1-10Configuring Access Control RightWith the following command, you can configure the NTP service access-control right to the local devicefor a peer device. There are four access-control rights, as follows:z query: Control query right. This level of right permits the peer device to perform control query to theNTP service on the local device but does not permit the peer device to synchronize its clock to thelocal device. The so-called “control query” refers to query of state of the NTP service, includingalarm information, authentication status, clock source information, and so on.z synchronization: Synchronization right. This level of right permits the peer device to synchronizeits clock to the local device but does not permit the peer device to perform control query.z server: Server right. This level of right permits the peer device to perform synchronization andcontrol query to the local device but does not permit the local device to synchronize its clock to thepeer device.z peer: Peer access. This level of right permits the peer device to perform synchronization andcontrol query to the local device and also permits the local device to synchronize its clock to thepeer device.From the highest NTP service access-control right to the lowest one are peer, server,synchronization, and query. When a device receives an NTP request, it will perform anaccess-control right match in this order and use the first matched right.Configuration PrerequisitesPrior to configuring the NTP service access-control right to the local device for peer devices, you needto create and configure an ACL associated with the access-control right. For the configuration of ACL,refer to ACL Configuration in Security Volume.Configuration ProcedureFollow these steps to configure the NTP service access-control right to the local device for peerdevices:To do… Use the command… RemarksEnter system view system-view —Configure the NTP serviceaccess-control right to the localdevice for peer devicesntp-service access { peer |server | synchronization |query } acl-numberOptionalpeer by defaultThe access-control right mechanism provides only a minimum degree of security protection for the localdevice. A more secure method is identity authentication.Configuring NTP AuthenticationIn networks with higher security requirements, the NTP authentication function must be enabled to runNTP. Through password authentication on the client and the server, the clock of the client is
