1-14Configuring NTP AuthenticationThe NTP authentication feature should be enabled for a system running NTP in a network where thereis a high security demand. This feature enhances the network security by means of client-server keyauthentication, which prohibits a client from synchronizing with a device that has failed authentication.Configuration PrerequisitesThe configuration of NTP authentication involves configuration tasks to be implemented on the clientand on the server.When configuring the NTP authentication feature, pay attention to the following principles:z For all synchronization modes, when you enable the NTP authentication feature, you shouldconfigure an authentication key and specify it as a trusted key. Namely, the ntp-serviceauthentication enable command must work together with the ntp-service authentication-keyidcommand and the ntp-service reliable authentication-keyid command. Otherwise, the NTPauthentication function cannot be normally enabled.z For the client/server mode or symmetric mode, you need to associate the specified authenticationkey on the client (symmetric-active peer if in the symmetric peer mode) with the correspondingNTP server (symmetric-passive peer if in the symmetric peer mode). Otherwise, the NTPauthentication feature cannot be normally enabled.z For the broadcast server mode or multicast server mode, you need to associate the specifiedauthentication key on the broadcast server or multicast server with the corresponding NTP server.Otherwise, the NTP authentication feature cannot be normally enabled.z For the client/server mode, if the NTP authentication feature has not been enabled for the client,the client can synchronize with the server regardless of whether the NTP authentication featurehas been enabled for the server or not. If the NTP authentication is enabled on a client, the clientcan be synchronized only to a server that can provide a trusted authentication key.z For all synchronization modes, the server side and the client side must be consistently configured.Configuration ProcedureConfiguring NTP authentication for a clientFollow these steps to configure NTP authentication for a client:To do… Use the command… RemarksEnter system view system-view —Enable NTP authentication ntp-service authenticationenableRequiredDisabled by defaultConfigure an NTPauthentication keyntp-serviceauthentication-keyid keyidauthentication-mode md5valueRequiredNo NTP authentication key bydefaultConfigure the key as a trustedkeyntp-service reliableauthentication-keyid keyidRequiredNo authentication key isconfigured to be trusted bydefault.