- Table of Contents
-
- H3C S3100-52P Ethernet Switch Command Manual-Release 1500(V1.01)
- 00-1Cover
- 01-CLI Command
- 02-Login Command
- 03-Configuration File Management Command
- 04-VLAN Command
- 05-IP Address and Performance Confiugration Command
- 07-GVRP Command
- 08-Port Basic Configuration Command
- 09-Link Aggregation Command
- 10-Port Isolation Command
- 11-DLDP Command
- 12-MAC Address Table Command
- 13-MSTP Command
- 14-Multicast Command
- 15-Routing Protocol Command
- 16-802.1x Command
- 17-AAA-RADIUS-HWTACACS Command
- 18-Centralized MAC Address Authentication Command
- 19-DHCP Command
- 20-ARP Command
- 21-ACL Command
- 22-QoS Command
- 23-Mirroring Command
- 24-Cluster Command
- 25-SNMP and RMON Command
- 26-NTP Command
- 27-SSH Terminal Service Command
- 28-File System Management Command
- 29-FTP and TFTP Command
- 30-Information Center Command
- 31-System Maintenance and Debugging Command
- 32-VLAN VPN Command
- 33-HWPing Command
- 34-DNS Command
- 35-Appendix
- Related Documents
-
Title | Size | Download |
---|---|---|
26-NTP Command | 97 KB |
Chapter 1 NTP Configuration Commands
1.1 NTP Configuration Commands
1.1.1 display ntp-service sessions.
1.1.2 display ntp-service status
1.1.3 display ntp-service trace
1.1.5 ntp-service authentication enable
1.1.6 ntp-service authentication-keyid.
1.1.7 ntp-service broadcast-client
1.1.8 ntp-service broadcast-server
1.1.9 ntp-service in-interface disable.
1.1.10 ntp-service max-dynamic-sessions.
1.1.11 ntp-service multicast-client
1.1.12 ntp-service multicast-server
1.1.13 ntp-service reliable authentication-keyid
1.1.14 ntp-service source-interface
1.1.15 ntp-service unicast-peer
1.1.16 ntp-service unicast-server
Chapter 1 NTP Configuration Commands
& Note:
To protect unused sockets against attacks by malicious users and improve security, S3100-52P Ethernet switch provide the following functions:
l UDP port 123 is opened only when the NTP feature is enabled.
l UDP port 123 is closed as the NTP feature is disabled.
These functions are implemented as follows:
l Execute one of ntp-service unicast-server, ntp-service unicast-peer, ntp-service broadcast-client, ntp-service broadcast-server, ntp-service multicast-client, and ntp-service multicast-server commands to enable the NTP feature and open UDP port 123 at the same time.
l Use the undo form of one of the above six commands to disable all implementation modes of the NTP feature and close UDP port 123 at the same time.
1.1 NTP Configuration Commands
1.1.1 display ntp-service sessions
Syntax
display ntp-service sessions [ verbose ]
View
Any view
Parameter
verbose: Displays detailed NTP session information.
Description
Use the display ntp-service sessions command to display the information about all the sessions maintained by local NTP services.
If you do not specify the verbose keyword, the brief information about all the sessions is displayed.
Caution:
An S3100-52P Ethernet switch attempts to establish a connection in all NTP implementation modes except the NTP server mode.
Example
# View the status of all sessions maintained by NTP services.
<H3C> display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************
[12345]1.1.1.1 127.127.1.0 3 377 512 178 0.0 40.1 22.8
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
Table 1-1 Description on the fields of the display ntp-service sessions command
Field |
Description |
source |
IP address of the synchronization source |
reference |
Reference clock ID of the synchronization source |
stra |
Stratum of the clock of the synchronization source |
reach |
Indicates whether or not the synchronization source is reachable. |
poll |
Polling interval in seconds, that is, the maximum interval between two successive messages |
now |
Time elapsing since the last NTP packet is sent |
offset |
Clock offset |
delay |
Network delay |
disper |
Maximum offset of the local clock relative to the reference clock |
1.1.2 display ntp-service status
Syntax
display ntp-service status
View
Any view
Parameter
None
Description
Use the display ntp-service status command to display the status of NTP services.
Example
# View the status of the local NTP service.
<H3C> display ntp-service status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Table 1-2 Description on fields of the display ntp-service status command
Field |
Description |
Clock status |
Status of the local clock |
Clock stratum |
Stratum of the local clock |
Reference clock ID |
Address of the remote server or ID of the reference clock after the local system is synchronized to a remote NTP server or a reference clock |
Nominal frequency |
Nominal frequency of the local clock |
Actual frequency |
Actual frequency of the local clock |
Clock precision |
Precision of the local clock |
Clock offset |
Offset of the local clock relative to the NTP server |
Root delay |
Roundtrip delay between the local clock and the primary reference clock |
Root dispersion |
Maximum dispersion of the local clock relative to the primary reference clock |
Peer dispersion |
Maximum dispersion of the remote NTP server |
Reference time |
Reference timestamp |
1.1.3 display ntp-service trace
Syntax
display ntp-service trace
View
Any view
Parameter
None
Description
Use the display ntp-service trace command to display the brief information of each NTP time server along the time synchronization chain from the local device to the reference clock source.
Example
# View the brief information of each NTP time server along the time synchronization chain from the local device to the reference clock source.
<H3C> display ntp-service trace
server4: stratum 4, offset 0.0019529, synch distance 0.144135
server3: stratum 3, offset 0.0124263, synch distance 0.115784
server2: stratum 2, offset 0.0019298, synch distance 0.011993
server1: stratum 1, offset 0.0019298, synch distance 0.011993 refid 'GPS Reciever'
The above information displays the time synchronization chain of server4: serve4 is synchronized to server3, server3 to server2, server2 to server1, and server1 to the reference clock source GPS receiver.
1.1.4 ntp-service access
Syntax
ntp-service access { peer | server | synchronization | query } acl-number
undo ntp-service access { peer | server | synchronization | query }
View
System view
Parameter
peer: Allows time request and query on the local NTP server. The local clock can also be synchronized to the remote server.
server: Allows time request and query on the local NTP server. The local clock cannot be synchronized to the remote server.
synchronization: Allows only time request on the local NTP server.
query: Allows only query on the local NTP server.
acl-number: Basic access control list (ACL) number, in the range of 2000 to 2999.
Description
Use the ntp-service access command to set the access control right to the local NTP server.
Use the undo ntp-service access command to remove the configured access control right to the local NTP server.
By default, the access control right to the local NTP server is peer.
The ntp-service access command only provides a minimal degree of security measure. A more secure way is to perform identity authentication.
The right of a received access request is matched from the highest to the lowest in order of peer, server, synchronization, and query.
Example
# Configure the peer in ACL 2076 to have the full access right to the local NTP server, including time request, query control, and time synchronization.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service access peer 2076
# Configure the peer in ACL 2028 to have the right to access and query the local NTP server.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service access server 2028
1.1.5 ntp-service authentication enable
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
View
System view
Parameter
None
Description
Use the ntp-service authentication enable command to enable the NTP authentication.
Use the undo ntp-service authentication enable command to disable the NTP authentication.
By default, the NTP authentication is disabled.
Example
# Enable the NTP authentication.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service authentication enable
1.1.6 ntp-service authentication-keyid
Syntax
ntp-service authentication-keyid key-id authentication-mode md5 value
undo ntp-service authentication-keyid key-id
View
System view
Parameter
key-id: Authentication key ID, in the range of 1 to 4294967295.
value: Authentication key, a string comprising 1 to 32 characters. Up to 1024 keys can be configured.
Description
Use the ntp-service authentication-keyid command to configure an NTP authentication key.
Use the ntp-service authentication-keyid command to remove an NTP authentication key.
By default, no NTP authentication key is configured.
Currently, the system only supports the message digest 5 (MD5) algorithm.
Example
# Configure an MD5 authentication key, with the key ID being 10 and the key being BetterKey.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey
1.1.7 ntp-service broadcast-client
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
View
VLAN interface view
Parameter
None
Description
Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in the NTP broadcast client mode and receive NTP broadcast messages through the current interface.
Use the undo ntp-service broadcast-client command to remove the configuration.
By default, no switch operates in the broadcast client mode.
Example
# Configure the switch to operate in the broadcast client mode and receive NTP broadcast messages through Vlan-interface1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface1
[H3C-Vlan-interface1] ntp-service broadcast-client
1.1.8 ntp-service broadcast-server
Syntax
ntp-service broadcast-server [ authentication-keyid key-id | version number ]*
undo ntp-service broadcast-server
View
VLAN interface view
Parameter
authentication-keyid key-id: Specifies the key ID used for sending messages to broadcast clients. The key-id argument ranges from 1 to 4294967295. You do not need to configure authentication-keyid key-id if authentication is not required.
version number: Specifies the NTP version number which ranges from 1 to 3. The default version number is 3.
Description
Use the ntp-service broadcast-server command to configure an Ethernet switch to operate in the NTP broadcast server mode and send NTP broadcast messages through the current interface.
Use the undo ntp-service broadcast-server command to remove the configuration.
By default, no Ethernet switch operates in the NTP broadcast server mode.
Example
# Configure the switch to send NTP broadcast messages through Vlan-interface1 and use authentication key 4 for encryption, and set the NTP version number to 3.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 1
[H3C-Vlan-interface1] ntp-service broadcast-server authentication-key 4 version 3
1.1.9 ntp-service in-interface disable
ntp-service in-interface disable
undo ntp-service in-interface disable
View
VLAN interface view
Parameter
None
Description
Use the ntp-service in-interface disable command to disable the interface from receiving NTP messages.
Use the undo ntp-service in-interface disable command to enable the interface to receive NTP messages.
By default, the interface can receive NTP messages.
Example
# Disable Vlan-interface1 from receiving NTP messages.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 1
[H3C-Vlan-interface1] ntp-service in-interface disable
1.1.10 ntp-service max-dynamic-sessions
Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
View
System view
Parameter
number: Maximum number of the NTP sessions that can be established locally. This argument ranges from 0 to 100.
Description
Use the ntp-service max-dynamic-sessions command to set the maximum number of NTP sessions that can be established locally.
Use the undo ntp-service max-dynamic-sessions command to restore the default.
By default, up to 100 dynamic NTP sessions can be established locally.
Example
# Set the maximum number of dynamic NTP sessions that can be established locally to 50.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service max-dynamic-sessions 50
1.1.11 ntp-service multicast-client
Syntax
ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Multicast IP address, in the range of 224.0.1.1 to 224.0.1.255. The default IP address is 224.0.1.1.
Description
Use the ntp-service multicast-client command to configure an Ethernet switch to operate in the NTP multicast client mode and receive NTP multicast messages through the current interface.
Use the undo ntp-service multicast-client command to remove the configuration.
By default, no Ethernet switch operates in the NTP multicast client mode.
Example
# Configure the switch to receive NTP multicast messages through Vlan-interface1, with the multicast IP address being 224.0.1.1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 1
[H3C-Vlan-interface1] ntp-service multicast-client 224.0.1.1
1.1.12 ntp-service multicast-server
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id | ttl ttl-number | version number ]*
undo ntp-service multicast-server [ ip-address ]
View
VLAN interface view
Parameter
ip-address: Multicast IP address, which defaults to 224.0.1.1.
authentication-keyid key-id: Specifies the key ID used for sending messages to multicast clients. The key-id argument ranges from 1 to 4294967295.
ttl ttl-number: Defines the lifetime of multicast messages. The ttl-number argument ranges from 1 to 255 and defaults to 16.
version number: Specifies the NTP version number which ranges from 1 to 3 and defaults to 3.
Description
Use the ntp-service multicast-server command to configure an Ethernet switch to operate in the NTP multicast server mode and send NTP multicast messages through the current interface.
Use the undo ntp-service multicast-server command to remove the configuration.
By default, no Ethernet switch operates in multicast server mode.
Example
# Configure the switch to send NTP multicast messages through Vlan-interface1, and set the multicast group address to 224.0.1.1, keyid to 4, and the NTP version number to 3.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface Vlan-interface 1
[H3C-Vlan-interface1]ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
1.1.13 ntp-service reliable authentication-keyid
Syntax
ntp-service reliable authentication-keyid key-id
undo ntp-service reliable authentication-keyid key-id
View
System view
Parameter
key-id: Authentication key ID, in the range of 1 to 4294967295.
Description
Use the ntp-service reliable authentication-keyid command to specify an authentication key as a trusted key.
If authentication is enabled, a client can only be synchronized to a server that can provide a trusted key.
Use the undo ntp-service reliable authentication-keyid command to remove the configuration.
By default, no trusted authentication key is configured.
Example
# Enable NTP authentication. The encryption algorithm is MD5, the key ID is 37, and the trusted key is BetterKey.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service authentication enable
[H3C] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey
[H3C] ntp-service reliable authentication-keyid 37
1.1.14 ntp-service source-interface
Syntax
ntp-service source-interface Vlan-interface vlan-id
undo ntp-service source-interface
View
System view
Parameter
Vlan-interface vlan-id: Specifies an interface. The IP address of the interface serves as the source IP address of sent NTP messages. The vlan-id argument indicates the ID of the specified VLAN interface, ranging from 1 to 4094.
Description
Use the ntp-service source-interface command to specify a VLAN interface through which NTP messages are to be sent.
Use the undo ntp-service source-interface command to remove the configuration.
If you do not want the IP addresses of the other interfaces on the local device to be the destination addresses of response messages, you can use this command to specify a specific interface to send all NTP packets. In this way, the IP address of the interface is the source IP address of all NTP messages sent by the local device.
Example
# Specify the source IP addresses of all sent NTP messages as the IP address of Vla-interface1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service source-interface Vlan-interface 1
1.1.15 ntp-service unicast-peer
Syntax
ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*
undo ntp-service unicast-peer { remote-ip | peer-name }
View
System view
Parameter
remote-ip: IP address of the NTP peer. This argument cannot be a broadcast address, a multicast address, or the IP address of the local reference clock.
peer-name: Peer host name, a string comprising 1 to 20 characters.
authentication-keyid key-id: Specifies the key ID used for sending messages to the peer. The key-id argument ranges from 1 to 4294967295. You do not need to configure authentication-keyid key-id if authentication is not required.
priority: Specifies the peer identified by the remote-ip argument as the preferred peer for synchronization.
source-interface Vlan-interface vlan-id: Specifies an interface whose IP address serves as the source IP address of NTP message sent to the peer.
version number: Specifies the NTP version number. The version number ranges from 1 to 3 and defaults to 3.
Description
Use the ntp-service unicast-peer command to configure an Ethernet switch to be an active NTP peer.
Use the undo ntp-service unicast-peer command to remove the configuration.
By default, the local Ethernet switch is not configured as an active NTP peer.
& Note:
If you use remote-ip to specify a remote server as the peer of the local Ethernet switch, the local switch operates in the active peer mode. In this case, the local Ethernet switch and the remote server can be synchronized to each other.
Example
# Configure the local peer to obtain time information from the peer with the IP address 128.108.22.44 and also to provide time information to the remote peer. Set the NTP version number to 3. The source IP address of NTP messages is the IP address of Vlan- interface1.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service unicast-peer 128.108.22.44 version 3 source-interface Vlan-interface 1
1.1.16 ntp-service unicast-server
Syntax
ntp-service unicast-server { remote-ip | server-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*
undo ntp-service unicast-server { remote-ip | server-name }
View
System view
Parameter
remote-ip: IP address of an NTP server. This argument cannot be a broadcast address, multicast group address, or IP address of a reference clock.
server-name: NTP server name, a string comprising 1 to 20 characters.
authentication-keyid key-id: Specifies the key ID used for sending messages to the NTP server. The key-id argument ranges from 1 to 4294967295. You do not need to configure authentication-keyid key-id if authentication is not required.
priority: Specifies the server identified by the remote-ip or the server-name argument as the preferred server.
source-interface Vlan-interface vlan-id: Specifies an interface whose IP address serves as the source IP address of NTP packets sent by the local device to the server.
version number: Specifies the NTP version number. The number argument ranges from 1 to 3 and defaults to 3.
Description
Use the ntp-service unicast-server command to configure an Ethernet switch to operate in the NTP client mode.
Use the undo ntp-service unicast-server command to remove the configuration.
By default, no Ethernet switch operates in the NTP client mode.
& Note:
The remote server specified by remote-ip serves as the NTP server and the local Ethernet switch serves as the NTP client. The client can be synchronized to the server while the server cannot be synchronized to the client.
Example
# Configure the local device to be synchronized to the NTP server with the IP address 128.108.22.44, and set the version number to 3.
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] ntp-service unicast-server 128.108.22.44 version 3