NTP Security Authentication for Base Stations Base stations are deployed on public networks.

If a base station uses an invalid re

Figure 3-4 Principle for NTP security authentication
If the AUTHMODE parameter in the NTPCP MO is not set to PLAIN(Plain), NTP security authentication is performed in encryptio
NOTE Only 3900 series base stations support NTP
f a base station uses an invalid reference clock, the time on the base station becomes incorrect. This may cause errors in information such a

tication is performed in encryption mode. The authentication procedure is as follows: 1. After calculating the checksum of NTP packets, the
ause errors in information such as error alarms and logs, affecting base station maintenance. NTP security authentication protects the inte

he checksum of NTP packets, the NTP server sends the checksum and NTP packets to the base station. 2. The base station calculates the ch
authentication protects the integrity and authenticates the source of NTP packets received by base stations to ensure that base stations us

he base station calculates the checksum of the received NTP packets, and compares the calculated checksum with that in the NTP packets.
s to ensure that base stations use valid reference clock. The AUTHMODE, KEY, and KEYID parameters in the NTPCP MO on a base station fu

m with that in the NTP packets. l If the checksums are identical, the NTP packets were not tampered with during transmission and pass the
 NTPCP MO on a base station functioning as an NTP client must be set to the same values as those on the NTP server. NTP security authen

during transmission and pass the NTP security authentication. l If the checksums are different, the NTP packets were tampered with and fa
NTP server. NTP security authentication supports Data Encryption Standard (DES) and MD5. DES has been cracked and is not recommended

kets were tampered with and fail the NTP security authentication. If the AUTHMODE parameter in the NTPCP MO is set to PLAIN(Plain), th
cracked and is not recommended. NTP security authentication uses digital signatures to verify NTP packets to ensure the validity of the refe

PCP MO is set to PLAIN(Plain), the NTP server sends NTP packets directly to the base station without encryption, and therefore the base sta
 to ensure the validity of the reference time received by base stations. Figure 3-4 illustrates the principle for NTP security authentication.

ption, and therefore the base station does not need to decrypt the received NTP packets.
r NTP security authentication.