No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Device Management, including device status query, hardware management, Information Center Configuration, NTP, Synchronous Ethernet Configuration, Fault Management Configuration, Energy-Saving Management Configuration, Performance Management Configuration, Maintenance Assistant Configuration, and OPS Configuration.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring NTP Access Control Authority

Configuring NTP Access Control Authority

Context

NTP access control is a simple security measure. When an access request reaches the local end, the access request is matched against the access authorities, starting from the highest one and ending with the lowest one. The first successfully matched access authority takes effect. The matching order is: peer, server, synchronization, query and limited.
  • peer: The remote end can send time requests and control queries to the local NTP server. The local clock can also be synchronized with the clock of the remote server.

  • server: The remote end can send time requests and control queries to the local end. The local clock, however, cannot be synchronized with the clock of the remote server.

  • synchronization: The remote end can send only time requests to the local end.

  • query: The remote end can send only control queries to the local end.

  • limited: When the rate of NTP packets exceeds the upper limit, the incoming NTP packets are discarded.

In different NTP operating modes, the access control authority is configured on different devices, as described in Table 4-3.

Table 4-3 Configuration of the NTP access control authority

NTP Operating Mode

Restricted NTP Request Type

Configured Device

Unicast NTP client/server mode

The client is restricted from synchronizing to the server.

Client

Unicast NTP client/server mode

The server is restricted from processing the clock synchronization request sent by the client.

Server

NTP symmetric peer mode

A symmetric passive peer and a symmetric active peer are restricted from synchronizing with each other.

Symmetric active peer

NTP symmetric peer mode

The symmetric passive peer is restricted from processing the clock request sent by the symmetric active peer.

Symmetric passive peer

NTP multicast mode

The client is restricted from synchronizing to the server.

NTP multicast client

NTP broadcast mode

The client is restricted from synchronizing to the server.

NTP broadcast client

NTP manycast client mode

The client is restricted from synchronizing to the server.

NTP manycast client

NTP manycast server mode

The server is restricted from processing the clock synchronization request sent by the client.

NTP manycast server

Procedure

  1. Run system-view

    The system view is displayed.

  2. Configure the basic ACL.

    Before configuring the access control authority, you must create a basic ACL. For the creation procedure, see "ACL Configuration" in the CloudEngine 12800 and 12800E Series Switches Configuration Guide-Security.

  3. Run ntp access { peer | query | server | synchronization | limited } { { acl-number | acl-name acl-name } | ipv6 { acl6-number | acl6-name acl6-name } }*

    The access control authority of the NTP service is configured.

    By default, no access control authority is set.

    NOTE:

    Check the configuration of the ACL rule before configuring the NTP access control authority in the ACL. When the ACL rule is permit, the peer device with the source IP address specified in this rule can access the NTP service on the local device. The access right of the peer device is configured using the ntp access command. When the ACL rule is deny, the peer device with the source IP address specified in this rule cannot access the NTP service on the local device.

  4. Run ntp discard { min-interval min-interval-val | avg-interval avg-interval-val } *

    The minimum and the average intervals for sending NTP packets are configured.

    By default, the minimum interval is the first power of 2 in seconds, namely, 2 seconds, and the average interval is the fifth power of 2 in seconds, namely, 32 seconds.

  5. Run commit

    The configuration is committed.

Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074722

Views: 18935

Downloads: 20

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next