Configuring NTP authentication in symmetric active/passive mode
To ensure a successful NTP authentication, configure the same authentication key ID, algorithm, and key on the active peer and passive peer. Make sure the peer device is allowed to use the authentication ID.
To configure NTP authentication for an active peer:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable NTP authentication. | ntp-service authentication enable | By default, NTP authentication is disabled. |
3. Configure an NTP authentication key. | ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * | By default, no NTP authentication key exists. |
4. Configure the key as a trusted key. | ntp-service reliable authentication-keyid keyid | By default, no authentication key is configured as a trusted key. |
5. Associate the specified key with a passive peer. |
| N/A |
To configure NTP authentication for a passive peer:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable NTP authentication. | ntp-service authentication enable | By default, NTP authentication is disabled. |
3. Configure an NTP authentication key. | ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * | By default, no NTP authentication key exists. |
4. Configure the key as a trusted key. | ntp-service reliable authentication-keyid keyid | By default, no authentication key is configured as a trusted key. |
NTP authentication results differ when different configurations are performed on active peer and passive peer. For more information, see Table 4. (N/A in the table means that whether the configuration is performed does not make any difference.)
Table 4: NTP authentication results
Active peer | Passive peer | ||||
---|---|---|---|---|---|
Enable NTP authentication | Specify the peer and key | Trusted key | Stratum level | Enable NTP authentication | Trusted key |
Successful authentication | |||||
Yes | Yes | Yes | N/A | Yes | Yes |
Failed authentication | |||||
Yes | Yes | Yes | N/A | Yes | No |
Yes | Yes | Yes | N/A | No | N/A |
Yes | No | N/A | N/A | Yes | N/A |
No | N/A | N/A | N/A | Yes | N/A |
Yes | Yes | No | Larger than the passive peer | N/A | N/A |
Yes | Yes | No | Smaller than the passive peer | Yes | N/A |
Authentication not performed | |||||
Yes | No | N/A | N/A | No | N/A |
No | N/A | N/A | N/A | No | N/A |
Yes | Yes | No | Smaller than the passive peer | No | N/A |