NTP access control is a simple security measure. When an access request reaches the local end, the access request is successively matched with the access authority from the maximum one to the minimum one. The first successfully matched access authority takes effect. The matching order is: peer, server, synchronization, and query.
1 peer: indicates the maximum access authority. The remote end can perform time requests and control queries for the local NTP service. The local clock can also be synchronized with the clock of the remote server.
2 server: indicates that the remote end can send a time request and a control query to the local end. The local clock, however, cannot be synchronized with the clock of the remote server.
3 synchronization: indicates that the remote end can perform only the time request to the local end.
4 query: indicates the minimum access authority. The remote end can only perform the control query to the local end.
The access control authority is configured on different devices in different NTP operating modes, as described in Table 4-1.
The configuration overview :
Step 1 Run:
system-view
The system view is displayed.
Step 2 Configure the basic ACL.
Before configuring the access control rights, you must create a basic ACL. For the creation procedure, see “ACL Configuration” in the S2750&S5700&S6700 Series Ethernet Switches Configuration Guide-Security.
Step 3 Run:
ntp-service access { peer | query | server | synchronization } acl-number
The access control authority of the NTP service is configured.
By default, no access control authority is set.
Note:
Check the configuration of the ACL rule before configuring the NTP access control authority in the ACL. When the ACL rule is permit, the peer device with the source IP address specified in this rule can access the NTP service on the local device. The access right of the peer device is configured using the ntp-service access command. When the ACL rule is deny, the peer device with the source IP address specified in this rule cannot access the NTP service on the local device.
—-End
Checking the Configuration
Run the display current-configuration | include ntp command to check the NTP configuration.
Run the display ntp-service status command to check the NTP service status.
Run the display ntp-service sessions [ verbose ] command to check the NTP session status.
—-End
This configuration also works for Huawei S2700, S5700, S6700.
Customers interested in purchasing Huawei switch ch or the price, please refer to below links:
More blog:Huawei Low-end Switches Boot Upgrade For BOOTROM
Huawei Low-end Switches Upgrade The APP System
Cisco-Router-IOS Configuration Backup And Recovery
Optical attenuation is too large lead to ONU recovery failure
No comments:
Post a Comment