Configuring NTP authentication in client/server mode

To ensure a successful NTP authentication, configure the same authentication key ID, algorithm, and key on the server and client. Make sure the peer device is allowed to use the authentication ID.

To configure NTP authentication for a client:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is disabled.

3. Configure an NTP authentication key.

ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

By default, no NTP authentication key exists.

4. Configure the key as a trusted key.

ntp-service reliable authentication-keyid keyid

By default, no authentication key is configured as a trusted key.

5. Associate the specified key with an NTP server.

  • Associate the specified key with an NTP server:ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] authentication-keyid keyid

  • Associate the specified key with an IPv6 NTP server:ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] authentication-keyid keyid

N/A

To configure NTP authentication for a server:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is disabled.

3. Configure an NTP authentication key.

ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

By default, no NTP authentication key exists.

4. Configure the key as a trusted key.

ntp-service reliable authentication-keyid keyid

By default, no authentication key is configured as a trusted key.

NTP authentication results differ when different configurations are performed on client and server. For more information, see Table 3. (N/A in the table means that whether the configuration is performed does not make any difference.)

Table 3: NTP authentication results

Client

Server

Enable NTP authentication

Specify the server and key

Trusted key

Enable NTP authentication

Trusted key

Successful authentication

Yes

Yes

Yes

Yes

Yes

Failed authentication

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

No

N/A

Yes

Yes

No

N/A

N/A

Authentication not performed

Yes

No

N/A

N/A

N/A

No

N/A

N/A

N/A

N/A