Setting NTP Access Authorities
When receiving an access request packet, the NTP server matches the request packet with the access authority in descending order (from peer, server, synchronization, query to limited). The first matched authority takes effect.
Procedure
- Run system-view
The system view is displayed.
- Create an ACL to filter network administrators.
- To create an IPv4 ACL, run the acl acl-number command.
- To create an IPv6 ACL, run the acl ipv6 acl6-number1 command.
- Add a rule to the ACL.
- Run the rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment-type { fragment | non-fragment | non-subseq | fragment-subseq | fragment-spe-first } | source { source-ip-address { source-wildcard | 0 | src-netmask } | any } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] ] * command to create a rule for the basic ACL.
- Run the rule [ rule-id ] [ name rule-name ] { deny | permit } [ fragment | source { source-ipv6-address { prefix-length | source-wildcard } | source-ipv6-address/prefix-length | any } | time-range time-name | [ vpn-instance vpn-instance-name | vpn-instance-any ] ] * command to create a rule for the basic ACL6.
Before configuring access control rights in an ACL, check the ACL rule configuration.- If the ACL rule of a source IP address is set to permit, packets from the source IP address are permitted.
- If the ACL rule of a source IP address is set to deny, packets from the source IP address are denied.
- If a source IP address is not in an ACL rule, packets from the source IP address are denied.
- If no rule exists in the ACL or the referenced ACL does not exist, packets from all source IP addresses are denied.
- Run quit
Return to the system view.
- Run ntp-service access { peer | query | server | synchronization | limited } { { acl-number | acl-name acl-name } | ipv6 { acl6-number | acl6-name acl6-name } } *
Access authority for the NTP service on the local router is configured.
Before specifying an ACL number, make sure you have already created and configured this ACL.
You can configure the ntp-service access command depending on the actual situation. Table 5-2 shows the detailed NTP access authorities.
Table 5-2 Description of the NTP access authoritiesNTP Operation Mode
Limited NTP Query
Supported Devices
Unicast NTP server/client mode
Synchronizing the client with the server
Client
Unicast NTP server/client mode
Clock synchronization request from the client
Server
NTP peer mode
Clock synchronization with each other
Symmetric active end
NTP peer mode
Clock synchronization request from the active end
Symmetric passive end
NTP multicast mode
Synchronizing the client with the server
NTP multicast client
NTP broadcast mode
Synchronizing the client with the server
NTP broadcast client
- Run commit
The configuration is committed.
