No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Device Management, including device status query, hardware management, Stack, SVF, cloud-based management, PoE, monitoring interface, OPS, energy-saving management, information center, fault management, NTP, synchronous ethernet, PTP.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring KOD

Configuring KOD

Context

KOD is a modern access control technology implemented in NTPv4. It is used by the server to provide information to the client. The information provided includes status reports and access control.

With KOD enabled on the server, the server will send either the DENY or RATE kiss code to the client, according to the operating status of the system.

  • When receiving the kiss code DENY, the client terminates all connections to the server, and stops sending packets to the server.
  • When receiving the kiss code RATE, the client immediately reduces its polling interval to the server. The client will continue to reduce the interval if receiving subsequent RATE kiss codes.
NOTE:

KOD supports unicast client/server, symmetric peer, and manycast modes.

KOD functions only in NTPv4.

The following configuration is performed on the server.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ntp-service kod-enable

    The KOD function is enabled.

    By default, the KOD function is disabled.

  3. Configure the basic ACL.

    Before configuring the access control authority, create a basic ACL. For the creation procedure, see ACL Configuration in the S2720, S5700, and S6720 V200R013C00 Configuration Guide - Security.

  4. Run ntp-service access limited { acl-number | ipv6 acl6-number } *

    Control on the incoming NTP packet rate is enabled.

    By default, control on the incoming NTP packet rate is disabled.

    NOTE:

    Before enabling control on the rate of incoming NTP packets, check the ACL rule configuration. When the ACL rule is deny, the server sends the kiss code DENY. When the ACL is permit and the rate of incoming NTP packets reaches the upper threshold, the server sends the kiss code RATE.

  5. Run ntp-service discard { min-interval min-interval-val | avg-interval avg-interval-val } *

    The minimum inter-packet interval and the average inter-packet interval of NTP are configured.

    By default, the minimum inter-packet interval of NTP is set to the first power of 2 in seconds, namely, 2 seconds, and the average inter-packet interval of NTP is set to the fifth power of 2 in seconds, namely, 32 seconds.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065674

Views: 34471

Downloads: 289

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next