No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Device Management, including device status query, hardware management, Information Center Configuration, NTP, Synchronous Ethernet Configuration, Fault Management Configuration, Energy-Saving Management Configuration, Performance Management Configuration, Maintenance Assistant Configuration, and OPS Configuration.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring KOD

Configuring KOD

Context

The Kiss-o'-Death (KOD) is a brand new access control technology starting from NTPv4, and is mainly used for a server to provide information, such as a status report and access control, for a client.

After the KOD is enabled on the server, the server sends the kiss code DENY or the kiss code RATE to the client according to the operating status of the system.

The client responds differently to different kiss codes:

  • When receiving the kiss code DENY, the client terminates all connections with the server, and stops sending packets to the server.
  • When receiving the kiss code RATE, the client immediately shortens a poll interval with the server. Every time the kiss code RATE is received after the first shortening operation, the poll interval is further shortened.
NOTE:

The KOD supports the unicast client/server mode, and symmetric peer mode.

The KOD only functions in NTPv4.

The following configuration is performed on the server.

Procedure

  1. Run system-view

    The system view is displayed.

  2. Run ntp kod-enable

    The KOD function is enabled.

    By default, the KOD function is disabled.

  3. Configure the basic ACL.

    Before configuring the access control authority, you must create a basic ACL. For the creation procedure, see "ACL Configuration" in the CloudEngine 12800 and 12800E Series Switches Configuration Guide-Security.

  4. Run ntp access limited { { acl-number | acl-name acl-name } | ipv6 { acl6-number | acl6-name acl6-name } }*

    Control on the rate of incoming NTP packets is enabled.

    By default, control on the rate of incoming NTP packets is disabled.

    Before enabling control on the rate of incoming NTP packets, check the ACL rule configuration. When the ACL rule is deny, the server sends the kiss code DENY. When the ACL is permit and the rate of incoming NTP packets reaches the upper threshold, the server sends the kiss code RATE.

  5. Run ntp discard { min-interval min-interval-val | avg-interval avg-interval-val } *

    The minimum inter-packet interval and the average inter-packet interval of NTP are configured.

    By default, the minimum inter-packet interval of NTP is set to the first power of 2 in seconds, namely, 2 seconds, and the average inter-packet interval of NTP is set to the fifth power of 2 in seconds, namely, 32 seconds.

  6. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074722

Views: 11055

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next