Configuring NTP authentication in broadcast mode
To ensure a successful NTP authentication, configure the same authentication key ID, algorithm, and key on the broadcast server and client. Make sure the peer device is allowed to use the authentication ID.
To configure NTP authentication for a broadcast client:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable NTP authentication. | ntp-service authentication enable | By default, NTP authentication is disabled. |
3. Configure an NTP authentication key. | ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * | By default, no NTP authentication key exists. |
4. Configure the key as a trusted key. | ntp-service reliable authentication-keyid keyid | By default, no authentication key is configured as a trusted key. |
To configure NTP authentication for a broadcast server:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable NTP authentication. | ntp-service authentication enable | By default, NTP authentication is disabled. |
3. Configure an NTP authentication key. | ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * | By default, no NTP authentication key exists. |
4. Configure the key as a trusted key. | ntp-service reliable authentication-keyid keyid | By default, no authentication key is configured as a trusted key. |
5. Enter interface view. | interface interface-type interface-number | N/A |
6. Associate the specified key with the broadcast server. | ntp-service broadcast-server authentication-keyid keyid | By default, the broadcast server is not associated with any key. |
NTP authentication results differ when different configurations are performed on broadcast client and server. For more information, see Table 5. (N/A in the table means that whether the configuration is performed does not make any difference.)
Table 5: NTP authentication results
Broadcast server | Broadcast client | |||
---|---|---|---|---|
Enable NTP authentication | Specify the server and key | Trusted key | Enable NTP authentication | Trusted key |
Successful authentication | ||||
Yes | Yes | Yes | Yes | Yes |
Failed authentication | ||||
Yes | Yes | Yes | Yes | No |
Yes | Yes | Yes | No | N/A |
Yes | Yes | No | Yes | N/A |
Yes | No | N/A | Yes | N/A |
No | N/A | N/A | Yes | N/A |
Authentication not performed | ||||
Yes | Yes | No | No | N/A |
Yes | No | N/A | No | N/A |
No | N/A | N/A | No | N/A |