1-11
The access-control right mechanism provides only a minimum degree of security protection for the local
switch. A more secure method is identity authentication.
Configuring NTP Authentication
In networks with higher security requirements, the NTP authentication function must be enabled to run
NTP. Through password authentication on the client and the server, the clock of the client is
synchronized only to that of the server that passes the authentication. This improves network security.
Table 1-2 shows the roles of devices in the NTP authentication function.
Table 1-2 Description on the roles of devices in NTP authentication function
Role of device Working mode
Client in the server/client mode
Client in the broadcast mode
Client in the multicast mode
Client
Symmetric-active peer in the symmetric peer mode
Server in the server/client mode
Server in the broadcast mode
Server in the multicast mode
Server
Symmetric-passive peer in the symmetric peer mode
Configuration Prerequisites
NTP authentication configuration involves:
z Configuring NTP authentication on the client
z Configuring NTP authentication on the server
Observe the following principles when configuring NTP authentication:
z If the NTP authentication function is not enabled on the client, the clock of the client can be
synchronized to a server no matter whether the NTP authentication function is enabled on the
server (assuming that other related configurations are properly performed).
z For the NTP authentication function to take effect, a trusted key needs to be configured on both the
client and server after the NTP authentication is enabled on them.
z The local clock of the client is only synchronized to the server that provides a trusted key.
z In addition, for the server/client mode and the symmetric peer mode, you need to associate a
specific key on the client (the symmetric-active peer in the symmetric peer mode) with the
corresponding NTP server (the symmetric-passive peer in the symmetric peer mode); for the NTP
broadcast/multicast mode, you need to associate a specific key on the broadcast/multicast server
with the corresponding NTP broadcast/multicast client. Otherwise, NTP authentication cannot be
enabled normally.
z Configurations on the server and the client must be consistent.