No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


AR500, AR510, AR531, AR550, AR1500, and AR2500 Security Hardening And Maintenance Guide

This document provides guidance for strengthening network and device security in terms of network security risks, security architecture, and security hardening policies. It also provides guidance for routine maintenance of device security in terms of the management, control, and forwarding planes.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).


Security Policy Introduction

The rapid development of networks poses requirements for higher network security. Network Time Protocol packets that are transmitted on networks may be intercepted, changed, or forged, and packet attacks may cause network interruption and disturb the synchronization which might results in to loss of actual data on the network. Therefore, packets need to be protected.

NTP will support following Security policies from Protocol prospective.

Authentication Support: Authentication is supported by NTPv3 (applied to IPv4) and NTPv4 (applied to IPv4 and IPv6) to filter error packets and prevent replay attacks.

Attack Method Introduction

If authentication is configured on the client and server, NTP will accept the packets only if packets passes authentication so that we can avoid accepting packets from the un-authenticated peers.

Configuration Guide


NTPv3 and NTPv4 can authenticate protocol packets and provide Message Digest 5 (MD5), improving security.


# Set the MD5 key to admin123.

[Huawei] ntp-service authentication enable
[Huawei] ntp-service authentication-keyid 1 authentication-mode md5 cipher admin123
[Huawei] ntp-service reliable authentication-keyid 1
[Huawei] display current-configuration filter ntp
ntp-service authentication enable
ntp-service authentication-keyid 1 authentication-mode md5 cipher %@%@o]8F)(8*!>keqm1I:QHX7nTS%@%@
ntp-service reliable authentication-keyid 1

Configuration Suggestion

MD5 authentication supports NTPv3 and NTPv4.

Updated: 2019-05-06

Document ID: EDOC1000097300

Views: 4787

Downloads: 72

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next