Configuring NTP authentication in client/server mode
To ensure a successful NTP authentication, configure the same authentication key ID, algorithm, and key on the server and client. Make sure the peer device is allowed to use the authentication ID.
To configure NTP authentication for a client:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable NTP authentication. | ntp-service authentication enable | By default, NTP authentication is disabled. |
3. Configure an NTP authentication key. | ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * | By default, no NTP authentication key exists. |
4. Configure the key as a trusted key. | ntp-service reliable authentication-keyid keyid | By default, no authentication key is configured as a trusted key. |
5. Associate the specified key with an NTP server. |
| N/A |
To configure NTP authentication for a server:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable NTP authentication. | ntp-service authentication enable | By default, NTP authentication is disabled. |
3. Configure an NTP authentication key. | ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * | By default, no NTP authentication key exists. |
4. Configure the key as a trusted key. | ntp-service reliable authentication-keyid keyid | By default, no authentication key is configured as a trusted key. |
NTP authentication results differ when different configurations are performed on client and server. For more information, see Table 3. (N/A in the table means that whether the configuration is performed does not make any difference.)
Table 3: NTP authentication results
Client | Server | |||
---|---|---|---|---|
Enable NTP authentication | Specify the server and key | Trusted key | Enable NTP authentication | Trusted key |
Successful authentication | ||||
Yes | Yes | Yes | Yes | Yes |
Failed authentication | ||||
Yes | Yes | Yes | Yes | No |
Yes | Yes | Yes | No | N/A |
Yes | Yes | No | N/A | N/A |
Authentication not performed | ||||
Yes | No | N/A | N/A | N/A |
No | N/A | N/A | N/A | N/A |