
destination. Use above commands to configure retransmit times and the interval.
For example :
! Configure overtime retransmission to be twice and the interval to be 5
QTECH(config)#sntp client retransmit-interval 5
QTECH(config)#sntp client retransmit 2
17.2.8
SNTP client valid server configuration
In broadcast and multicast mode, SNTP client receives protocol packets from all servers without distinction.
When there is malice attacking server (it will not provide correct time), local time cannot be the standard time. To
solve this problem, a series of valid servers can be listed to filtrate source address of the packet.
Corresponded command is as following :
sntp client valid-server
ipaddress
no sntp client valid-server
For example :
! Configure servers in network interface 10.1.0.0/16 to be valid servers
QTECH(config)#sntp client valid-server 10.1.0.0 0.0.255.255
17.2.9
SNTP client MD5 authentication configuration
SNTP client can use valid server list to filtrate server, but when some malice attackers using valid server
address to forge server packet and attack switch, switch can use MD5 authentication to filtrate packet, and
authenticated packet can be accepted by client.
Configuration command is as following :
sntp client authenticate
no sntp client authenticate
sntp client authentication-key number md5
value
no sntp client authentication-key
number
sntp trusted-key number
no sntp trusted-key number
For example :
! Configure SNTP client MD5 authentication-key, with the key ID being 12, and the key being abc and
trusted-key being 12
QTECH(config)#sntp client authenticate
QTECH(config)#sntp client authentication-key 12 md5 abc
QTECH(config)#sntp trusted-key 12