Network time protocol (NTP) is a time
synchronization protocol defined by RFC1305. It is used for time
synchronization among a set of distributed time servers and clients. NTP
transmits packets through UDP port 123..
NTP is intended for time synchronization of
all devices that have clocks in a network, so that the clocks of all devices
can keep consistent. This enables the applications that require unified time.
A network running NTP not only can be
synchronized by other clock sources, but also can serve as a clock source to
synchronize other clocks. Besides, it can synchronize, or be synchronized by
other systems by exchanging NTP packets.
NTP is mainly applied to synchronizing the
clocks of all the network devices in a network. For example:
l
In network management, the analysis of the log
information and debugging information collected from different devices is
meaningful and valid only when network devices that generate the information
adopts the same time.
l
The accounting system requires that the clocks
of all the network devices be consistent.
l
Some functions, such as restarting all the
network devices in a network simultaneously require that they adopt the same
time.
l
When multiple systems cooperate to handle a
rather complex event, to ensure a correct execution order, they must adopt the
same time.
l
To perform incremental backup operations between
a backup server and a host, you must make sure they adopt the same time.
As setting the system time manually in a
network with many devices leads to a lot of workload and cannot ensure the
accuracy, it is unfeasible for an administrator to perform the operation.
However, an administrator can synchronize the devices in a network with
required accuracy by performing NTP configuration.
NTP benefits from the following advantages:
l
Defining the accuracy of clocks by strata to
synchronize the time of all the devices in a network quickly
l
Supporting access control and MD5 authentication
l
Sending protocol packets in unicast, multicast
or broadcast mode
l
The accuracy of a clock is determined by its
stratum, which ranges from 1 to 16. The stratum of the reference clock ranges
from 1 to 15. The accuracy descends with the increasing of stratum number. The
clocks with the stratum of 16 are in unsynchronized state and cannot serve as
reference clocks.
l
The local clock of an S3100-SI series switch
cannot operate as a master clock. And an S3100-SI series switch can serve as a
time server only when it is synchronized.
The working principle of NTP is shown in Figure 1-1.
In Figure 1-1, The Ethernet switch A (LS_A) is connected to the Ethernet switch B (LS_B) through their Ethernet ports. Both of them have system clocks of their own, and they need to synchronize the clocks of each other through
NTP. For ease of understanding, suppose that:
l
Before the system clocks of LS_A and LS_B are
synchronized, the clock of LS_A is set to 10:00:00am, and the clock of LS_B is
set to 11:00:00am.
l
LS_B serves as the NTP time server, that is, the
clock of LS_A will be synchronized to that of LS_B.
l
It takes one second for a packet sent by one
switch to reach the other.
Figure 1-1 Working
principle of NTP
The procedures of synchronizing system
clocks are as follows:
l
LS_A sends an NTP packet to LS_B, with the
timestamp identifying the time when it is sent (that is, 10:00:00am, noted as T1)
carried.
l
When the packet arrives at LS_B, LS_B inserts
its own timestamp, which identifies 11:00:01am (noted as T2) into
the packet.
l
Before this NTP packet leaves LS_B, LS_B inserts
its own timestamp once again, which identifies 11:00:02am (noted as T3).
l
When receiving the response packet, LS_A inserts
a new timestamp, which identifies 10:00:03am (noted as T4), into it.
At this time, LS_A has enough information
to calculate the following two parameters:
l
The delay for an NTP packet to make a round trip
between LS_A and LS_B: delay = (T4 -T1)-(T3 -T2).
l
The time offset of LS_A with regard to LS_B: offset
= ((T2 -T1) + (T3 -T4))/2.
LS_A can then set its own clock according
to the above information to synchronize its clock to that of LS_B.
For the detailed information, refer to
RFC1305.
To accommodate networks of different
structures and switches in different network positions, NTP can operate in
multiple modes, as described in the following.
I. Client/Server mode
Figure 1-2
NTP implementation mode: client/Sever mode
II. Peer mode
Figure 1-3
NTP implementation mode: peer mode
In peer mode, the active peer sends clock
synchronization packets first, and its peer works as a passive peer
automatically.
If both of the peers have reference clocks,
the one with smaller stratum is adopted.
III. Broadcast mode
Figure 1-4
NTP implementation mode: broadcast mode
IV. Multicast mode
Figure 1-5
NTP implementation mode: multicast mode
Table 1-1 describes how the above mentioned NTP modes are implemented on an S3100-SI series switch.
Table 1-1 NTP implementation modes on an S3100-SI series switch
|
NTP implementation mode
|
Configuration on S3100-SI switches
|
|
Client/Server mode
|
Configure the S3100-SI switch to operate
in the NTP server mode. In this case, the remote server operates as the local
time server, and the S3100-SI switch operates as the client.
|
|
Peer mode
|
Configure the S3100-SI switch to operate
in NTP peer mode. In this case, the remote server operates as the peer of the
S3100-SI switch, and the S3100-SI switch operates as the active peer.
|
|
Broadcast mode
|
l Configure the S3100-SI switch to operate in NTP broadcast server
mode. In this case, the S3100-SI switch broadcast NTP packets through the
VLAN interface configured on it.
l Configure the S3100-SI switch to operate in NTP broadcast client
mode. In this case, the S3100-SI receives broadcast NTP packets through the
VLAN interface configured on it.
|
|
Multicast mode
|
l Configure the S3100-SI to operate in NTP multicast server mode. In
this case, the S3100-SI switch sends multicast NTP packets through the VLAN
interface configure on it.
l Configure the S3100-SI switch to operate in NTP multicast client
mode. In this case, the S3100-SI switch receives multicast NTP packets
through the VLAN interface configure on it.
|
A switch can operate in the following NTP
modes:
l
NTP client mode
l
NTP server mode
l
NTP peer mode
l
NTP broadcast server mode
l
NTP broadcast client mode
l
NTP multicast server mode
l
NTP multicast client mode
When an S3100-SI switch operates in NTP
server mode or NTP peer mode, you need to perform configuration on the client
or the active peer only. When an S3100-SI switch operates in NTP broadcast mode
or NTP multicast mode, you need to perform configurations on both the server
side and the client side.
Table 1-2 Configure NTP implementation
modes
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Configure to operate in the NTP client
mode
|
ntp-service unicast-server { remote-ip | server-name } [
authentication-keyid key-id | priority | source-interface
interface -type interface-number | version number ]*
|
Optional
By default, no Ethernet switch operates
in the NTP client mode
|
|
Configure to operate in the NTP peer mode
|
ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid
key-id | priority | source-interface interface -type
interface-number | version number ]*
|
Optional
By default, no Ethernet switch operates
in the NTP peer mode
|
|
Enter VLAN interface view
|
interface Vlan-interface
vlan-id
|
—
|
|
Configure to operate in the NTP broadcast
client mode
|
ntp-service broadcast-client
|
Optional
By default, no Ethernet switch operates
in the NTP broadcast client mode
|
|
Configure to operate in the NTP broadcast
server mode
|
ntp-service broadcast-server [ authentication-keyid key-id | version number
]*
|
Optional
By default, no Ethernet switch operates
in the NTP broadcast server mode
|
|
Configure to operate in the NTP multicast
client mode
|
ntp-service multicast-client [ ip-address ]
|
Optional
By default, no Ethernet switch operates
in the NTP multicast client mode
|
|
Configure to operate in the NTP multicast
server mode
|
ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid |
ttl ttl-number | version number ]*
|
Optional
By default, no Ethernet switch operates
in the NTP multicast server mode
|
I. NTP server mode
When an S3100-SI series switch operates in
NTP server mode,
l
The remote server identified by the remote-ip
or server-name argument operates as the NTP time server. The S3100-SI
series switch operates as the client, whose clock is synchronized to the NTP
server. (In this case, the clock of the NTP server is not synchronized to the local
client.)
l
The remote-ip argument cannot be a
broadcast or a multicast address, neither can it be the IP address of a
reference clock.
II. NTP peer mode
When an S3100-SI series switch operates in
NTP peer mode,
l
The remote server identified by the remote-ip
or peer-name argument operates as the peer of the S3100-SI series
switch, and the S3100-SI series switch operates as the active peer. The clock
of the S3100-SI series switch can be synchronized to the remote server or be
used to synchronize the clock of the remote server.
l
The remote-ip argument cannot be a
broadcast or a multicast address, neither can it be the IP address of a
reference clock.
III. NTP multicast server mode
When an S3100-SI series switch operates in
NTP multicast server mode, it can accommodate up to 1024 multicast clients.
l
The total number of the servers and peers
configured for a switch can be up to 128.
l
After the configuration, the S3100-SI series
switch does not establish connections with the peer if it operates in NTP
server mode. Whereas if it operates in any of the other modes, it establishes connections
with the peer.
l
If an S3100-SI series switch operates as a
passive peer in peer mode, NTP broadcast client mode, or NTP multicast client
mode, the connections it establishes with the peers are dynamic. If it operates
in other modes, the connections it establishes with the peers are static.
Access control permission to NTP server is
a security measure that is of the minimum extent. Authentication is more reliable
comparing to it.
An access request made to an NTP server is
matched from the highest permission to the lowest, that is, in the order of peer,
server, synchronization, and query.
Table 1-3 Configure the access control permission to the local NTP server
|
Operation
|
Command
|
Description
|
|
Enter
system view
|
system-view
|
—
|
|
Configure
the access control permission to the local NTP server
|
ntp-service
access { peer | query | server |
synchronization } acl-number
|
Optional
By
default, the access control permission to the local NTP server is peer.
|
For the networks with higher security requirements,
you can specify to perform authentications when enabling NTP. With the
authentications performed on both the client side and the server side, the
client is synchronized only to the server that passes the authentication. This
improves network security.
NTP authentication configuration involves:
l
Configuring NTP authentication on the client
l
Configuring NTP authentication on the server
Note the following when performing NTP
authentication configuration:
l
If the NTP authentication is not enabled on a
client, the client can be synchronized to a server regardless of the NTP
authentication configuration performed on the server (assuming that the related
configurations are performed).
l
You need to couple the NTP authentication with a
trusted key.
l
The configurations performed on the server and
the client must be the same.
l
A client with NTP authentication enabled is only
synchronized to a server that can provide a trusted key.
I. Configuring NTP authentication
on the client
Table 1-4 Configure NTP authentication on the client
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable NTP authentication globally
|
ntp-service authentication enable
|
Required
By default, the NTP authentication is
disabled
|
|
Configure the NTP authentication key
|
ntp-service authentication-keyid key-id authentication-model md5 value
|
Required
By default, the NTP authentication key is
not configured
|
|
Configure the specified key to be a
trusted key
|
ntp-service reliable authentication-keyid
key-id
|
Required
By default, no trusted authentication key
is configured
|
|
Associate the specified key with the
corresponding NTP server
|
NTP client mode:
ntp-service unicast-server { remote-ip | server-name } [
authentication-keyid key-id | priority | source-interface
interface-type interface-number | version number ]*
|
l
In NTP client mode and NTP peer mode, you need
to associate the specified key with the corresponding NTP server on the
client.
l
You can associate the NTP server with the
authentication key while configuring the switch to operate in a specific NTP
mode. You can also associate them using this command after configuring the
NTP mode where the switch is to operate
|
|
Peer mode:
ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid
key-id | priority | source-interface interface-type
interface-number | version number ]*
|
l
NTP authentication requires that the
authentication keys configured for the server and the client are the same.
Besides, the authentication keys must be trusted keys. Otherwise, the client
cannot be synchronized with the server.
l
In NTP server mode and NTP peer mode, you need
to associate the specified key with the corresponding NTP server/active peer on
the client/passive peer. In these two modes, multiple servers/active peers may
be configured for a client/passive peer, and a client/passive choose the
server/active peer to synchronize to by the authentication key.
II. Configuring NTP authentication
on the server
Table 1-5 Configure NTP authentication on the server
|
Operation
|
Command
|
Description
|
|
Enter system view
|
system-view
|
—
|
|
Enable NTP authentication
|
ntp-service authentication enable
|
Required
By default, NTP authentication.
|
|
Configure NTP authentication key
|
ntp-service authentication-keyid key-id authentication-model md5 value
|
Required
By default, NTP authentication key is not
configured.
|
|
Configure the specified key to be a
trusted key
|
ntp-service reliable authentication-keyid
key-id
|
Required
By default, an authentication key is not
a trusted key.
|
|
Enter VLAN interface view
|
interface Vlan-interface
vlan-id
|
—
|
|
Associate a specified key with the
corresponding NTP server
|
Broadcast server mode:
ntp-service broadcast-server authentication-keyid key-id
|
l
In NTP broadcast server mode and NTP multicast
server mode, you need to associate the specified key with the corresponding
NTP server on the server.
l
You can associate an NTP server with an authentication
key while configuring a switch to operate in a specific NTP mode. You can
also associate them using this command after configuring the NTP mode where a
switch is to operate.
|
|
Multicast server mode:
ntp-service multicast-server authentication-keyid key-id
|
The procedures for configuring NTP authentication on the server are
the same as that on the client. Besides, the client and the server must be
configured with the same authentication key.
Optional NTP parameters are:
l
The local VLAN interface that sends NTP packets
l
The number of the dynamic sessions that can be
established locally
l
Disabling the VLAN interface configured on a
switch from receiving NTP packets
Table 1-6 Configure optional NTP parameters
|
Operation
|
Command
|
Description
|
|
Enter
system view
|
system-view
|
—
|
|
Configure
the local interface that sends NTP packets
|
ntp-service
source-interface interface-type interface-number
|
Optional
|
|
Configure
the number of the sessions that can be established locally
|
ntp-service
max-dynamic-sessions number
|
Optional
By
default, up to 100 dynamic sessions can be established locally.
|
|
Enter VLAN
interface view
|
interface Vlan-interface vlan-id
|
—
|
|
Disable the interface from receiving NTP
packets
|
ntp-service in-interface disable
|
Optional
By default, a VLAN interface receives NTP
packets.
|
Caution:
l
The source IP address in an NTP packet is the
address of the sending interface specified by the ntp-service unicast-server
command or the ntp-service unicast-peer command if you provide the
address of the sending interface in these two commands.
l
Dynamic connections can only be established when
a switch operates in passive peer mode, NTP broadcast client mode, or NTP
multicast client mode. In other modes, the connections established are static.
After the above configuration, you can
execute the display command in any view to display the running status of
the NTP configuration, and verify the effect of the configuration.
Table 1-7 Display and debug NTP
|
Operation
|
Command
|
Description
|
|
Display
the status of NTP service
|
display
ntp-service status
|
The display
command can be executed in any view
|
|
Display the
information about the sessions maintained by NTP
|
display
ntp-service sessions [ verbose ]
|
|
Display
the brief information about the NTP time servers of the reference clock
sources that the local device traces to
|
display
ntp-service trace
|
I. Network requirements
Configure the local clock of H3C1 to be NTP
master clock, with the stratum being 2.
H3C1 is a switch
that allows the local clock to be the master clock.
An S3100-SI series switch operates in
client mode, with H3C1 as the time server. H3C1 operates in server mode
automatically.
II. Network diagram
Figure 1-6 Network diagram for the NTP server mode configuration
III. Configuration procedures
The following configurations are for the S3100-SI
switch.
# Display the NTP status of the S3100-SI
switch before synchronization.
<S3100-SI> display ntp-service
status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan
1 1900(00000000.00000000)
# Configure H3C1 to be the time server.
<S3100-SI> system-view
System View: return to User View with
Ctrl+Z.
[S3100-SI] ntp-service unicast-server
1.0.1.11
# After the above configuration, the S3100-SI
switch is synchronized to H3C1. Display the NTP status of the S3100-SI switch.
[S3100-SI] display ntp-service status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 3.6130 ms
Root delay: 15.61 ms
Root dispersion: 4.00 ms
Peer dispersion: 10.94 ms
Reference time: 11:28:11.883 UTC May
6 2006(C80706CB.E22B1704)
The above output information indicates that
the S3100-SI switch is synchronized to H3C1, and the stratum of its clock is 3,
one stratum higher than H3C1.
# Display the information about the NTP
sessions of the S3100-SI switch. You can see that the S3100-SI series switch
establishes a connection with H3C1.
[S3100-SI] dis ntp-service sessions
source reference stra
reach poll now offset delay disper
**************************************************************************
[12345]1.0.1.11
127.127.1.0 2 31
64 2 5.9 15.0 0.9
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
I. Network requirements
H3C2 sets the local clock to be the NTP
master clock, with the clock stratum being 2.
Configure an S3100-SI series switch to
operate as a client, with H3C2 as the time server. H3C2 will then operate in
the server mode automatically. Meanwhile, H3C3 sets the S3100-SI series switch
to be its peer.
This example
assumes that:
l
H3C2 is a switch that allows its local clock to
be the master clock.
l
H3C3 is a switch that allows its local clock to
be the master clock and the stratum of its clock is 1.
II. Network diagram
Figure 1-7 Network diagram for NTP peer mode configuration
III. Configuration procedures
1)
Configure the S3100-SI series switch.
# Set H3C2 to be the time server.
<S3100-SI> system-view
System View: return to User View with
Ctrl+Z.
[S3100-SI] ntp-service unicast-server
3.0.1.31
2)
Configure H3C3 (after the S3100-SI series switch
is synchronized to H3C2).
# Enter system view.
<H3C3> system-view
System View: return to User View with
Ctrl+Z.
[H3C3]
# After the local synchronization, set the
S3100-SI series switch to be its peer.
[H3C3] ntp-service unicast-peer
3.0.1.32
The S3100-SI series switch and H3C3 are
configured to be peers with regard to each other. H3C3 operates in active peer
mode, while the S3100-SI series switch operates in passive peer mode. Because
the stratum of the local clock of H3C3 is 1, and that of the S3100-SI switch is
3, the S3100-SI series switch is synchronized to H3C3.
Display the status of the S3100-SI switch
after the synchronization.
[S3100-SI] display ntp-service status
Clock status: synchronized
Clock stratum: 2
Reference clock ID: 3.0.1.32
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
Root delay: 49.64 ms
Root dispersion: 3.93 ms
Peer dispersion: 0.00 ms
Reference time: 11:37:45.506 UTC May
6 2006(C8070909.81A682B6)
The output information indicates that the S3100-SI
series switch is synchronized to H3C3 and the stratum of its local clock is 2,
one stratum higher than H3C3.
# Display the information about the NTP
sessions of the S3100-SI series switch and you can see that a connection is
established between the S3100-SI series switch and H3C3.
[S3100-SI] display ntp-service sessions
source
reference stra reach poll now offset delay disper
**************************************************************************
[1234] 3.0.1.32 LOCL
1 6 64 94d 0.0 49.6 0.5
[245] 3.0.1.31 127.127.1.0
2 31 64 94d 0.0 14.0 1.8
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
Total associations : 2
I. Network requirements
H3C3 sets its local clock to be an NTP
master clock, with the stratum being 2. NTP packets are broadcast through VLAN
interface 2.
Configure S3100-SI-1 and S3100-SI-2 to
listen broadcast packets through their VLAN interface 2.
This example assumes that H3C3 is a switch that supports the local
clock being the master clock.
II. Network diagram
Figure 1-8 Network diagram for the NTP broadcast mode configuration
III. Configuration procedures
1)
Configure H3C3.
# Enter system view.
<H3C3> system-view
System View: return to User View with
Ctrl+Z.
[H3C3]
# Enter VLAN interface view.
[H3C3] interface Vlan-interface 2
[H3C3-Vlan-interface2]
# Configure H3C3 to be the broadcast server
and send broadcast packets through VLAN interface 2.
[H3C3-Vlan-interface2] ntp-service
broadcast-server
2)
Configure S3100-SI-1.
# Enter system view.
<S3100-SI-1> system-view
System View: return to User View with
Ctrl+Z.
[S3100-SI-1]
# Enter VLAN -interface view.
[S3100-SI-1] interface Vlan-interface
2
[S3100-SI-1-Vlan-interface2]
# Configure S3100-SI-1 to be a broadcast
client.
[S3100-SI-1-Vlan-interface2] ntp-service
broadcast-client
3)
Configure S3100-SI-2
# Enter system view.
<S3100-SI-2> system-view
System View: return to User View with
Ctrl+Z.
[S3100-SI-2]
# Enter VLAN interface view.
[S3100-SI-2] interface Vlan-interface
2
[S3100-SI-2-Vlan-interface2]
# Configure S3100-SI-2 to be a broadcast
client.
[S3100-SI-2-Vlan-interface2] ntp-service
broadcast-client
The above configuration configures S3100-SI-1
and S3100-SI-2 to listen to broadcast packets through their VLAN interface 2,
and H3C3 to send broadcast packets through VLAN interface 2. Because S3100-SI-2
does reside in the same network segment as H3C3 resides, the former cannot
receive broadcast packets sent by H3C3, while S3100-SI-1 is synchronized to H3C3
after receiving broadcast packets sent by H3C3.
Display the status of S3100-SI-1 after the
synchronization.
[S3100-SI-1] display ntp-service
status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 3.0.1.31
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
Root delay: 14.22 ms
Root dispersion: 6.27 ms
Peer dispersion: 10.94 ms
Reference time: 11:46:52.843 UTC May
6 2006(C8070B2C.D7F7DFA0)
The output information indicates that S3100-SI-1
is synchronized to H3C3, with the clock stratum of 3, one stratum higher than H3C3.
# Display the information about the NTP
sessions of S3100-SI-1 and you can see that a connection is established between
S3100-SI-1 and H3C3.
[S3100-SI-1]
display ntp-service sessions
source reference stra reach poll now offset delay
disper
**************************************************************************
[1]3.0.1.31 127.127.1.0 2
2 64 21 0.0 14.2 63.3
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
I. Network requirements
H3C3 sets the local clock to be NTP master
clock, with the clock stratum of 2. It advertises multicast packets through
VLAN interface 2.
Configure S3100-SI-1 and S3100-SI-2 to
listen multicast packets through their VLAN interface 2.
This example
assumes that H3C3 is a switch that supports the local clock being the master
clock.
II. Network diagram
Figure 1-9 Network diagram for NTP multicast mode configuration
III. Configuration procedures
1)
Configure H3C3.
# Enter system view.
<H3C3> system-view
System View: return to User View with
Ctrl+Z.
[H3C3]
# Enter VLAN interface view.
[H3C3] interface Vlan-interface 2
# Configure H3C3 to be a multicast server.
[H3C3-Vlan-interface2] ntp-service
multicast-server
2)
Configure S3100-SI-1.
# Enter system view.
<S3100-SI-1> system-view
System View: return to User View with
Ctrl+Z.
[S3100-SI-1]
# Enter VLAN interface view.
[S3100-SI-1] interface Vlan-interface
2
# Configure 3100-SI-1 to be a multicast
client.
[S3100-SI-1-Vlan-interface2] ntp-service
multicast-client
3)
Configure S3100-SI-2.
# Enter system view.
<S3100-SI-2> system-view
System View: return to User View with
Ctrl+Z.
[S3100-SI-2]
# Enter VLAN interface view.
[S3100-SI-2] interface Vlan-interface
2
# Configure H3C1 to be a multicast client.
[S3100-SI-2-Vlan-interface2] ntp-service
multicast-client
The above configuration configures S3100-SI-1
and S3100-SI-2 to listen multicast packets through their VLAN interface 2, and H3C3
to advertise multicast packets through VLAN interface 2. Because S3100-SI-2
does not resides in the same network segment as H3C3 does, the former cannot
receive multicast packets sent by H3C3, while S3100-SI-1 is synchronized to H3C3
after receiving multicast packets sent by H3C3.
Display the status of S3100-SI-1 after the
synchronization.
[S3100-SI-1] display ntp-service
status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 3.0.1.31
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: -18.4160 ms
Root delay: 0.00 ms
Root dispersion: 4.60 ms
Peer dispersion: 10.94 ms
Reference time: 11:54:28.895 UTC May
6 2006(C8070CF4.E53836A8)
The output information indicates that S3100-SI-1
is synchronized to H3C3, with the clock stratum being 3, one stratum higher
than H3C3.
# Display the information about the NTP
sessions S3100-SI-1 and you can see that a connection is established between S3100-SI-1
and H3C3.
[S3100-SI-1] display ntp-service sessions
source reference stra reach poll now offset delay
disper
**************************************************************************
[1]3.0.1.31 127.127.1.0 2
31 64 14 -2.6 0.0 1.8
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
I. Network requirements
The local clock of H3C1 operates as the
master NTP clock, with the clock stratum set to 2.
An S3100-SI series switch operates in
client mode with H3C1 as the time server. H3C1 operates in the server mode
automatically. Meanwhile, NTP authentication is enabled on both sides.
This example
assumes that H3C1 is a switch that supports the local clock being the master
NTP clock.
II. Network diagram
Figure 1-10 Network diagram for NTP server mode with authentication
configuration
III. Configuration procedures
1)
Configure the S3100-SI series switch.
# Enter system view.
<S3100-SI> system-view
System View: return to User View with
Ctrl+Z.
[S3100-SI]
# Configure H3C1 to be the time server.
[S3100-SI] ntp-service unicast-server
1.0.1.11
# Enable NTP authentication.
[S3100-SI] ntp-service authentication
enable
# Set the MD5 key to 42, with the content
being aNiceKey.
[S3100-SI] ntp-service
authentication-keyid 42 authentication-model md5 aNiceKey
# Specify the key to be a trusted key.
[S3100-SI] ntp-service reliable
authentication-keyid 42
[S3100-SI] ntp-service unicast-server
1.0.1.11 authentication-keyid 42
When you configure
an NTP connection with authentication, it is necessary to add a specified key
after the peer entity or server in the command. Otherwise, the later sent
packets have no authentication information.
The above configuration synchronizes S3100-SI
to H3C1. As NTP authentication is not enabled on H3C1, S3100-SI will fail to be
synchronized to H3C1.
To synchronize the S3100-SI series switch,
the following configuration is needed for H3C1.
# Enable authentication on H3C1.
[H3C1] system-view
[H3C1] ntp-service authentication
enable
# Set the MD5 key to 42, with the content
being aNiceKey..
[H3C1] ntp-service authentication-keyid
42 authentication-model md5 aNiceKey
# Specify the key to be a trusted key.
[H3C1] ntp-service reliable
authentication-keyid 42
After the above configuration, the S3100-SI
series switch can be synchronized to H3C1. You can display the status of S3100-SI
after the synchronization.
[S3100-SI] display ntp-service status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 3.6130 ms
Root delay: 15.61 ms
Root dispersion: 4.00 ms
Pe
