Network time protocol (NTP) is a time
synchronization protocol defined in RFC1305. It is used for time
synchronization between a set of distributed time servers and clients. NTP transmits
packets through UDP port 123.
NTP is intended for time synchronization between
all devices that have clocks in a network so that the clocks of all devices can
keep consistent. Thus, the devices can provide multiple unified-time-based applications.
A local system running NTP can not only be
synchronized by other clock sources, but also serve as a clock source to
synchronize other clocks. Besides, it can synchronize, or be synchronized by other
systems by exchanging NTP packets.
NTP is mainly applied to synchronizing the
clocks of all devices in a network. For example:
l
In network management, the analysis of the log
information and debugging information collected from different devices is
meaningful and valid only when network devices that generate the information
adopts the same time.
l
The billing system requires that the clocks of
all network devices be consistent.
l
Some functions, such as restarting all network devices
in a network simultaneously require that they adopt the same time.
l
When multiple systems cooperate to handle a
rather complex transaction, they must adopt the same time to ensure a correct
execution order.
l
To perform incremental backup operations between
a backup server and a host, you must make sure they adopt the same time.
As setting the system time manually in a
network with many devices leads to a lot of workload and cannot ensure the
accuracy, it is unfeasible for an administrator to perform the operation. However,
an administrator can synchronize the clocks of devices in a network with
required accuracy by performing NTP configuration.
NTP has the following advantages:
l
Defining the accuracy of clocks by stratum to
synchronize the clocks of all devices in a network quickly
l
Supporting access control and MD5 authentication
l
Sending protocol packets in unicast, multicast,
or broadcast mode
l
The clock stratum determines the accuracy, which
ranges from 1 to 16. The stratum of a reference clock ranges from 1 to 15. The clock
accuracy decreases as the stratum number increases. A stratum 16 clock is in the
unsynchronized state and cannot serve as a reference clock.
l
The local clock of an S3100-52P Ethernet switch cannot
operate as a reference clock. It can serve as a NTP server only after
synchronized.
Figure 1-1 shows the implementation principle of NTP.
Ethernet switch A (LS_A) is connected to
Ethernet switch B (LS_B) through Ethernet ports. Both have their own system
clocks, and they need to synchronize the clocks of each other through NTP. To
help you to understand the implementation principle, we suppose that:
l
Before the system clocks of LS_A and LS_B are
synchronized, the clock of LS_A is set to 10:00:00 am, and the clock of LS_B is
set to 11:00:00 am.
l
LS_B serves as the NTP server, that is, the
clock of LS_A will be synchronized to that of LS_B.
l
It takes one second to transfer an NTP packet
from LS_A to LS_B or from LS_A to LS_B.
Figure 1-1 Implementation principle of NTP
The procedure of synchronizing the system
clock is as follows:
l
LS_A sends an NTP packet to LS_B, with a
timestamp 10:00:00 am (T1) identifying when it is sent.
l
When the packet arrives at LS_B, LS_B inserts its
own timestamp 11:00:01 am (T2) into the packet.
l
When the NTP packet leaves LS_B, LS_B inserts its
own timestamp 11:00:02 am (T3) into the packet.
l
When receiving a response packet, LS_A inserts a
new timestamp 10:00:03 am (T4) into it.
At this time, LS_A has enough information
to calculate the following two parameters:
l
Delay for an NTP packet to make a round trip
between LS_A and LS_B:
Delay
= (T4 -T1)-(T3 -T2).
l
Time offset of LS_A relative to LS_B:
Offset
= ((T2 -T1) + (T3 -T4))/2.
LS_A can then set its own clock according
to the above information to synchronize its clock to that of LS_B.
For detailed information, refer to RFC1305.
According to the network structure and the
position of the local Ethernet switch in the network, the local Ethernet switch
can work in multiple NTP modes to synchronize the clock.
I. Client/server mode
Figure 1-2 Client/sever mode
II. Peer mode
Figure 1-3 Peer mode
In the peer mode, the local S3100-52P
Ethernet switch serves as the active peer and sends clock synchronization request
packets first, while the remote server serves as the passive peer automatically.
If both of the peers have reference clocks,
the one with a smaller stratum number is adopted.
III. Broadcast mode
Figure 1-4 Broadcast mode
IV. Multicast mode
Figure 1-5 Multicast mode
Table 1-1 describes how the above mentioned NTP modes are implemented on S3100-52P Ethernet switch.
Table 1-1 NTP
implementation modes on S3100-52P Ethernet switch
|
NTP implementation mode
|
Configuration on S3100-52P switch
|
|
Client/server mode
|
Configure the local S3100-52P Ethernet switch
to operate in the NTP server mode. In this mode, the remote server serves as
the local time server, while the local switch serves as the client.
|
|
Peer mode
|
Configure the local S3100-52P switch to
operate in NTP peer mode. In this mode, the remote server serves as the peer
of the S3100-52P switch, and the local switch serves as the active peer.
|
|
Broadcast mode
|
l Configure the local S3100-52P Ethernet switch to operate in NTP
broadcast server mode. In this mode, the local switch broadcasts NTP packets
through the VLAN interface configured on the switch.
l Configure the S3100-52P switch to operate in NTP broadcast client
mode. In this mode, the local S3100-52P switch receives broadcast NTP packets
through the VLAN interface configured on the switch.
|
|
Multicast mode
|
l Configure the local S3100-52P Ethernet switch to operate in NTP
multicast server mode. In this mode, the local switch sends multicast NTP
packets through the VLAN interface configured on the switch.
l Configure the local S3100-52P Ethernet switch to operate in NTP
multicast client mode. In this mode, the local switch receives multicast NTP
packets through the VLAN interface configured on the switch.
|
Caution:
An S3100-52P Ethernet
switch can operate in the NTP peer, NTP broadcast server, or NTP multicast
server mode only after its clock is synchronized.
An S3100-52P Ethernet switch can operate in
one of the following NTP modes:
l
NTP client mode
l
NTP server mode
l
NTP peer mode
l
NTP broadcast server mode
l
NTP broadcast client mode
l
NTP multicast server mode
l
NTP multicast client mode
You need to perform configurations only on
the client (or the active peer) when you want an S3100-52P Ethernet switch to operate
in NTP server mode (or NTP peer mode). However, you need to perform
configurations on both the server and client when you want the switch to operate
in NTP broadcast mode or NTP multicast mode.
Table 1-2 Configure NTP implementation modes
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the switch to operate in NTP client
mode
|
ntp-service unicast-server { remote-ip | server-name } [
authentication-keyid key-id | priority | source-interface
Vlan-interface vlan-id | version number ]*
|
Optional
By default, no Ethernet switch operates
in NTP client mode.
|
|
Configure the switch to operate in NTP
peer mode
|
ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid
key-id | priority | source-interface Vlan-interface
vlan-id | version number ]*
|
Optional
By default, no Ethernet switch operates
in NTP peer mode.
|
|
Enter VLAN interface view
|
interface Vlan-interface
vlan-id
|
—
|
|
Configure the switch to operate in the NTP
broadcast client mode
|
ntp-service broadcast-client
|
Optional
By default, no Ethernet switch operates
in NTP broadcast client mode.
|
|
Configure the switch to operate in NTP
broadcast server mode
|
ntp-service broadcast-server [ authentication-keyid key-id
| version number ]*
|
Optional
By default, no Ethernet switch operates
in NTP broadcast server mode.
|
|
Configure the switch to operate in NTP
multicast client mode
|
ntp-service multicast-client [ ip-address ]
|
Optional
By default, no Ethernet switch operates
in NTP multicast client mode.
|
|
Configure the switch to operate in NTP
multicast server mode
|
ntp-service multicast-server [ ip-address ] [ authentication-keyid
keyid | ttl ttl-number | version number ]*
|
Optional
By default, no Ethernet switch operates
in NTP multicast server mode.
|
To reduce the risk of being attacked by malicious users against
opened socket and enhance switch security, the S3100-52P Ethernet switch
provide the following functions, so that a socket is opened only when it is
needed:
l
Opening UDP port 123 (used for NTP) when NTP is
enabled;
l
Close UDP port 123 when NTP is disabled.
The preceding functions are implemented as follows:
l
When you enable NTP by using the ntp-service
unicast-server, ntp-service unicast-peer, ntp-service
broadcast-client, ntp-service broadcast-server, ntp-service
multicast-client, or ntp-service multicast-server command,
UDP port 123 is opened at the same time.
l
When you disable NTP from operating in any modes
by using the undo forms of the preceding six commands, UDP port 123 is
closed at the same time.
I. NTP client mode
l
The remote server specified by the remote-ip
or server-name argument serves as the NTP server. The local S3100-52P Ethernet
switch serves as the client. The clock of the client is synchronized to the NTP
server, while the clock of the NTP server is not synchronized to the client.
l
The IP address specified by the remote-ip
argument cannot be a broadcast address, a multicast address, or the IP address
used by the local reference clock.
II. NTP peer mode
l
The remote server specified by the remote-ip
or peer-name argument serves as the peer of the local Ethernet switch,
and the local Ethernet switch operates in the active peer mode. The clock of
the local switch can be synchronized to the remote server or used to
synchronize the clock of the remote server.
l
The IP address specified by the remote-ip
argument cannot be a broadcast address, a multicast address, or the IP address
used by the local reference clock.
III. NTP broadcast server mode
When an S3100-52P Ethernet switch operates
in NTP broadcast server mode, it broadcasts clock synchronization packets
periodically. The devices in NTP broadcast client mode will respond to these
packets and start the clock synchronization process.
IV. NTP multicast server mode
When an S3100-52P
Ethernet switch operates in NTP multicast server mode, it multicasts clock
synchronization packets periodically. The devices in the NTP multicast client
mode will respond to these packets and start the clock synchronization process.
The switch operating in this mode can support up to 1,024 multicast clients.
l
The total number of the servers and peers
configured for a switch is up to 128.
l
After the configuration, an S3100-52P Ethernet
switch does not establish connections with peers if it operates in NTP server mode.
Whereas if it operates in any of the other modes, it establishes connections
with peers.
l
If an S3100-52P Ethernet switch operates in passive
peer mode, NTP broadcast client mode, or NTP multicast client mode, it establishes
connections with peers dynamically. If it operates in any of the other modes, it
establishes connections with peers statically.
The access control right to the NTP server only
provides a minimal degree of security measure. A more secure way is to perform
identity authentication.
The right of an access request received by
the NTP server is matched from the highest to the lowest in order of peer,
server, synchronization, and query.
Table 1-3 Configure the access control right
to the local NTP server
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure the access control right to the
local NTP server
|
ntp-service access { peer | server | synchronization | query
} acl-number
|
Optional
By default, the access control right to
the local NTP server is peer.
|
In networks with higher security
requirements, the NTP authentication function must be enabled to run NTP. Through
password authentication on the client and the server, the client is
synchronized only to the server that passes the authentication. This improves
network security.
NTP authentication configuration involves:
l
Configuring NTP authentication on the client
l
Configuring NTP authentication on the server
Observe the following principles when configuring
NTP authentication:
l
If the NTP authentication function is not enabled
on the client, the client can be synchronized to a server no matter whether the
NTP authentication function is enabled on the server (assuming that other
related configurations are performed).
l
You need to couple the NTP authentication with a
trusted key.
l
Configurations on the server and the client must
be consistent.
l
The client with the NTP authentication function
enabled is only synchronized to the server that provides a trusted key.
I. Configuring NTP authentication
on the client
Table 1-4 Configure NTP authentication
on the client
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable the NTP authentication function globally
|
ntp-service authentication enable
|
Required
By default, the NTP authentication
function is disabled.
|
|
Configure the NTP authentication key
|
ntp-service authentication-keyid key-id authentication-model md5 value
|
Required
By default, no NTP authentication key is
configured.
|
|
Configure the specified key to be a trusted
key
|
ntp-service reliable authentication-keyid
key-id
|
Required
By default, no trusted key is configured.
|
|
Associate
the specified key with the corresponding NTP server
|
NTP client
mode:
ntp-service unicast-server { remote-ip | server-name } authentication-keyid
key-id
|
l In NTP client mode and NTP peer mode, you need to associate the
specified key with the corresponding NTP server on the client.
l You can associate the NTP server with the authentication key while
configuring NTP mode. You can also use this command to associate them after configuring
NTP mode.
|
|
Peer mode:
ntp-service unicast-peer { remote-ip | peer-name } authentication-keyid
key-id
|
l
NTP authentication requires that the
authentication keys configured for the server and the client are the same.
Besides, the authentication keys must be trusted keys. Otherwise, the client
cannot be synchronized with the server.
l
In NTP server mode and NTP peer mode, you need
to associate the specified key with the corresponding NTP server (active peer)
on the client (passive peer). In these two modes, multiple servers (active
peers) may be configured for a client/passive peer, and therefore, the
authentication key is required to determine which server the client is
synchronized to.
II. Configuring NTP authentication
on the server
Table 1-5 Configure NTP authentication
on the server
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable NTP authentication
|
ntp-service authentication enable
|
Required
By default, the NTP authentication function
is disabled.
|
|
Configure an NTP authentication key
|
ntp-service authentication-keyid key-id authentication-mode md5 value
|
Required
By default, no NTP authentication key is
configured.
|
|
Configure the specified key to be a trusted
key
|
ntp-service reliable
authentication-keyid key-id
|
Required
By default, no trusted authentication key
is configured.
|
|
Enter VLAN interface view
|
interface Vlan-interface
vlan-id
|
—
|
|
Associate the specified key with the
corresponding NTP server
|
Broadcast server mode:
ntp-service broadcast-server authentication-keyid key-id
|
l
In NTP broadcast server mode and NTP multicast
server mode, you need to associate the specified key with the corresponding
NTP server on the server
l
You can associate an NTP server with an authentication
key while configuring NTP mode. You can also use this command to associate
them after configuring the NTP mode.
|
|
Multicast server mode:
ntp-service multicast-server authentication-keyid key-id
|
The procedure for
configuring NTP authentication on the server is the same as that on the client.
Besides, the client and the server must be configured with the same authentication
key.
Optional NTP parameters are:
l
Local VLAN interface that sends NTP packets
l
Number of dynamic sessions that can be
established locally
l
VLAN interface disabled from receiving NTP
packets
Table 1-6 Configure optional NTP parameters
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure a local interface that sends
NTP packets
|
ntp-service source-interface Vlan-interface vlan-id
|
Optional
|
|
Configure the number of sessions that can
be established locally
|
ntp-service max-dynamic-sessions number
|
Optional
By default, up to 100 dynamic sessions can
be established locally.
|
|
Enter VLAN interface view
|
interface Vlan-interface
vlan-id
|
—
|
|
Disable an interface from receiving NTP
packets
|
ntp-service in-interface disable
|
Optional
By default, a VLAN interface receives NTP
packets.
|
Caution:
l
If a sending interface is specified in the ntp-service
unicast-server command or the ntp-service unicast-peer command, the
source IP address of an NTP packet is the address of this interface.
l
Dynamic connections can be established when a
switch operates in passive peer mode, NTP broadcast client mode, or NTP
multicast client mode. In other modes, the connections established are static.
After the above configurations, you can
execute display commands in any view to display the running status of
switch, and verify the effect of the configurations.
Table 1-7 Display and debug NTP
|
Operation
|
Command
|
Description
|
|
Display the status of NTP services
|
display ntp-service status
|
The display commands can be
executed in any view
|
|
Display the information about the
sessions maintained by NTP
|
display ntp-service sessions [ verbose ]
|
|
Display the brief information about NTP
servers along the path from the local device to the reference clock source
|
display ntp-service trace
|
I. Network requirements
The local clock of H3C1 is set to the NTP master
clock, with a stratum level of 2.
H3C1 is a switch that allows the local clock to serve as the NTP master
clock.
An S3100-52P Ethernet switch considers H3C1
as the NTP server and operates in client mode, while H3C1 operates in server mode
automatically.
II. Network diagram
Figure 1-6 Network
diagram for the NTP server mode configuration
III. Configuration procedure
Perform the following configurations on the
S3100-52P switch.
# View the NTP status of the S3100-52P
switch before synchronization.
<S3100-52P> display ntp-service
status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequence: 99.8562 Hz
Actual frequence: 99.8562 Hz
Clock precision: 2^7
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan
1 1900 (00000000.00000000)
# Set H3C1 to the NTP server of the S3100-52P
switch.
<S3100-52P> system-view
[S3100-52P] ntp-service unicast-server
1.0.1.11
# (After the above configurations, the S3100-52P
switch is synchronized to H3C1.) View the NTP status of the S3100-52P switch.
[S3100-52P] display ntp-service
status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
Nominal frequence: 250.0000 Hz
Actual frequence: 249.9992 Hz
Clock precision: 2^19
Clock offset: 0.66 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC Thu
Sep 6 2001 (BF422AE4.05AEA86C)
The above output information indicates that
the S3100-52P switch is synchronized to H3C1, and the stratum level of its clock
is 3, one level lower than that of H3C1.
# View the information about NTP sessions
of the S3100-52P switch. (You can see that the S3100-52P switch establishes a connection
with H3C1.)
[S3100-52P] display
ntp-service sessions
source reference
stra reach poll now offset delay disper
**************************************************************************
[12345]1.0.1.11 127.127.1.0 2
1 64 1 350.1 15.1 0.0
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
I. Network requirements
The local clock of H3C2 is set to the NTP master
clock, with the clock stratum level of 2.
An S3100-52P Ethernet switch considers H3C2
as the NTP server and serves as the client, while H3C2 operates in server mode
automatically. In addition, H3C3 considers the S3100-52P Ethernet switch as its
peer.
This example
assumes that:
l
H3C2 is a switch that allows its local clock to
be the master clock.
l
H3C3 is a switch that allows its local clock to
be the master clock and the stratum level of its clock is 1.
II. Network diagram
Figure
1-7 Network diagram for NTP peer mode configuration
III. Configuration procedure
1)
Configure the S3100-52P switch.
# Set H3C2 to the NTP server.
<S3100-52P> system-view
[S3100-52P] ntp-service unicast-server
3.0.1.31
2)
Configure H3C3 (after the S3100-52P Ethernet switch
is synchronized to H3C2).
# Enter system view.
<H3C3> system-view
[H3C3]
# Set the S3100-52P Ethernet switch to the
peer of H3C3.
[H3C3] ntp-service unicast-peer 3.0.1.33
The S3100-52P Ethernet switch and H3C3 are a
pair of peers. H3C3 operates in active peer mode, while the S3100-52P Ethernet switch
operates in passive peer mode. Because the stratum level of the local clock of H3C3
is 1, and that of the S3100-52P Ethernet switch is 3, the S3100-52P Ethernet switch
is synchronized to Qudiway3.
View the status of the S3100-52P Ethernet switch
after synchronization.
[S3100-52P] display ntp-service
status
Clock status: synchronized
Clock stratum: 2
Reference clock ID: 3.0.1.32
Nominal frequency: 250.0000 Hz
Actual frequency: 249.9992 Hz
Clock precision: 2^19
Clock offset: 0.66 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC Thu
Sep 6 2001 (BF422AE4.05AEA86C)
The output information indicates that the S3100-52P
Ethernet switch is synchronized to H3C3 and the stratum level of its local
clock is 2, one level lower than that H3C3.
# View the information about the NTP
sessions of the S3100-52P Ethernet switch (you can see that a connection is
established between the S3100-52P Ethernet switch and H3C3).
[S3100-52P] display ntp-service
sessions
source reference
stra reach poll now offset delay disper
**************************************************************************
[2]3.0.1.32 127.127.1.0 1
1 64 1 350.1 15.1 0.0
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
I. Network requirements
The local clock of H3C3 is set to the NTP
master clock, with a stratum level of 2. NTP packets are broadcast through Vlan-interface2.
Configure S3100-52P-1 and S3100-52P-2 to
listen to broadcast packets through their own Vlan-interface2.
This example assumes
that H3C3 is a switch that supports the local clock being the master clock.
II. Network diagram
Figure
1-8 Network diagram for the NTP broadcast mode
configuration
III. Configuration procedure
1)
Configure H3C3.
# Enter system view.
<H3C3> system-view
[H3C3]
# Enter Vlan-interface2 view.
[H3C3] interface Vlan-interface 2
[H3C3-Vlan-interface2]
# Set H3C3 to the broadcast server, which
sends broadcast packets through Vlan-interface2.
[H3C3-Vlan-interface2] ntp-service
broadcast-server
2)
Configure S3100-52P-1.
# Enter system view.
<S3100-52P-1> system-view
[S3100-52P-1]
# Enter Vlan-interface2 view.
[S3100-52P-1] interface Vlan-interface
2
[S3100-52P-1-Vlan-interface2]
# Set S3100-52P-1 to a broadcast client.
[S3100-52P-1-Vlan-interface2] ntp-service
broadcast-client
3)
Configure S3100-52P-2
# Enter system view.
<S3100-52P-2> system-view
[S3100-52P-2]
# Enter Vlan-interface2 view.
[S3100-52P-2] interface Vlan-interface
2
[S3100-52P-2-Vlan-interface2]
# Set S3100-52P-2 to a broadcast client.
[S3100-52P-2-Vlan-interface2] ntp-service
broadcast-client
After the above configurations, S3100-52P-1
and S3100-52P-2 will listen to broadcast packets through their own Vlan-interface2,
and H3C3 will send broadcast packets through Vlan-interface2. Because S3100-52P-2
and H3C3 do not share the same network segment, S3100-52P-2 cannot receive
broadcast packets from H3C3, while S3100-52P-1 is synchronized to H3C3 after
receiving broadcast packets from H3C3.
View the status of S3100-52P-1 after
synchronization.
[S3100-52P-1] display ntp-service
status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 3.0.1.31
Nominal frequency: 250.0000 Hz
Actual frequency: 249.9992 Hz
Clock precision: 2^19
Clock offset: 198.7425 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC Thu
Sep 6 2001 (BF422AE4.05AEA86C)
The output information indicates that S3100-52P-1
is synchronized to H3C3, with the clock stratum level of 3, one level lower
than that of H3C3.
# View the information about the NTP
sessions of S3100-52P-1 and you can see that a connection is established
between S3100-52P-1 and H3C3.
[S3100-52P-1] display ntp-service sessions
source reference
stra reach poll now offset delay disper
**************************************************************************
[1]3.0.1.31 127.127.1.0
2 1 64 377 26.1 199.53 9.7
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
I. Network requirements
The local clock of H3C3 is set to the NTP
master clock, with a clock stratum level of 2. H3C3 advertises multicast
packets through Vlan-interface2.
S3100-52P-1 and S3100-52P-2 respectively
listen to multicast packets through their own Vlan-interface2.
This example assumes
that H3C3 is a switch that supports the local clock being the master clock.
II. Network diagram
Figure
1-9 Network diagram for NTP multicast mode
configuration
III. Configuration procedure
1)
Configure H3C3.
# Enter system view.
<H3C3> system-view
[H3C3]
# Enter VLAN-interface2 view.
[H3C3] interface Vlan-interface 2
# Set H3C3 to a multicast server.
[H3C3-Vlan-interface2] ntp-service
multicast-server
2)
Configure S3100-52P-1.
# Enter system view.
<S3100-52P-1> system-view
[S3100-52P-1]
# Enter Vlan-interface2 view.
[S3100-52P-1] interface Vlan-interface
2
# Set S3100-52P-1 to a multicast client.
[S3100-52P-1-Vlan-interface2] ntp-service
multicast-client
3)
Configure S3100-52P-2.
# Enter system view.
<S3100-52P-2> system-view
[S3100-52P-2]
# Enter Vlan-interface2 view.
[S3100-52P-2] interface Vlan-interface
2
# Set S3100-52P-2 to a multicast client.
[S3100-52P-2-Vlan-interface2] ntp-service
multicast-client
After the above configurations, S3100-52P-1
and S3100-52P-2 respectively listen to multicast packets through their own Vlan-interface2,
and H3C3 advertises multicast packets through Vlan-interface2. Because S3100-52P-2
and S3100-52P-3 do not share the same network segment, S3100-52P-2 cannot
receive multicast packets from H3C3, while S3100-52P-1 is synchronized to H3C3
after receiving multicast packets from H3C3.
View the status of S3100-52P-1 after
synchronization.
[S3100-52P-1] display ntp-service
status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 3.0.1.31
Nominal frequency: 250.0000 Hz
Actual frequency: 249.9992 Hz
Clock precision: 2^19
Clock offset: 198.7425 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC Thu
Sep 6 2001 (BF422AE4.05AEA86C)
The output information indicates that S3100-52P-1
is synchronized to H3C3, with a clock stratum level of 3, one stratum level lower
than that H3C3.
# View the information about the NTP
sessions of S3100-52P-1 (You can see that a connection is established between S3100-52P-1
and H3C3).
[S3100-52P-1] display ntp-service sessions
source reference stra
reach poll now offset delay disper
**************************************************************************
[1]3.0.1.31 127.127.1.0 2 1
64 377 26.1 199.53 9.7
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
I. Network requirements
The local clock of H3C1 is set to the NTP master
clock, with a clock stratum level of 2.
An S3100-52P Ethernet switch considers H3C1
as the NTP server and operates in client mode, while H3C1 operates in server mode
automatically. In addition, the NTP authentication function is enabled on both
sides.
This example assumes that H3C1 is a switch that supports the local
clock being the NTP master clock.
II. Network diagram
Figure
1-10 Network diagram for NTP se rver mode with
authentication configuration
III. Configuration procedure
1)
Configure the S3100-52P Ethernet switch.
# Enter system view.
<S3100-52P> system-view
[S3100-52P]
# Set H3C1 to the NTP server.
[S3100-52P] ntp-service unicast-server
1.0.1.11
# Enable the NTP authentication function.
[S3100-52P] ntp-service authentication
enable
# Configure an MD5 authentication key, with
the key ID being 42 and the key being aNiceKey.
[S3100-52P] ntp-service
authentication-keyid 42 authentication-mode md5 aNiceKey
# Specify the key as a trusted key.
[S3100-52P] ntp-service reliable
authentication-keyid 42
[S3100-52P] ntp-service unicast-server
1.0.1.11 authentication-keyid 42
After the above configurations, S3100-52P is
ready to synchronize with H3C1. Because the NTP authentication function is not
enabled on H3C1, S3100-52P will fail to be synchronized to H3C1.
To synchronize the S3100-52P Ethernet
switch, you need to perform the following configurations on H3C1.
# Enable the NTP authentication function on
H3C1.
[H3C1] system-view
[H3C1] ntp-service authentication
enable
# Configure an MD5 authentication key, with
the key ID being 42 and the key being aNiceKey.
[H3C1] ntp-service authentication-keyid
42 authentication-mode md5 aNiceKey
# Specify the key as a trusted key.
[H3C1] ntp-service reliable
authentication-keyid 42
(After the above configurations, the S3100-52P
Ethernet switch can be synchronized to H3C1.) View the status of S3100-52P after
synchronization.
[S3100-52P] display ntp-service
status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
