Home » HP Manuals » Servers » HP 6125XLG » Manual Viewer

HP 6125XLG R2306-HP 6125XLG Blade Switch Network Management and Monitoring Com - Page 29

ntp-service authentication enable, Predefined user roles, Parameters, Usage guidelines, Examples

Add to My Manuals
Save this manual to your list of manuals

Page 29 highlights

Predefined user roles network-admin Parameters peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device. query: Allows only NTP control queries from a peer device to the local device. server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device. synchronization: Allows only time requests from a system whose address passes the access list criteria. acl acl-number: Specifies an ACL. The peer devices that match the ACL have the access right specified in this command. The acl-number argument represents a basic ACL number in the range of 2000 to 2999. Usage guidelines You can control NTP access by using ACL. The access rights are in the following order, from least restrictive to most restrictive: peer, server, synchronization, and query. The device processes an NTP request by following these rules: • If no NTP access control is configured, peer is granted to the local device and peer devices. • If the IP address of the peer device matches a permit statement in an ACL for more than one access right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is matched, no access right is granted. • If no ACL is created for a specific access right, the associated access right is not granted. • If no ACL is created for any access right, peer is granted. The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication. Examples # Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device. system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255 [Sysname-acl-basic-2001] quit [Sysname] ntp-service access peer acl 2001 Related commands • ntp-service authentication enable • ntp-service authentication-keyid • ntp-service reliable authentication-keyid ntp-service authentication enable Use ntp-service authentication enable to enable NTP authentication. Use undo ntp-service authentication enable to disable NTP authentication. Syntax ntp-service authentication enable 27

Section	Page
Title Page	1
Contents	3
Ping, tracert, and system debugging commands	7
debugging	7
display debugging	8
ping	8
ping ipv6	11
tracert	13
tracert ipv6	15
NTP commands	17
display ntp-service ipv6 sessions	17
display ntp-service sessions	21
display ntp-service status	25
display ntp-service trace	27
ntp-service acl	28
ntp-service authentication enable	29
ntp-service authentication-keyid	30
ntp-service broadcast-client	31
ntp-service broadcast-server	32
ntp-service enable	33
ntp-service inbound disable	33
ntp-service ipv6 acl	34
ntp-service ipv6 inbound disable	35
ntp-service ipv6 multicast-client	35
ntp-service ipv6 multicast-server	36
ntp-service ipv6 source	37
ntp-service ipv6 unicast-peer	38
ntp-service ipv6 unicast-server	39
ntp-service max-dynamic-sessions	41
ntp-service multicast-client	41
ntp-service multicast-server	42
ntp-service refclock-master	43
ntp-service reliable authentication-keyid	44
ntp-service source	45
ntp-service unicast-peer	46
ntp-service unicast-server	47
SNTP commands	49
display sntp ipv6 sessions	49
display sntp sessions	49
sntp authentication enable	50
sntp authentication-keyid	51
sntp enable	52
sntp ipv6 unicast-server	52
sntp reliable authentication-keyid	53
sntp unicast-server	54
Information center commands	56
display info-center	56
display logbuffer	56
display logbuffer summary	58
display logfile summary	59
display security-logfile summary	60
enable log updown	60
info-center enable	61
info-center logbuffer	61
info-center logbuffer size	62
info-center logfile enable	63
info-center logfile frequency	63
info-center logfile overwrite-protection	64
info-center logfile size-quota	65
info-center logfile switch-directory	65
info-center logging suppress duplicates	66
info-center loghost	67
info-center loghost source	68
info-center security-logfile alarm-threshold	69
info-center security-logfile enable	70
info-center security-logfile frequency	70
info-center security-logfile size-quota	71
info-center security-logfile switch-directory	72
info-center source	72
info-center synchronous	74
info-center timestamp	75
info-center timestamp loghost	76
logfile save	76
reset logbuffer	77
security-logfile save	77
terminal debugging	78
terminal logging level	79
terminal monitor	79
SNMP commands	81
display snmp-agent community	81
display snmp-agent group	82
display snmp-agent local-engineid	83
display snmp-agent mib-view	84
display snmp-agent remote	85
display snmp-agent statistics	86
display snmp-agent sys-info	88
display snmp-agent trap queue	89
display snmp-agent trap-list	89
display snmp-agent usm-user	90
enable snmp trap updown	91
snmp-agent	92
snmp-agent calculate-password	93
snmp-agent community	94
snmp-agent group	96
snmp-agent local-engineid	98
snmp-agent log	99
snmp-agent mib-view	99
snmp-agent packet max-size	101
snmp-agent remote	101
snmp-agent source	102
snmp-agent sys-info contact	103
snmp-agent sys-info location	104
snmp-agent sys-info version	104
snmp-agent target-host	105
snmp-agent trap enable	107
snmp-agent trap if-mib link extended	110
snmp-agent trap life	110
snmp-agent trap queue-size	111
snmp-agent usm-user { v1 \| v2c }	112
snmp-agent usm-user v3	113
NQA commands	117
data-fill	117
data-size	117
description (any NQA operation type view)	118
destination ip	119
destination port	119
display nqa history	120
display nqa reaction counters	121
display nqa result	122
display nqa statistics	123
frequency	125
history-record enable	126
history-record keep-time	127
history-record number	127
next-hop	128
nqa	129
nqa agent enable	129
nqa schedule	130
probe count	131
probe timeout	132
reaction checked-element probe-duration	132
reaction checked-element probe-fail	134
reaction checked-element probe-fail (for trigger)	135
route-option bypass-route	136
source interface	136
source ip	137
source port	138
statistics hold-time	139
statistics interval	139
statistics max-group	140
tos	140
ttl	141
type	142
vpn-instance (ICMP echo operation view)	142
sFlow commands	144
display sflow	144
sflow agent	145
sflow collector	146
sflow counter interval	147
sflow counter collector	147
sflow flow collector	148
sflow flow max-header	148
sflow sampling-mode	149
sflow sampling-rate	150
sflow source	150
Process monitoring and maintenance commands	152
display kernel deadloop	152
display kernel deadloop configuration	155
display kernel exception	156
display kernel reboot	159
display kernel starvation	161
display kernel starvation configuration	164
display process	165
display process cpu	168
display process log	169
display process memory	170
display process memory heap	171
display process memory heap address	173
display process memory heap size	174
monitor kernel deadloop enable	175
monitor kernel deadloop exclude-thread	176
monitor kernel deadloop time	176
monitor kernel starvation enable	177
monitor kernel starvation exclude-thread	178
monitor kernel starvation time	179
monitor process	180
monitor thread	185
reset kernel deadloop	188
reset kernel exception	188
reset kernel reboot	189
reset kernel starvation	189
Port mirroring commands	191
display mirroring-group	191
mirroring-group	192
mirroring-group mirroring-port (interface view)	193
mirroring-group mirroring-port (system view)	194
mirroring-group monitor-egress	195
mirroring-group monitor-port (interface view)	196
mirroring-group monitor-port (system view)	197
mirroring-group reflector-port	198
mirroring-group remote-probe vlan	199
Traffic mirroring commands	201
mirror-to	201
Support and other resources	202
Contacting HP	202
Subscription service	202
Related information	202
Documents	202
Websites	202
Conventions	203
Command conventions	203
GUI conventions	203
Symbols	203
Network topology icons	204
Port numbering in examples	204

Match case Limit results 1 per page

Predefined user roles

network-admin

Parameters

peer

: Allows time requests and NTP control queries (such as alarms, authentication status, and time

server information) from a peer device and allows the local device to synchronize itself to a peer device.

query

: Allows only NTP control queries from a peer device to the local device.

server

: Allows time requests and NTP control queries from a peer device, but does not allow the local

device to synchronize itself to a peer device.

synchronization

: Allows only time requests from a system whose address passes the access list criteria.

acl

acl-number

: Specifies an ACL. The peer devices that match the ACL have the access right specified in

this command. The

acl-number

argument represents a basic ACL number in the range of 2000 to 2999.

Usage guidelines

You can control NTP access by using ACL. The access rights are in the following order, from least

restrictive to most restrictive: peer, server, synchronization, and query.

The device processes an NTP request by following these rules:

•

If no NTP access control is configured,

peer

is granted to the local device and peer devices.

•

If the IP address of the peer device matches a

permit

statement in an ACL for more than one access

right, the least restrictive access right is granted to the peer device. If a

deny

statement or no ACL is

matched, no access right is granted.

•

If no ACL is created for a specific access right, the associated access right is not granted.

•

If no ACL is created for any access right,

peer

is granted.

The

ntp-service acl

command provides minimal security for a system running NTP. A more secure method

is NTP authentication.

Examples

# Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-basic-2001] quit

[Sysname] ntp-service access peer acl 2001

Related commands

•

ntp-service authentication enable

•

ntp-service authentication-keyid

•

ntp-service reliable authentication-keyid

ntp-service authentication enable

Use

ntp-service authentication enable

to enable NTP authentication.

Use

undo ntp-service authentication enable

to disable NTP authentication.

Syntax

ntp-service authentication enable