Syntax
display ntp-service sessions [ verbose ]
View
Any view
Parameter
verbose:
Displays the detailed information about all the sessions maintained by the NTP
service. When you configure this command without the verbose parameter,
the Ethernet switch displays the brief information about all the sessions.
Description
Use the display
ntp-service sessions command to display the status
of all the sessions maintained by NTP service provided
by the local device.
Caution:
The sessions can be
created in all NTP operating modes except the NTP server mode.
Example
# Display the status of all the sessions
maintained by the NTP service.
<H3C> display ntp-service
sessions
source reference stra
reach poll now offset delay disper
********************************************************************
[12345]1.0.1.11 LOCAL(0) 3
377 64 16 -0.4 0.0 0.9
note: 1 source(master),2
source(peer),3 selected,4 candidate,5 configured
Syntax
display ntp-service status
View
Any view
Parameter
None
Description
Use the display
ntp-service status command to display the NTP service status.
Example
# Display the NTP service status
information.
<H3C> display ntp-service
status
Service status:enabled
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^18
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan
1 1900(00000000.00000000)
The following table describes the displayed
fields:
Table 1-1 NTP
service status information
|
Field
|
Meaning
|
|
Service status
|
NTP service status: enabled or disabled
|
|
Clock status: unsynchronized
|
Local clock status: is not synchronized
to any remote NTP server
|
|
Clock stratum
|
Indicates the NTP stratum of the local
clock
|
|
Reference clock ID
|
Indicates the address
of a remote server or the clock source ID when the local system is
synchronized with a remote NTP server or a clock source
|
|
Nominal frequency
|
Nominal frequency of the local system
hardware clock
|
|
Actual frequency
|
Actual frequency of the local system
hardware clock
|
|
Clock precision
|
Precision of the local clock
|
|
Clock offset
|
Time difference between Offset of the
local clock to the NTP server clock
|
|
Root delay
|
Total delay from local device to the master
reference clock
|
|
Root dispersion
|
Dispersion of the local clock relative to
the master reference clock
|
|
Peer dispersion
|
Dispersion of the remote NTP server
|
|
Reference time
|
Reference timestamp
|
Syntax
display ntp-service trace
View
Any view
Parameter
None
Description
Use the display ntp-service trace
command to display the brief information about every NTP server on the way from
the local device to the reference clock source.
Example
# Display the brief information about every
NTP server on the way from the local device to the master reference clock
source.
<H3C> display ntp-service trace
server 127.0.0.1,stratum 8, offset
0.000000, synch distance 0.00000
refid 127.127.1.0
Syntax
ntp-service access { query | synchronization | server | peer }
acl-number
undo ntp-service access { query | synchronization | server | peer }
View
System view
Parameter
query:
Allows to query the local NTP service only.
synchronization: Only allows the peer device to synchronize its clock to the local
device.
server:
Allows the peer device to perform synchronization and control query to the
local device but does not permit the local device to synchronize its clock to
the peer device.
peer: Full
access. This level of right permits the peer device to perform synchronization
and control query to the local device and also permits the local device to
synchronize its clock to the peer device.
acl-number:
The IP address access control list number, ranging from 2000 to 2999.
Description
Use the ntp-service access command
to set the right to access the local device service.
Use the undo ntp-service access
command to cancel the access authority settings.
By default, no right limit is configured.
Compared with authentication, setting the
right to access and control the NTP services is a basic and brief security
measure. From the highest NTP service access-control right to the lowest one
are peer, server, synchronization, and query. When
a device receives an NTP request, it will perform an access control right match
and will use first matched right.
Example
# Configure to permit the remote switch
defined in ACL 2000 to perform time synchronization request, query and
synchronization to the local device.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service access peer 2000
# Configure to permit the remote switch
defined in ACL 2000 to perform time synchronization request and query to the
local device.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service access
synchronization 2000
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
View
System view
Parameter
None
Description
Use the ntp-service
authentication enable command to enable the NTP-service authentication function.
Use the undo
ntp-service authentication enable command to
disable this function.
By default, the authentication is disabled.
Example
# Enable NTP authentication function.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service authentication
enable
Syntax
ntp-service authentication-keyid number authentication-mode md5 value
undo ntp-service authentication-keyid number
View
System view
Parameter
number:
Specifies the key number from 1 to 4,294,967,295.
value:
Specifies the value of the key with 1 to 32 ASCII characters.
Description
Use the ntp-service
authentication-keyid command to set an NTP authentication key.
Use the undo
ntp-service authentication-keyid command to cancel
the NTP authentication key.
By default, no authentication key is
configured.
Currently the system supports MD5
authentication only.
Example
# Set MD5 authentication key 10 as hello.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service
authentication-keyid 10 authentication-mode md5 hello
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
View
VLAN interface view
Parameter
None
Description
Use the ntp-service
broadcast-client command to configure NTP broadcast client mode.
Use the undo
ntp-service broadcast-client command to disable NTP broadcast client mode.
By default, the NTP
broadcast client mode is disabled.
Designate an interface on the local device
to receive NTP broadcast packets. The local device operates in broadcast client
mode. The local device listens to the broadcast packets from the server. When
it receives the first broadcast packet, it starts a brief client/server mode to
exchange messages with a remote server for estimating the network delay.
Thereafter, the local device enters broadcast client mode and continues
listening to the broadcast packets and synchronizes the local clock based on
the arrived broadcast packets.
Example
# Configure to receive NTP broadcast
packets through VLAN-interface 1.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface vlan-interface1
[H3C-Vlan-Interface1] ntp-service
broadcast-client
1.1.8 ntp-service broadcast-server
Syntax
ntp-service
broadcast-server [ authentication-keyid keyid
version number ]*
undo ntp-service broadcast-server
View
VLAN interface view
Parameter
authentication-keyid: Specifies an authentication key.
keyid: Key
ID used in broadcast, ranging from 1 to 4,294,967,295.
version:
Defines an NTP version number.
number: NTP version number, ranging from 1 to 3.
Description
Use the ntp-service broadcast-server command to
configure NTP broadcast server mode.
Use the undo
ntp-service broadcast-server command to disable the NTP broadcast server
mode.
By default, the broadcast service is
disabled. When no NTP version number is specified, the default version number
is 3.
Designate an interface on the local device
to broadcast NTP packets. The local device runs in broadcast-server mode and
regularly broadcasts packets to its clients.
Example
# Configure to broadcast NTP packets
through VLAN-interface 1. Encrypt them with Key 4 and set the NTP version
number to 3.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface vlan-interface1
[H3C-Vlan-Interface1] ntp-service
broadcast-server authentication-key 4 version 3
Syntax
ntp-service disable
undo ntp-service disable
View
System view
Parameter
None
Description
Use the ntp-service disable command
to disable the NTP service function.
Use undo ntp-service disable command
to enable this function.
By default, the NTP service is enabled.
Example
# Disable NTP service on the device.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service disable
Syntax
ntp-service in-interface disable
undo ntp-service in-interface disable
View
VLAN interface view
Parameter
None
Description
Use the ntp-service in-interface disable
command to disable an interface from receiving NTP messages.
Use the undo ntp-service in-interface
disable command to enable an interface to receive NTP messages.
By default, an interface is enabled to
receive NTP messages.
Example
# Disable VLAN-interface 1 from receiving
NTP message.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface vlan-interface1
[H3C-Vlan-Interface1] ntp-service
in-interface disable
Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
View
System view
Parameter
number: The
maximum number of sessions that can be created locally,
ranging from 0 to 100.
Description
Use the ntp-service max-dynamic-sessions
command to set the maximum number of dynamic sessions that can be created
locally.
Use the undo ntp-service
max-dynamic-sessions command to restore the default value.
By default, a local device allows up to 100
dynamic sessions.
Only the sessions
created in NTP peer mode, NTP broadcast client mode and
NTP multicast client mode are dynamic sessions. Other sessions are static sessions.
Example
# Set the local device to allow up to 50
sessions.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service
max-dynamic-sessions 50
Syntax
ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]
View
VLAN interface view
Parameter
ip-address:
Specifies a multicast IP address of Class D.
Description
Use the ntp-service
multicast-client command to configure the NTP multicast client mode.
Use the undo
ntp-service multicast-client command to disable the
NTP multicast client mode.
By default, the multicast client service is
disabled. ip-address defaults to 224.0.1.1.
Designate an interface on the local device
to receive NTP multicast packets. The local device operates in the multicast client
mode. The local device listens to the multicast packets from the server. When
it receives the first multicast packet, it starts a brief client/server mode to
exchange messages with a remote server for estimating the network delay.
Thereafter, the local device enters the multicast client mode and continues
listening to the multicast packets and synchronizes the local clock based on
the arrived multicast message.
Example
# Configure to receive NTP multicast
packets to the multicast group address of 224.0.1.1 through VLAN-interface1.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-Interface1] ntp-service
multicast-client 224.0.1.1
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid ]
[ ttl ttl-number ] [ version number ]*
undo ntp-service multicast-server [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Specifies a multicast IP address of Class D and default to 224.0.1.1.
authentication-keyid: Specifies an authentication key.
keyid: Key ID used in multicast, ranging from 1 to 4,294,967,295.
ttl: Defines
the time to live (TTL) of a multicast packet.
ttl-number:
Specify the TTL of a multicast packet, ranging from 1 to 255.
version:
Defines an NTP version number.
number:
Specifies an NTP version number, ranging from 1 to 3.
Description
Use the ntp-service multicast-server command to
configure NTP multicast server mode. If no IP address
is specified, the switch automatically chooses 224.0.1.1 as the multicast IP
address.
Use the undo
ntp-service multicast-server command to disable NTP multicast server
mode, if no IP address is specified, the switch will disable the configuration
of the multicast IP address 224.0.1.1.
By default, the multicast service is
disabled. IP address defaults to 224.0.1.1 and the
version number defaults to 3.
Designate an interface on the local device
to transmit NTP multicast packets. The local device operates in
multicast-server mode and multicasts packets regularly to its clients.
Example
# Configure to transmit NTP multicast
packets encrypted with Key 4 through VLAN-interface 1 at 224.0.1.1 and use NTP
version 3.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] interface vlan-interface 1
[H3C-Vlan-Interface1] ntp-service
multicast-server 224.0.1.1 authentication-keyid 4 version 3
Syntax
ntp-service refclock-master [ ip-address ] [ stratum ]
undo ntp-service refclock-master [ ip-address ]
View
System view
Parameter
ip-address:
Specifies the reference clock IP address as 127.127.1.u. Here, u ranges from 0
to 3.
stratum:
Specifies which stratum the local clock is located at. The value ranges from 1
to 15.
Description
Use the ntp-service refclock-master
command to configure an external reference clock or the local clock as an NTP
master clock.
Use the undo ntp-service refclock-master
command to cancel the NTP master clock settings.
By default, no NTP master clock is
configured. When ip-address is not specified, the local clock is set to
the NTP master clock by default. When stratum is not specified, the
local clock is located at stratum 8 by default.
You can use this command to designate an
external reference clock or the local clock as an NTP master clock to provide
synchronized time to other devices. ip-address specifies the IP address
of an external clock as 127.127.1.u. If no IP address is specified, the local
clock is configured as the NTP master clock by default. You can also specify
the stratum at which the NTP master clock is located.
Example
# Specify the local clock as the NTP master
clock to provide synchronized time for its peers and locate the master clock at
stratum 3.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service refclock-master 3
Syntax
ntp-service reliable
authentication-keyid number
undo ntp-service reliable
authentication-keyid number
View
System view
Parameter
number: Specifies
the key number, ranging from 1 to 4,294,967,295.
Description
Use the ntp-service reliable
authentication-keyid command to configure the key as a reliable key.
Use the undo ntp-service reliable
authentication-keyid command to cancel the current setting.
By default, no reliable key is configured.
When you enable the authentication, you can
use this command to configure one or more than one reliable keys. In this case,
a client only synchronizes to the server that provides reliable keys.
Example
# Enable NTP authentication, adopt MD5
encryption, and designate Key 37 BetterKey and configure it as a reliable key.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service authentication
enable
[H3C] ntp-service authentication-keyid
37 authentication-mode md5 BetterKey
[H3C] ntp-service reliable
authentication-keyid 37
Syntax
ntp-service source-interface interface-type interface-number
undo ntp-service source-interface
View
System view
Parameter
interface-type: Specifies an interface type. This parameter is used to specify an
interface together with the interface-number parameter.
interface-number: Specifies an interface number. This parameter is used to specify
an interface with the interface-type parameter.
Description
Use the ntp-service source-interface
command to designate an interface to transmit NTP messages.
Use the undo ntp-service
source-interface command to cancel the current setting.
By default, the source address depends on
the output interface.
You can use this command to designate an
interface of which the IP address will be the source IP address in all the NTP
packets sent by the local device so that the remote device sends the response
message to this interface only.
Example
# Configure all the outgoing NTP packets to
use the IP address of VLAN-interface1 as their source IP address.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service source-interface
Vlan-Interface 1
Syntax
ntp-service unicast-peer
{ ip-address | server-name } [ version number | authentication-key
keyid | source-interface interface-type interface-number |
priority ]*
undo ntp-service
unicast-peer { ip-address | server-name }
View
System view
Parameter
ip-address:
Specifies the IP address of a remote server.
server-name: Specifies the host name of an NTP server, containing 1 to 20
characters.
version:
Defines an NTP version number.
number: NTP
version number, ranging from 1 to 3.
authentication-keyid: Defines an authentication key.
keyid: Key
ID used for transmitting messages to a remote server, ranging from 1 to
4,294,967,295.
source-interface: Specifies an interface name.
interface-type: Specifies an interface type and determines an interface together
with the interface-number parameter.
interface-number: Specifies an interface number and determines an interface together
with the interface-type parameter.
priority:
Designates a server as the first choice.
Description
Use the ntp-service unicast-peer command to configure NTP peer mode.
Use the undo
ntp-service unicast-peer command to cancel NTP peer mode.
By default, no NTP peer mode is configured.
When you do not specify a version number, the default version number is 3. When
you do not specify authentication-keyid, authentication is disabled and the local server is not the first
choice.
This command sets the remote server at ip-address
as a peer of the local device, which operates in symmetric active mode. ip-address
specifies a host address other than a broadcast address, multicast address, or
the IP address of a reference clock. Under this
configuration, a local device can synchronize and be synchronized by a remote
server.
Example
# Configure the local device to synchronize
or to be synchronized by a peer at 128.108.22.44. Set the NTP version to 3. The IP address of the NTP packets is taken
from that of VLAN-interface 1.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service unicast-peer
131.108.22.33 version 3 source-interface Vlan-Interface 1
Syntax
ntp-service unicast-server
{ ip-address | server-name } [ version number | authentication-keyid
keyid | source-interface interface-type interface-number
| priority ]*
undo ntp-service
unicast-server { ip-address | server-name }
View
System view
Parameter
ip-address:
Specifies the IP address of a remote server.
server-name: Specifies the host name of an NTP server, containing 1 to 20
characters.
version:
Defines an NTP version number.
number: NTP
version number, ranging from 1 to 3.
authentication-keyid: Defines an authentication key.
keyid: Key
ID used for transmitting messages to a remote server, ranging from 1 to
4,294,967,295.
source-interface: Specifies an interface name.
interface-type: Specifies an interface type and determines an interface together
with the interface-number parameter.
interface-number: Specifies an interface number and determines an interface together
with the interface-type parameter.
priority:
Designates a server as the first choice.
Description
Use the ntp-service unicast-server command to configure NTP server mode. Use the undo ntp-service unicast-server command to disable NTP server mode.
By default, no NTP server mode is
configured. When you do not specify a version number, the default version
number is 3. When you do not specify authentication-keyid, authentication is disabled.
The command announces to use the remote
server at ip-address as the local time server. ip-address specifies a host address
other than a broadcast address, multicast address, or the IP address of a
reference clock. By operating in client mode, a local
device can be synchronized by a remote server, but not synchronize any remote
server.
Example
# Designate the server at 128.108.22.44 to
synchronize the local device and use NTP version 3.
<H3C> system-view
System View: return to User View with
Ctrl+Z.
[H3C] ntp-service unicast-server
128.108.22.44 version 3
