Configuring Access Control Right

With the following command, you can configure the NTP service access-control right to the local device for a peer device. There are four access-control rights, as follows:

zquery: Control query right. This level of right permits the peer device to perform control query to the NTP service on the local device but does not permit the peer device to synchronize its clock to the local device. The so-called “control query” refers to query of state of the NTP service, including alarm information, authentication status, clock source information, and so on.

zsynchronization: Synchronization right. This level of right permits the peer device to synchronize its clock to the local device but does not permit the peer device to perform control query.

zserver: Server right. This level of right permits the peer device to perform synchronization and control query to the local device but does not permit the local device to synchronize its clock to the peer device.

zpeer: Peer access. This level of right permits the peer device to perform synchronization and control query to the local device and also permits the local device to synchronize its clock to the peer device.

From the highest NTP service access-control right to the lowest one are peer, server, synchronization, and query. When a device receives an NTP request, it will perform an access-control right match in this order and use the first matched right.

Configuration Prerequisites

Prior to configuring the NTP service access-control right to the local device for peer devices, you need to create and configure an ACL associated with the access-control right. For the configuration of ACL, refer to ACL Configuration in Security Volume.

Configuration Procedure

Follow these steps to configure the NTP service access-control right to the local device for peer devices:

 

To do…

Use the command…

Remarks

 

 

Enter system view

system-view

 

 

 

 

 

 

 

Configure the NTP service

ntp-service access { peer

Optional

 

 

access-control right to the local

server synchronization

peer by default

 

 

device for peer devices

query } acl-number

 

 

 

 

 

 

 

 

 

The access-control right mechanism provides only a minimum degree of security protection for the local device. A more secure method is identity authentication.

Configuring NTP Authentication

In networks with higher security requirements, the NTP authentication function must be enabled to run NTP. Through password authentication on the client and the server, the clock of the client is

1-10

Page 485
Image 485
3Com WX3000 Configuring Access Control Right, Configuring NTP Authentication, Ntp-service access peer, Query acl-number