No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Device Management, including device status query, hardware management, Stack, SVF, cloud-based management, PoE, monitoring interface, OPS, energy-saving management, information center, fault management, NTP, synchronous ethernet, PTP.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring NTP Access Control Authority

Configuring NTP Access Control Authority

Context

NTP access control is a simple but effective security measure. When access requests reach the local end, matching is attempted sequentially with the access authority from highest to lowest. The first successful match with an access authority takes effect. The matching order from highest to lowest and function of each access authority is as follows:
  • Peer

    The remote end can send time requests and control queries to the local NTP service. The local clock can also be synchronized with the clock of the remote server.

  • Server

    The remote end can send time requests and control queries to the local end. The local clock cannot be synchronized with the clock of the remote server.

  • Synchronization

    The remote end can send time requests to the local end.

  • Query

    The remote end can send control queries to the local end.

  • Limited

    When NTP packet rates exceed the upper limit, incoming NTP packets are discarded.

As described in Table 12-3, the access control authority is configured in different NTP operating modes for different devices.

Table 12-3  Configuration of the NTP access control authority

NTP Operating Mode

Restricted NTP Request Type

Configured Device

Unicast NTP client/server mode

The client cannot synchronize with the server.

Client

Unicast NTP client/server mode

The server cannot process clock synchronization requests sent by the client.

Server

NTP symmetric peer mode

Symmetric passive and symmetric active peers cannot synchronize with each other.

Symmetric active peer

NTP symmetric peer mode

The symmetric passive peer cannot process clock synchronization requests sent by the symmetric active peer.

Symmetric passive peer

NTP multicast mode

The client cannot synchronize with the server.

NTP multicast client

NTP broadcast mode

The client cannot synchronize with the server.

NTP broadcast client

NTP manycast client mode

The client cannot synchronize with the server.

NTP manycast client

NTP manycast server mode

The server cannot process clock synchronization requests sent by the client.

NTP manycast server

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure the basic ACL.

    Before configuring the access control authority, create a basic ACL. For details and procedures, see ACL Configuration in the S2720, S5700, and S6720 V200R013C00 Configuration Guide - Security.

  3. Run ntp-service access { peer | query | server | synchronization | limited } { acl-number | ipv6 acl6-number } *

    The access control authority of the NTP service is configured.

    By default, no access control authority is set.

    NOTE:

    Verify that the ACL rule has been configured before beginning configuration of the NTP access control authority in the ACL. If the ACL rule is permit, the peer device with the source IP address specified in this rule can access the NTP service on the local device. The access rights of the peer device are configured using the ntp-service access command. When the ACL rule is deny, the peer device with the source IP address specified in this rule cannot access the NTP service on the local device.

  4. Run ntp-service discard { min-interval min-interval-val | avg-interval avg-interval-val } *

    The minimum inter-packet interval and the average inter-packet interval of NTP are configured.

    By default, the minimum inter-packet interval of NTP is set to the first power of 2 in seconds, namely, 2 seconds, and the average inter-packet interval of NTP is set to the fifth power of 2 in seconds, namely, 32 seconds.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065674

Views: 34474

Downloads: 289

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next