Configuring SNTP authentication
SNTP authentication ensures that an SNTP client is synchronized only to an authenticated trustworthy NTP server.
Follow these guidelines when you configure SNTP authentication:
Enable authentication on both the NTP server and the SNTP client.
Use the same authentication key ID, authentication algorithm, and key on the NTP server and SNTP client, and specify the key as a trusted key on both the NTP server and the SNTP client. For information about configuring NTP authentication on an NTP server, see "Configuring NTP."
On the SNTP client, associate the specified key with the NTP server. Make sure the server is allowed to use the key ID for authentication.
With authentication disabled, the SNTP client can synchronize with the NTP server regardless of whether the NTP server is enabled with authentication.
To configure SNTP authentication on the SNTP client:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable SNTP authentication. | sntp authentication enable | By default, SNTP authentication is disabled. |
3. Configure an SNTP authentication key. | sntp authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] * | By default, no SNTP authentication key exists. |
4. Specify the key as a trusted key. | sntp reliable authentication-keyid keyid | By default, no trusted key is specified. |
5. Associate the SNTP authentication key with an NTP server. |
| By default, no NTP server is specified. |