20To do… Use the command… RemarksEnter system view system-view —Configure the NTP serviceaccess-control right for a peerdevice to access the local devicentp-service access { peer | query |server | synchronization }acl-numberRequiredpeer by defaultNOTE:The access-control right mechanism provides only a minimum level of security protection for a systemrunning NTP. A more secure method is identity authentication.Configuring NTP authenticationNTP authentication should be enabled for a system running NTP in a network with a high securitydemand. It enhances the network security by means of client-server key authentication, which prohibits aclient from synchronizing with a device that has failed authentication.Configuration prerequisitesNTP authentication requires configuration on the client and on the server.The following principles apply:• For all synchronization modes, when you enable the NTP authentication feature, configure anauthentication key and specify it as a trusted key. In other words, the ntp-service authenticationenable command must work together with the ntp-service authentication-keyid command and thentp-service reliable authentication-keyid command. Otherwise, the NTP authentication functioncannot be normally enabled.• For client/server mode or symmetric mode, associate the specified authentication key on the client(symmetric-active peer if in the symmetric peer mode) with the corresponding NTP server(symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTP authentication featurecannot be normally enabled.• For broadcast server mode or multicast server mode, associate the specified authentication key onthe broadcast server or multicast server with the corresponding NTP server. Otherwise, the NTPauthentication feature cannot be normally enabled.• For client/server mode, if the NTP authentication feature has not been enabled for the client, theclient can synchronize with the server regardless of whether the NTP authentication feature hasbeen enabled for the server. If the NTP authentication is enabled on a client, the client can besynchronized only to a server that can provide a trusted authentication key.• For all synchronization modes, the server side configuration and the client side configuration mustbe consistently.Configuration procedureConfiguring NTP authentication for a clientFollow these steps to configure NTP authentication for a client:To do… Use the command… RemarksEnter system view system-view —