ntp-service access
Function
The ntp-service access command sets the access control authority of the local NTP.
The undo ntp-service access command cancels the configured access control authority.
By default, no access authority is set.
Format
ntp-service access { peer | query | server | synchronization | limited } { acl-number | ipv6 acl6-number } *
undo ntp-service access { peer | query | server | synchronization | limited } [ ipv6 | all ]
undo ntp-service access { peer | query | server | synchronization | limited } { acl-number | ipv6 acl6-number } *
Parameters
| Parameter | Description | Value |
|---|---|---|
| peer | Sets the fully access authority. Both time request and control query can be performed on the local NTP service, and the local clock can be synchronized to the remote server. | - |
| query | Sets the maximum access limitation. Control query can be performed only on the local NTP service. | - |
| server | Enables the server access and query. Both time requests and control query can be performed on the local NTP service, but the local clock cannot be synchronized to the remote server. | - |
| synchronization | Enables the server to access. Only time request can be performed on the local NTP service. | - |
| acl-number | Specifies the IP address access list number. | The value is in the range of 2000 to 2999. |
| ipv6 acl6-number | Specifies the IPv6 address access list number. | The value is in the range of 2000 to 2999. |
| limited | Controls the incoming packet rate and kiss code is sent when kod is enabled. | - |
| ipv6 | all | Specifies the IP address can be of IPv6 or both IPv4 and IPv6 types. | - |
Usage Guidelines
Compared with NTP authentication, ntp-service access is simpler to ensure the network security. When receiving an access query, the NTP server matches it with peer, server, synchronization , query and limited orderly, that is, from the minimum access restriction to the maximum access restriction.
Based on the access limitation to be implemented, configure this command accordingly.
NTP Operation Mode |
Restricted NTP Query |
Supported Devices |
|---|---|---|
Unicast NTP server or client mode |
Synchronizing the client with the server |
Client |
Unicast NTP server or client mode |
Clock synchronization request from the client |
Server |
NTP peer mode |
Clock synchronization with each other |
Symmetric active end |
NTP peer mode |
Clock synchronization request from the active end |
Symmetric passive end |
NTP multicast mode |
Synchronizing the client with the server |
NTP multicast client |
NTP broadcast mode |
Synchronizing the client with the server |
NTP broadcast client |
NTP manycast client mode |
Synchronizing the client with the server |
NTP manycast client |
NTP manycast server mode |
Clock synchronization request from the client |
NTP manycast server |
- If the ACL rule is set to permit or empty, a permit action will be performed.
- If the ACL rule is set to deny or the associated peer is not bound to the ACL rule, a deny action will be performed.
Example
# Enable the NTP peer in ACL 2000 to perform time request, query control and time synchronization on the local device.
<sysname> system-view
[sysname] ntp-service access peer 2000
# Enable the NTP peer in ACL 2002 to perform time request, query control on the local device.
<sysname> system-view
[sysname] ntp-service access synchronization 2002
[sysname] ntp-service access synchronization ipv6 2002