synchronized only to that of the server that passes the authentication. This improves network security. Table 1-2 shows the roles of devices in the NTP authentication function.

Table 1-2Description on the roles of devices in NTP authentication function

Role of device

Working mode

 

 

Client in the server/client mode

Client in the broadcast mode

Client

Client in the multicast mode

Symmetric-active peer in the symmetric peer mode

Server in the server/client mode

Server in the broadcast mode

Server

Server in the multicast mode

Symmetric-passive peer in the symmetric peer mode

Configuration Prerequisites

NTP authentication configuration involves:

z

z

Configuring NTP authentication on the client Configuring NTP authentication on the server

Observe the following principles when configuring NTP authentication:

z

z

z z

z

If the NTP authentication function is not enabled on the client, the clock of the client can be synchronized to a server no matter whether the NTP authentication function is enabled on the server (assuming that other related configurations are properly performed).

For the NTP authentication function to take effect, a trusted key needs to be configured on both the client and server after the NTP authentication is enabled on them.

The local clock of the client is only synchronized to the server that provides a trusted key.

In addition, for the server/client mode and the symmetric peer mode, you need to associate a specific key on the client (the symmetric-active peer in the symmetric peer mode) with the corresponding NTP server (the symmetric-passive peer in the symmetric peer mode); for the NTP broadcast/multicast mode, you need to associate a specific key on the broadcast/multicast server with the corresponding NTP broadcast/multicast client. Otherwise, NTP authentication cannot be enabled normally.

Configurations on the server and the client must be consistent.

Configuration Procedure

Configuring NTP authentication on the client

Follow these steps to configure NTP authentication on the client:

To do…

Use the command…

Remarks

Enter system view

system-view

 

 

 

Enable the NTP authentication

ntp-service authentication

Required

function

enable

Disabled by default.

 

 

 

 

1-11

 

Page 486
Image 486
3Com WX3000 operation manual Configuring NTP authentication on the client, Role of device Working mode