[x]

Configuring NTP authentication > Configuring NTP authentication in multicast mode

 

 Next

Configuring NTP authentication in multicast mode

To ensure a successful NTP authentication, configure the same authentication key ID, algorithm, and key on the multicast server and client. Make sure the peer device is allowed to use the authentication ID.

To configure NTP authentication for a multicast client:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is disabled.

3. Configure an NTP authentication key.

ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

By default, no NTP authentication key exists.

4. Configure the key as a trusted key.

ntp-service reliable authentication-keyid keyid

By default, no authentication key is configured as a trusted key.

To configure NTP authentication for a multicast server:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enable NTP authentication.

ntp-service authentication enable

By default, NTP authentication is disabled.

3. Configure an NTP authentication key.

ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

By default, no NTP authentication key exists.

4. Configure the key as a trusted key.

ntp-service reliable authentication-keyid keyid

By default, no authentication key is configured as a trusted key.

5. Enter interface view.

interface interface-type interface-number

N/A

6. Associate the specified key with the multicast server.

  • Associate the specified key with a multicast server:ntp-service multicast-server [ ip-address ] authentication-keyid keyid

  • Associate the specified key with an IPv6 multicast server:ntp-service ipv6 multicast-server ipv6-multicast-address authentication-keyid keyid

By default, no multicast server is associated with the specified key.

NTP authentication results differ when different configurations are performed on broadcast client and server. For more information, see Table 6. (N/A in the table means that whether the configuration is performed does not make any difference.)

Table 6: NTP authentication results

Multicast server

Multicast client

Enable NTP authentication

Specify the server and key

Trusted key

Enable NTP authentication

Trusted key

Successful authentication

Yes

Yes

Yes

Yes

Yes

Failed authentication

Yes

Yes

Yes

Yes

No

Yes

Yes

Yes

No

N/A

Yes

Yes

No

Yes

N/A

Yes

No

N/A

Yes

N/A

No

N/A

N/A

Yes

N/A

Authentication not performed

Yes

Yes

No

No

N/A

Yes

No

N/A

No

N/A

No

N/A

N/A

No

N/A

prev

 

up

 next

Configuring NTP authentication in broadcast mode 

home

 Configuring NTP optional parameters

© Copyright 2017 Hewlett Packard Enterprise Development LP