Operation Manual – NTPH3C S5600 Series Ethernet Switches Chapter 1 NTP Configuration1-13clock of the client is synchronized only to that of the server that passes theauthentication. This improves network security. Table 1-2 shows the roles of devices inthe NTP authentication function.Table 1-2 Description on the roles of devices in NTP authentication functionRole of device Working modeClient in the server/client modeClient in the broadcast modeClient in the multicast modeClientSymmetric-active peer in the symmetric peer modeServer in the server/client modeServer in the broadcast modeServer in the multicast modeServerSymmetric-passive peer in the symmetric peer mode1.5.1 Configuration PrerequisitesNTP authentication configuration involves:z Configuring NTP authentication on the clientz Configuring NTP authentication on the serverObserve the following principles when configuring NTP authentication:z If the NTP authentication function is not enabled on the client, the clock of theclient can be synchronized to a server no matter whether the NTP authenticationfunction is enabled on the server (assuming that other related configurations areproperly performed).z For the NTP authentication function to take effect, a trusted key needs to beconfigured on both the client and server after the NTP authentication is enabled onthem.z The local clock of the client is only synchronized to the server that provides atrusted key.z In addition, for the server/client mode and the symmetric peer mode, you need toassociate a specific key on the client (the symmetric-active peer in the symmetricpeer mode) with the corresponding NTP server (the symmetric-passive peer in thesymmetric peer mode); for the NTP broadcast/multicast mode, you need toassociate a specific key on the broadcast/multicast server with the correspondingNTP broadcast/multicast client. Otherwise, NTP authentication cannot be enablednormally.z Configurations on the server and the client must be consistent.
