For H3C S5500-SI series Ethernet switches, local clock cannot serve as
NTP reference clock. Therefore, any switch mentioned in
this document for setting local clock as reference clock is not an H3C S5500-SI switch.
Syntax
display ntp-service sessions [ verbose ]
View
Any view
Parameter
verbose:
Displays the detailed information of all NTP sessions.
Description
Use the display ntp-service sessions
command to view the information of all NTP sessions. Without the verbose
keyword, this command will display only the brief information of all NTP
service sessions.
Example
# View the brief information of NTP service
sessions
<Sysname> display ntp-service sessions
source reference
stra reach poll now offset delay disper
**************************************************************************
[12345] 10.1.1.2 127.127.1.0
3 377 64 178 0.0 40.1 22.8
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured Total associations : 1
Table 1-1 Description
on the fields of the display ntp-service sessions command
|
Field
|
Description
|
|
source
|
IP address of the clock source
|
|
reference
|
Reference clock ID of the clock source
If the reference clock is the local
clock, the value of this field is related to the value of the stra
field: When the value of the stra field is 0 or 1, this field will be
“LOCL”; when the stra field has another value, this filed
will be the IP address of the local clock
If the reference clock is the clock of
another device on the network, the value of this field will be the IP address
of that device.
|
|
stra
|
Stratum level of the clock source
|
|
reach
|
Reachability count of the clock source. 0
indicates that the clock source in unreachable
|
|
poll
|
Poll interval, namely the maximum
interval between successive NTP messages.
|
|
now
|
The length of time in minutes from when
the last NTP message was received or when the local clock was last updated to
the current time
|
|
offset
|
The offset of the system clock relative
to the reference clock, in milliseconds
|
|
delay
|
the roundtrip delay from the local device
to the clock source, in milliseconds
|
|
disper
|
The maximum error of the local clock relative
to the reference source.
|
|
[12345]
|
1: Clock source selected by the system,
namely the current reference source, with a system clock stratum level of ≤ 15
2: Stratum level of this system source is
≤ 15
3: This clock source has passed the clock
selection process
4: This clock source is a candidate clock
source
5: This clock source was created by a
configuration command
|
|
Total associations
|
Total number of associations
|
When a device is
working in the NTP broadcast/multicast server mode, the display ntp-service
sessions command executed on the device will not display the NTP session
information corresponding to the broadcast/multicast server, but the sessions
will be counted in the total number of associations.
Syntax
display ntp-service status
View
Any view
Parameter
None
Description
Use the display ntp-service status
command to view the NTP service status information.
Example
# View the NTP service status information.
<Sysname> display ntp-service
status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^18
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan
1 1900(00000000.00000000)
Table 1-2 Description on the fields of the display ntp-service
status command
|
Field
|
Description
|
|
Clock
status
|
Status of
the system clock
|
|
Clock
stratum
|
Stratum
level of the local clock
|
|
Reference
clock ID
|
After the
system clock is synchronized to a remote time server or a local reference
source, this field indicates the address of the remote time server or the
identifier of the local clock source (when the local clock has a stratum
level of 1, the value of this field is “LOCL”; when the local
clock has another value, the value of this filed is the IP address of the
local clock)
|
|
Nominal frequency
|
The nominal frequency of the local system
hardware clock
|
|
Actual frequency
|
The actual frequency of the local system
hardware clock
|
|
Clock precision
|
The precision of the system clock.
|
|
Clock offset
|
The offset of the system clock relative
to the reference source
|
|
Root delay
|
The roundtrip delay from the local device
to the primary reference source
|
|
Root dispersion
|
The maximum error of the system clock
relative to the primary reference source.
|
|
Peer dispersion
|
The maximum error of the system clock
relative to the reference source
|
|
Reference time
|
Reference timestamp
|
1.1.3 display
ntp-service trace
Syntax
display ntp-service trace
View
Any view
Parameter
None
Description
Use the display ntp-service trace
command view the brief information of each NTP server along the NTP server
chain from the local device back to the primary reference source.
The display ntp-service trace
command is available only if the local device can ping through all the devices
on the NTP server chain; otherwise, this command will fail to display all the
NTP servers on the NTP chain due to timeout.
Example
# Display the brief information of each NTP
server from the local device back to the primary reference source.
<Sysname> display ntp-service
trace
server 127.0.0.1,stratum 2, offset
-0.013500, synch distance 0.03154
server 133.1.1.1,stratum 1, offset
-0.506500, synch distance 0.03429
refid LOCL
The information above shows an NTP server
chain for the server 127.0.0.1: The server 127.0.0.1 is synchronized to the
server 133.1.1.1 and the server 133.1.1.1 is synchronized to the local clock
source.
Table 1-3 Description
on the fields of the display ntp-service trace command
|
Field
|
Description
|
|
server
|
IP address of the NTP server
|
|
stratum
|
The stratum level of the corresponding
system clock
|
|
offset
|
The clock offset relative to the
upper-level clock
|
|
synch distance
|
The synchronization distance relative to
the upper-level clock
|
|
refid
|
Identifier of the primary reference
source. When the stratum level of the primary reference clock is 0, it is
displayed as LOCL; otherwise, it is displayed as the IP address of the
primary reference clock.
|
Syntax
ntp-service access { peer | query | server | synchronization
} acl-number
undo ntp-service access { peer | query | server | synchronization
}
View
System view
Parameter
peer:
Specifies to permit full access.
query:
Specifies to permit control query.
server:
Specifies to permit server access and query.
synchronization: Specifies to permit server access only.
acl-number:
ACL number, in the range of 2000 to 2999
Description
Use the ntp-service access command
to configure the NTP service access-control right to the local device.
Use the undo ntp-service access
command to remove the configured NTP service access-control right to the local
device.
By default, the local NTP service
access-control right is set to peer.
From the highest NTP service access-control
right to the lowest one are peer, server, synchronization,
and query. When a device receives an NTP request, it will perform an
access-control right match and will use the first matched right.
l
The ntp-service access command provides
only a minimum degree of security protection. A more secure method is identity
authentication.
l
Before specifying an ACL number in the ntp-service
access command, make sure you have already created and configured this ACL.
Example
# Configure devices on the subnet
10.10.0.0/16 to have the full access right to the local device.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit
source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ntp-service access peer 2001
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
View
System view
Parameter
None
Description
Use the ntp-service authentication
enable command to enable NTP authentication.
Use the undo ntp-service authentication
enable command to disable NTP authentication.
By default, NTP authentication is disabled.
Example
# Enable NTP authentication.
<Sysname> system-view
[Sysname] ntp-service authentication
enable
Syntax
ntp-service authentication-keyid keyid authentication-mode md5 value
undo ntp-service authentication-keyid keyid
View
System view
Parameter
keyid: Authentication
key ID, in the range of 1 to 4294967295.
authentication-mode md5: Specifies to use the MD5 algorithm for key
authentication.
value:
Authentication key, a string of 1 to 32 characters.
Description
Use the ntp-service authentication-keyid
command to set the NTP authentication key.
Use the undo ntp-service authentication-keyid
command to remove the set NTP authentication key.
By default, no NTP authentication key is
set.
Caution:
l
Presently H3C S5500-SI Series Ethernet Switches
support only the MD5 algorithm for key authentication.
l
You can set a maximum of 1,024 keys for each
device.
Example
# Set an MD5 authentication key, with the
key ID of 10 and key value of “BetterKey”.
<Sysname> system-view
[Sysname] ntp-service
authentication-keyid 10 authentication-mode md5 BetterKey
Syntax
ntp-service broadcast-client
undo ntp-service
broadcast-client
View
Interface view
Parameter
None
Description
Use the ntp-service broadcast-client
command to configure the device to work in the NTP broadcast client mode.
Use the undo ntp-service
broadcast-client command to remove the device as an NTP broadcast client.
Example
# Configure the device to work in the
broadcast client mode and receive NTP broadcast messages on VLAN interface 1.
<Sysname> system-view
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ntp-service
broadcast-client
1.1.8 ntp-service broadcast-server
Syntax
ntp-service broadcast-server [ authentication-keyid keyid | version number
] *
undo ntp-service
broadcast-server
View
Interface view
Parameter
authentication-keyid keyid: Specifies the key ID to be used
for sending broadcast messages to broadcast clients, where keyid is in
the range of 1 to 4294967295. This parameter is not meaningful if authentication
is not required.
version
number: Specifies the NTP version, where number
is in the range of 1 to 3 and defaults to 3.
Description
Use the ntp-service broadcast-server
command to configure the device to work in the NTP broadcast server mode.
Use the undo ntp-service
broadcast-server command to remove the device as an NTP broadcast server.
Example
# Configure the device to work in the
broadcast server mode and send NTP broadcast messages on VLAN interface 1,
using key 4 for encryption, and set the NTP version to 3.
<Sysname> system-view
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ntp-service
broadcast-server authentication-keyid 4 version 3
Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
View
System view
Parameter
number:
Maximum number of dynamic NTP sessions to be set up, in the range of 0 to 100.
Description
Use the ntp-service max-dynamic-sessions
command to set the maximum number of dynamic NTP sessions.
Use the undo ntp-service
max-dynamic-sessions command to restore the maximum number of dynamic NTP
sessions to the system default.
By default, the number is 100.
Example
# Set the maximum number of dynamic NTP
sessions to 50.
<Sysname> system-view
[Sysname] ntp-service max-dynamic-sessions
50
Syntax
ntp-service multicast-client
[ ip-address ]
undo ntp-service multicast-client [ ip-address ]
View
Interface view
Parameter
ip-address:
Multicast IP address.
Description
Use the ntp-service multicast-client command
to configure the device to work in the NTP multicast client mode.
Use the undo ntp-service
multicast-client command to remove the device as an NTP multicast client.
The multicast address defaults to
224.0.1.1.
Example
# Configure the device to work in the
multicast client mode and receive NTP multicast messages on VLAN 1, and set the
multicast address to 224.0.1.1.
<Sysname> system-view
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ntp-service
multicast-client 224.0.1.1
Syntax
ntp-service multicast-server
[ ip-address ] [ authentication-keyid keyid | ttl ttl-number
| version number ] *
undo ntp-service multicast-server [ ip-address ]
View
Interface view
Parameter
ip-address:
Multicast IP address, defaulting to 224.0.1.1.
authentication-keyid keyid: Specifies the key ID to be used
for sending multicast messages to multicast clients, where keyid is in
the range of 1 to 4294967295. This parameter is not meaningful if authentication
is not required.
ttl ttl-number: Specifies the TTL of NTP multicast messages, where ttl-number
is in the range of 1 to 255 and defaults to 16.
version
number: Specifies the NTP version, where number
is in the range of 1 to 3 and defaults to 3.
Description
Use the ntp-service multicast-server
command to configure the device to work in the NTP multicast server mode.
Use the undo ntp-service
multicast-server command to remove the device as an NTP multicast server.
Example
# Configure the device to work in the
multicast server mode and send NTP multicast messages on VLAN interface 1 to
the multicast address 224.0.1.1, using key 4 for encryption, and set the NTP
version to 3.
<Sysname> system-view
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ntp-service
multicast-server 224.0.1.1 version 3 authentication-keyid 4
Syntax
ntp-service reliable authentication-keyid keyid
undo ntp-service reliable
authentication-keyid keyid
View
System view
Parameter
keyid:
Authentication key number, in the range of 1 to 4294967295.
Description
Use the ntp-service reliable
authentication-keyid command to specify that the created authentication key
is a trusted key. When NTP authentication enabled, a client can be synchronized
only to a server that can provide a trusted authentication key.
Use the undo ntp-service reliable
authentication-keyid command to remove an authentication key as a trusted
key.
No authentication key is configured to be
trusted by default.
Example
# Enable NTP authentication, specify to use
MD5 encryption algorithm, with the key ID of 37 and key value of “BetterKey”,
and specify that this key is a trusted key.
<Sysname> system-view
[Sysname] ntp-service authentication
enable
[Sysname] ntp-service
authentication-keyid 37 authentication-mode md5 BetterKey
[Sysname] ntp-service reliable
authentication-keyid 37
Syntax
ntp-service source-interface interface-type interface-number
undo ntp-service source-interface
View
System view
Parameter
interface-type interface-number: Type and number of the interface to be used for sending NTP
messages.
Description
Use the ntp-service source-interface
command to specify an interface for sending NTP messages.
Use the undo ntp-service source-interface
command to remove the configured interface for sending NTP messages.
You can use this command to specify a
particular interface for sending all NTP messages. In this way, the IP address
of this interface will be used as the source address of all outgoing NTP
messages, and NTP response messages from other devices will use the IP address
of this interface (instead of any other interface) as the destination address.
Example
# Specify that all NTP messages are to be
sent out from VLAN interface 1.
<Sysname> system-view
[Sysname] ntp-service source-interface
Vlan-interface 1
Syntax
ntp-service in-interface disable
undo ntp-service in-interface disable
View
Interface view
Parameter
None
Description
Use the ntp-service in-interface disable
command to disable an interface from receiving NTP messages.
Use the undo ntp-service in-interface
disable command to enable an interface to receive NTP messages.
By default, all interfaces are enabled to
receive NTP messages.
Example
# Disable VLAN interface 1 from receiving NTP messages.
<Sysname> system-view
[Sysname] interface Vlan-interface 1
[Sysname-Vlan-interface1] ntp-service
in-interface disable
1.1.15 ntp-service unicast-peer
Syntax
ntp-service unicast-peer
{ ip-address | peer-name } [ authentication-keyid keyid
| priority | source-interface interface-type interface-number
| version number ] *
undo ntp-service
unicast-peer { ip-address | peer-name }
View
System view
Parameter
ip-address:
IP address of the symmetric-passive peer. It must be a host address, rather
than a broadcast address, a multicast address or the IP address of the local
clock.
peer-name:
Host name of the symmetric-passive peer, a string of 1 to 20 characters.
authentication-keyid keyid: Specifies the key ID to be used
for sending NTP messages to the peer, where keyid is in the range of 1
to 4294967295.
priority:
Specifies the peer designated by ip-address or peer-name as the
first choice.
source-interface interface-type interface-number:
Specifies an interface for sending NTP messages. In an NTP message the local
device sends to its peer, the source IP address is the IP address of this
interface.
version
number: Specifies the NTP version, where number
is in the range of 1 to 3 and defaults to 3.
Description
Use the ntp-service unicast-peer
command to designate a symmetric-passive peer for the device.
Use the undo ntp-service unicast-peer
command to remove the symmetric-passive peer designated for the device.
No symmetric-passive peer is designated for
the device by default.
The
symmetric-active and symmetric-passive peers must run the same version of NTP;
otherwise, time synchronization may fail.
Example
# Designate the device with the IP address
of 10.1.1.1 as the symmetric-passive peer of the device, and configure the
device to run NTP version 3, and send NTP messages through VLAN interface 1.
<Sysname> system-view
[Sysname] ntp-service unicast-peer
10.1.1.1 version 3 source-interface Vlan-interface 1
Syntax
ntp-service unicast-server
{ ip-address | server-name } [ authentication-keyid
keyid | priority | source-interface interface-type
interface-number | version number ] *
undo ntp-service
unicast-server { ip-address | server-name
}
View
System view
Parameter
ip-address:
IP address of the NTP server. It must be a host address, rather than a
broadcast address, a multicast address or the IP address of the local clock.
server-name:
Host name of the NTP server, a string of 1 to 20 characters.
authentication-keyid keyid: Specifies the key ID to be used
for sending NTP messages to the NTP server, where keyid is in the range
of 1 to 4294967295.
priority:
Specifies this NTP server as the first choice.
source-interface interface-type interface-number:
Specifies an interface for sending NTP messages. In an NTP message the local
device sends to the NTP server, the source IP address is the IP address of this
interface.
version
number: Specifies the NTP version, where number
is in the range of 1 to 3 and defaults to 3.
Description
Use the ntp-service unicast-server
command to designate an NTP server for the device.
Use the undo ntp-service unicast-server
command to remove an NTP server designated for the device.
No NTP server is designated for the device
by default.
The client and
server must run the same version of NTP; otherwise, time synchronization may
fail.
Example
# Designate the device with the IP address
of as 10.1.1.1 an NTP server for the device.
<Sysname> system-view
[Sysname] ntp-service unicast-server
10.1.1.1 version 3
