HP 6125XLG R2306-HP 6125XLG Blade Switch Network Management and Monitoring Com - Page 29
ntp-service authentication enable, Predefined user roles, Parameters, Usage guidelines, Examples
View all HP 6125XLG manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 29 highlights
Predefined user roles network-admin Parameters peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device. query: Allows only NTP control queries from a peer device to the local device. server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device. synchronization: Allows only time requests from a system whose address passes the access list criteria. acl acl-number: Specifies an ACL. The peer devices that match the ACL have the access right specified in this command. The acl-number argument represents a basic ACL number in the range of 2000 to 2999. Usage guidelines You can control NTP access by using ACL. The access rights are in the following order, from least restrictive to most restrictive: peer, server, synchronization, and query. The device processes an NTP request by following these rules: • If no NTP access control is configured, peer is granted to the local device and peer devices. • If the IP address of the peer device matches a permit statement in an ACL for more than one access right, the least restrictive access right is granted to the peer device. If a deny statement or no ACL is matched, no access right is granted. • If no ACL is created for a specific access right, the associated access right is not granted. • If no ACL is created for any access right, peer is granted. The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication. Examples # Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device. system-view [Sysname] acl number 2001 [Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255 [Sysname-acl-basic-2001] quit [Sysname] ntp-service access peer acl 2001 Related commands • ntp-service authentication enable • ntp-service authentication-keyid • ntp-service reliable authentication-keyid ntp-service authentication enable Use ntp-service authentication enable to enable NTP authentication. Use undo ntp-service authentication enable to disable NTP authentication. Syntax ntp-service authentication enable 27