No relevant resource is found in the selected language.
Enterprise
Worldwide
Huawei Global - English
Support Documentation
S2700 and S3700 V100R006C05 Configuration Guide - Network Management
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring NTP Access Control Authority

Configuring NTP Access Control Authority

Context

NTP access control is a simple security measure. When an access request reaches the local end, the access request is successively matched with the access authority from the maximum one to the minimum one. The first successfully matched access authority takes effect. The matching order is: peer, server, synchronization and query.

  • peer: The remote end can perform time requests and control queries for the local NTP service. The local clock can also be synchronized with the clock of the remote server.

  • server: indicates that the remote end can send a time request and a control query to the local end. The local clock, however, cannot be synchronized with the clock of the remote server.

  • synchronization: indicates that the remote end can perform only the time request to the local end.

  • query: The remote end can only perform the control query to the local end.

The access control authority is configured on different devices in different NTP operating modes, as described in Table 3-1.

Table 3-1  Configuration of the NTP access control authority

NTP Operating Mode

Restricted NTP Request Type

Configured Device

Unicast NTP client/server mode

The client is restricted from synchronizing to the server.

Client

Unicast NTP client/server mode

The server is restricted from processing the clock synchronization request sent by the client.

Server

NTP symmetric peer mode

A symmetric passive peer and a symmetric active peer are restricted from synchronizing with each other.

Symmetric active peer

NTP symmetric peer mode

The symmetric passive peer is restricted from processing the clock request sent by the symmetric active peer.

Symmetric passive peer

NTP multicast mode

The client is restricted from synchronizing to the server.

NTP multicast client

NTP broadcast mode

The client is restricted from synchronizing to the server.

NTP broadcast client

Procedure

  1. Run: 

    system-view

    The system view is displayed.

  2. Configure the basic ACL.

    Before configuring the access control rights, you must create a basic ACL. For the creation procedure, see "ACL Configuration" in the S2700 and S3700 Series Ethernet Switches Configuration Guide-Security.

  3. Run: 

    ntp-service access { peer | query | server | synchronization } acl-number

    The access control authority of the NTP service is configured.

    By default, no access control authority is set.

    Check the configuration of the ACL rule before configuring the NTP access control authority in the ACL. When the ACL rule is permit, the peer device with the source IP address specified in this rule can access the NTP service on the local device. The access right of the peer device is configured using the ntp-service access command. When the ACL rule is deny, the peer device with the source IP address specified in this rule cannot access the NTP service on the local device.

Translation
简体中文
Download
Updated: 2020-05-22

Document ID: EDOC1000017276

Views: 81209

Downloads: 693

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next

Copyright © 2022 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :