(Optional) Configuring the Peer Mode

In peer mode, the two peers synchronize clocks with each other. One end can send the clock synchronization request message to the other and respond to the clock synchronization request message from the peer.

Procedure

Configure the NTP symmetric active end.
1. Run system-view
  The system view is displayed.
2. Run ntp-service authentication-keyid keyId authentication-mode { md5 | hmac-sha256 } { password | cipher password }
  The NTP authentication key is set.
  
  Using the HMAC-SHA256 algorithm for NTP authentication is recommended.
  
  The system automatically verifies the strength of an entered key. Only the key that meets the strength requirements can be configured. To disable key strength check, run the ntp authentication-password complexity-check disable command.
  
  Disabling the key strength check function causes security risks. Therefore, you are advised not to run this command.
3. (Optional) Run ntp-service [ ipv6 ] source-interface { interface-name | interface_type interface_number } [ vpn-instance vpnName ]
  The source interface for sending NTP packets is specified.
4. Configure an IP address for the NTP peer.
  - To specify an IP address for the remote peer, run the ntp-service unicast-peer ip-address [ version number | authentication-keyid key-id | source-interface interface-type interface-number | vpn-instance vpn-instance-name | preference | maxpoll max-number | minpoll min-number | preempt | port port-number ] ^* command.
  - To specify an IPv6 address for the remote peer, run the ntp-service unicast-peer ipv6 ipv6-address [ authentication-keyid key-id | source-interface interface-type interface-number | vpn-instance vpn-instance-name | preference | maxpoll max-number | minpoll min-number | preempt | port port-number ] ^* command.
  If step 2 is performed, and source-interface is specified in both Step 2 and Step 3, use the source interface specified in Step 3 preferentially.
  
  ip-address is the NTP peer IP address. It can be a host address, but not a broadcast address, a multicast address, or the IP address of the reference clock.
  
  After the NTP peer is specified, the local router runs in symmetric active mode. The symmetric passive end does not need to be configured.
5. Run commit
  The configuration is committed.
(Optional) Configure the NTP symmetric passive end.
1. Run system-view
  The system view is displayed.
2. Run ntp-service authentication-keyid keyId authentication-mode { md5 | hmac-sha256 } { password | cipher password }
  The NTP authentication key is set.
  
  Using the HMAC-SHA256 algorithm for NTP authentication is recommended.
  
  The system automatically verifies the strength of an entered key. Only the key that meets the strength requirements can be configured. To disable key strength check, run the ntp authentication-password complexity-check disable command.
  
  Disabling the key strength check function causes security risks. Therefore, you are advised not to run this command.
3. Run ntp-service [ ipv6 ] source-interface { interface-name | interface_type interface_num } [ vpn-instance vpnName ]
  The source interface for sending NTP packets is specified.
  
  Commonly, specify the IP address of the NTP symmetric passive on the symmetric active. The symmetric active and symmetric passive can then exchange NTP packets using this IP address.
4. Run commit
  The configuration is committed.