Table of Contents

Chapter 1 NTP Configuration Commands. 1-1

1.1 NTP Configuration Commands. 1-1

1.1.1 debugging ntp-service. 1-1

1.1.2 display ntp-service sessions. 1-8

1.1.3 display ntp-service status. 1-10

1.1.4 display ntp-service trace. 1-11

1.1.5 ntp-service access. 1-12

1.1.6 ntp-service authentication enable. 1-14

1.1.7 ntp-service authentication-keyid. 1-14

1.1.8 ntp-service broadcast-client 1-15

1.1.9 ntp-service broadcast-server 1-16

1.1.10 ntp-service in-interface disable. 1-17

1.1.11 ntp-service max-dynamic-sessions. 1-17

1.1.12 ntp-service multicast-client 1-18

1.1.13 ntp-service multicast-server 1-19

1.1.14 ntp-service refclock-master 1-20

1.1.15 ntp-service reliable authentication-keyid. 1-21

1.1.16 ntp-service source-interface. 1-21

1.1.17 ntp-service unicast-peer 1-22

1.1.18 ntp-service unicast-server 1-24

 

Chapter 1  NTP Configuration Commands

1.1  NTP Configuration Commands

1.1.1  debugging ntp-service

Syntax

debugging ntp-service { access | adjustment | all | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity }

undo debugging ntp-service { access | adjustment | all | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity }

View

User view

Default Level

1: Monitor level

Parameters

access: Enables debugging for NTP access control.

adjustment: Enables debugging for NTP clock adjustment.

all: Enables all NTP debugging.

authentication: Enables debugging for NTP authentication.

event: Enables debugging for NTP events.

filter: Enables debugging for NTP clock filtering.

packet: Enables debugging for NTP packets.

parameter: Enables debugging for NTP clock parameters.

refclock: Enables debugging for NTP reference clock.

selection: Enables debugging for NTP clock selection information.

synchronization: Enables debugging for NTP clock synchronization information.

validity: Enables debugging for NTP remote server validity.

Description

Use the debugging ntp-service command to enable the corresponding NTP debugging function(s).

Use the undo debugging ntp-service command to disable the corresponding NTP debugging function(s).

By default, all NTP debugging is disabled.

 

 

Table 1-1 debugging ntp-service adjustment command output description

Field	Description
NTP: gradual systime	Adjust system time by steps
NTP: step systime	Adjust system time in a single step
adj: string	Adjustment value of this time
residual: string	Residual value of last time
offset: string	Offset of single step adjustment

 

Table 1-2 debugging ntp-service authentication command output description

Field	Description
session_key	Session key
srcadr: string	Source IP address
dstadr: string	Destination IP address
keyid: string	Key ID
life: string	Life time of the key
auth_agekeys	State of the key life time
time: string	Current time of the key life time
trusted keynum: string	Number of trusted keys
expired keynum: string	Number of keys to be expired
Authentication keyID: string	Authentication key ID

 

Table 1-3 debugging ntp-service event command output description

Field	Description
NTP: control event	NTP control event
event: string	Event code
eventnum: string	Number of events
peer: string	IP address of the peer

 

Table 1-4 debugging ntp-service filter command output description

Field	Description
NTP: adj freq	Adjustment frequency
last clockoffset: string	Last clock offset
last drift_comp: string	Last frequency
new clockOffset: string	New clock offset
new drift_comp: string	New frequency
The offset string is larger than the value permitted, no adjustment.	Adjustment cannot be made, because the offset is larger than the value that can be adjusted.

 

Table 1-5 debugging ntp-service packet command output description

Field	Description
NTP: titleAndTip control packet from sourceIPAddress to DestIPAddress	titleAndTip: Title and prompt information sourceIPAddress: Source IP address of the control packet DestIPAddress: Destination IP address of the control packet
version: string	Protocol version in the control packet
r: string	Response bit in the control packet
e: string	Error bit in the control packet
m: string	Meet bit in the control packet
o: string	Operation code in the control packet
sequence: string	Sequence number in the control packet
status: string	Status word in the control packet
associationID: string	Association ID in the control packet
data: string	Data information in the control packet
authenticator: string	Message authenticator in the control packet
packet to string	Destination IP address of the packet sent
leap: string	Trap information in the packet
version: string	Protocol version in the packet
mode: string	Working mode in the packet
vrfindex: string	VPN index of the packets received or sent
stratum: string	Stratum in the packet
poll: string	Poll interval in the packet
precision: string	Precision in the packet
rdel: string	Root delay in the packet
rdsp: string	Root dispersion in the packet
refid: string	Reference clock identity  in the packet
reftime: string	Reference timestamp in the packet
orgtime: string	Originate timestamp in the packet
rectime: string	Receive timestamp in the packet
xmttime: string	Transmit timestamp in the packet
inptime: string	Input timestamp
packet from SourceIPAddress to DestIPAddress on InterfaceName	SourceIPAddress: Source IP address of the packet DestIPAddress: Destination IP address of the packet InterfaceName: Name of the interface that receives the packet

 

Table 1-6 debugging ntp-service parameter command output description

Field	Description
NTP: popcorn spike: string	Popcorn spike of the offset when calculating time sample
NTP: discard: string	A new time sample is discarded when the new time sample is smaller than or equals the select time sample. The lifetime of the dropped sample is displayed here.
clock_filter(PeerAddr, SampleOffset, SampleDelay, SampleDisp)	Peer IP address, time sample offset, time sample delay, and time sample dispersion in clock filtering
offset: string	Peer offset
delay: string	Peer delay
dispersion: string	Peer dispersion
std: string	Peer jitter

 

Table 1-7 debugging ntp-service refclock command output description

Field	Description
Report Event:	Reference clock event
Clock: string	Reference clock IP address
Event: string	Description on the clock event
Code: string	Clock event code
RefClock Transmit: At CurrentTime IPAddr	Reference clock transmits analog information. CurrentTime: Current system time IPAddr: IP address of the reference clock.
RefClock Sample:	Time sample of the reference clock
sampleNum: string	Number of samples
offset: string	Offset
disp: string	Dispersion
std: string	Jitter
RefClock Receive: At CurrentTime IPAddr	Reference clock receives analog information. CurrentTime: Current system time IPAddr: IP address of the reference clock

 

Table 1-8 debugging ntp-service selection command output description

Field	Description
nlist: string	Number of candidate clocks in the candidate clock list
allow: string	Number of allowed candidate clocks
found: string	Number of dropped candidate clocks
low: string	Lower threshold of the sample time difference
high: string	Upper threshold of the sample time difference
candidate: string	IP address of a candidate clock
cdist: string	Synchronization distance of a candidate clock
disp: string	Dispersion of a candidate clock
survivor: string	IP address of the survivor (the candidate clock that has passed the checks)
offset: string	Offset of the survivor
cdist: string	Dispersion of the survivor
syspeer: string	IP address of the system select clock source
offset: string	Offset of the system select clock source

 

Table 1-9 debugging ntp-service validity command output description

Field

Description

NTP: packet from SourceIPAddr, TestResult validity tests TestCode

SourceIPAddr: Source IP address of the packet TestResult: Test result, succeed or fail TestCode: Code of the test item Description of specific test item codes: l      0x0001: Receives the copied information l      0x0002: Receives forged information l      0x0004: The information is not synchronized. l      0x0008: The peer delay/dispersion is out of range. l      0x0010: Peer authentication fails. l      0x0020: Peer clock is not synchronized l      0x0040: Peer stratum is out of range. l      0x0080: Root delay/dispersion is out of range. l      0x0100: Peer is not authenticated. l      0x0200: Access is denied.

 

Examples

# Two network devices Sysname A and Sysname B:

l           The IP address of VLAN-interface 1 of Sysname A is 10.1.1.1.

l           The IP address of VLAN-interface 1 of Sysname B is 10.1.1.2.

l           There is a route between 10.1.1.1 and 10.1.1.2.

l           Sysname B uses local clock as the reference clock, with the stratum of 8.

l           Enable NTP packet debugging on Sysname A.

l           Sysname A is synchronized to Sysname B in the symmetric peers mode.

<SysnameA> debugging ntp-service packet

<SysnameA> terminal debugging

<SysnameA> terminal monitor

<SysnameA> system-view

[SysnameA] ntp-service unicast-peer 10.1.1.2

# After the above configuration, the following packet debugging information is displayed on Sysname A:

*0.91612291 Sysname A NTP/8/debug_NTP_packet_xmt:  

 packet to 10.1.1.2                                                      

 leap: 3, version: 3, mode: 3, vrfindex: 0                               

 stratum: 0, poll: 64, precision: 2**18                                 

 rdel: 0.000, rdsp: 0.000, refid: 0.0.0.0                                

 reftime: 03:43:57.233 UTC Jan 17 2001(BE0F937D.3BB2031C)                

 orgtime: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)                 

 rectime: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)                 

 xmttime: 03:48:34.289 UTC Jan 17 2001(BE0F9492.4A273929)                

// NTP module sends an NTP request to Sysname B, with the destination IP address being 10.1.1.2; the local clock trap bit (leap) is 3, local NTP version number is 3; working mode is 3; the VPN index of the packets sent is 0 (namely, the public network); local clock stratum is 0; the polling interval is 64 seconds, clock precision is the eighteenth power of 1/2 seconds; local delay is 0.000; root dispersion is 0.000; reference source ID is 0.0.0.0, which indicates there is no reference source; the follow-up information includes reference timestamp, originate timestamp, receive timestamp, and transmit timestamp respectively.

%Jan 17 03:48:34:320 2001 Sysname A NTP/5/NTP_LOG:                       

System leap changes from 3 to 0 after clock update.                       

%Jan 17 03:48:34:331 2001 Sysname A NTP/5/NTP_LOG:                       

System stratum changes from 16 to 9 after clock update. 

// Log information about system clock trap (leap) and stratum changes.

*0.91612341 Sysname A NTP/8/debug_NTP_packet_rcv: 

 packet from 10.1.1.2 to 10.1.1.1 on Vlan-interface1                   

 leap: 0, version: 3, mode: 4, vrfindex: 0                               

 stratum: 8, poll: 64, precision: 2**18                                 

 rdel: 0.000, rdsp: 10.941, refid: 127.127.1.0                           

 reftime: 03:48:08.827 UTC Jan 17 2001(BE0F9478.D3C69728)                

 orgtime: 03:48:34.289 UTC Jan 17 2001(BE0F9492.4A273929)                

 rectime: 03:48:34.287 UTC Jan 17 2001(BE0F9492.497A4617)                

 xmttime: 03:48:34.287 UTC Jan 17 2001(BE0F9492.49983947)                

 inptime: 03:48:34.302 UTC Jan 17 2001(BE0F9492.4D592D98)                

// Sysname A receives the NTP response from Sysname B. The IP address of VLAN-interface 1 of Sysname B is 10.1.1.2 and that of Sysname A is 10.1.1.1, and the packet ingress interface is VLAN-interface 1; Sysname B’s trap bit (leap) is 0, indicating that Sysname B is synchronized; Sysname B’s NTP version number is 3, working mode is 4, the VPN index corresponding to the packet egress interface is 0; the peer clock stratum is 8; the polling interval is 64 seconds; clock precision is the eighteenth power of 1/2 seconds, root delay is 0.000, root dispersion is 10.941, reference source ID is 127.127.1.0, which indicates the reference source is the local clock; the follow-up information includes reference timestamp, originate timestamp, receive timestamp, transmit timestamp, and the input timestamp (the timestamp when the packet is processed locally) respectively.

 

 

1.1.2  display ntp-service sessions

Syntax

display ntp-service sessions [ verbose ]

View

Any view

Default Level

1: Monitor level

Parameters

verbose: Displays the detailed information of all NTP sessions.

Description

Use the display ntp-service sessions command to view the information of all NTP sessions. Without the verbose keyword, this command displays only the brief information of all NTP service sessions.

Examples

# View the brief information of NTP service sessions.

<Sysname> display ntp-service sessions

source          reference      stra  reach   poll    now    offset delay disper

************************************************************************

[12345]1.1.1.1  127.127.1.0  3       377     64   178  0.0   40.1      22.8

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

Total associations :  1 

Table 1-10 display ntp-service sessions command output description

Field	Description
source	IP address of the clock source
reference	Reference clock ID of the clock source 1)        If the reference clock is the local clock, the value of this field is related to the value of the stra field: l      When the value of the stra field is 0 or 1, this field will be “LOCL”; l      When the stra field has another value, this filed will be the IP address of the local clock 2)        If the reference clock is the clock of another device on the network, the value of this field will be the IP address of that device.
stra	Stratum level of the clock source
reach	Reachability count of the clock source. 0 indicates that the clock source in unreachable
poll	Poll interval, namely the maximum interval between successive NTP messages.
now	The length of time from when the last NTP message was received or when the local clock was last updated to the current time The time is in second by default. If the time length is greater than 2048 seconds, it is displayed in minutes (m); if greater than 300 minutes, in hours (h); if greater than 96 hours, in days (d).
offset	The offset of the system clock relative to the reference clock, in milliseconds
delay	the roundtrip delay from the local device to the clock source, in milliseconds
disper	The maximum error of the system clock relative to the reference source.
[12345]	1: Clock source selected by the system, namely the current reference source, with a system clock stratum level of ≤ 15 2: Stratum level of this system source is ≤ 15 3: This clock source has passed the clock selection process 4: This clock source is a candidate clock source 5: This clock source was created by a configuration command
Total associations	Total number of associations

 

 

1.1.3  display ntp-service status

Syntax

display ntp-service status

View

Any view

Default Level

1: Monitor level

Parameters

None

Description

Use the display ntp-service status command to view the NTP service status information.

Examples

# View the NTP service status information.

<Sysname> display ntp-service status

Clock status: unsynchronized

 Clock stratum: 16

 Reference clock ID: none

 Nominal frequency: 100.0000 Hz

 Actual frequency: 100.0000 Hz

 Clock precision: 2^17

 Clock offset: 0.0000 ms

 Root delay: 0.00 ms

 Root dispersion: 0.00 ms

 Peer dispersion: 0.00 ms

 Reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)

Table 1-11 display ntp-service status command output description

Field	Description
Clock status	Status of the system clock
Clock stratum	Stratum level of the local clock
Reference clock ID	If the system clock is synchronized to a remote time server, this field indicates the address of the remote time server; if the system clock is synchronized to a local reference source, this field indicates the identifier of the local clock source: l      When the local clock has a stratum level of 1, the value of this field is “LOCL”; l      When the local clock has another value, the value of this filed is the IP address of the local clock.
Nominal frequency	The nominal frequency of the local system hardware clock
Actual frequency	The actual frequency of the local system hardware clock
Clock precision	The precision of the system clock.
Clock offset	The offset of the system clock relative to the NTP server
Root delay	The roundtrip delay from the local device to the primary reference clock
Root dispersion	The maximum error of the system clock relative to the primary reference clock.
Peer dispersion	The maximum error of the system clock relative to the reference clock
Reference time	Reference timestamp

 

1.1.4  display ntp-service trace

Syntax

display ntp-service trace

View

Any view

Default Level

1: Monitor level

Parameters

None

Description

Use the display ntp-service trace command view the brief information of each NTP server along the NTP server chain from the local device back to the primary reference source.

The display ntp-service trace command is available only if the local device can ping through all the devices on the NTP server chain; otherwise, this command will fail to display all the NTP servers on the NTP chain due to timeout.

Examples

<Sysname> display ntp-service trace

 server 127.0.0.1,stratum 2, offset -0.013500, synch distance 0.03154

 server 133.1.1.1,stratum 1, offset -0.506500, synch distance 0.03429

 refid LOCL

The information above shows an NTP server synchronization chain for the server 127.0.0.1: The server 127.0.0.1 is synchronized to the server 133.1.1.1, and the server 133.1.1.1 is synchronized to the local clock source.

Table 1-12 display ntp-service trace command output description

Field	Description
server	IP address of the NTP time server
stratum	The stratum of the corresponding local clock reference
offset	The clock offset relative to the upper-level clock reference
synch distance	The synchronization distance relative to the upper-level clock reference
refid	Identifier of the primary reference source. When the stratum level of the primary reference clock is 0, it is displayed as LOCL; otherwise, it is displayed as the IP address of the primary reference clock.

 

1.1.5  ntp-service access

Syntax

ntp-service access { peer | query | server | synchronization } acl-number

undo ntp-service access { peer | query | server | synchronization }

View

System view

Default Level

2: System level

Parameters

peer: Specifies to permit full access.

query: Specifies to permit control query.

server: Specifies to permit server access and query.

synchronization: Specifies to permit server access only.

acl-number: ACL number, in the range of 2000 to 2999

Description

Use the ntp-service access command to configure the NTP service access-control right to the local device.

Use the undo ntp-service access command to remove the configured NTP service access-control right to the local device.

By default, the local NTP service access-control right is set to peer.

From the highest NTP service access-control right to the lowest one are peer, server, synchronization, and query. When a device receives an NTP request, it will perform an access-control right match and will use the first matched right.

 

 

Examples

# Configure devices on the subnet 10.10.0.0/16 to have the full access right to the local device.

<Sysname> system-view

[Sysname] acl number 2001

[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-basic-2001] quit

[Sysname] ntp-service access peer 2001

1.1.6  ntp-service authentication enable

Syntax

ntp-service authentication enable

undo ntp-service authentication enable

View

System view

Default Level

2: System level

Parameters

None

Description

Use the ntp-service authentication enable command to enable NTP authentication.

Use the undo ntp-service authentication enable command to disable NTP authentication.

By default, NTP authentication is disabled.

Examples

# Enable NTP authentication.

<Sysname> system-view

[Sysname] ntp-service authentication enable

1.1.7  ntp-service authentication-keyid

Syntax

ntp-service authentication-keyid keyid authentication-mode md5 value

undo ntp-service authentication-keyid keyid

View

System view

Default Level

2: System level

Parameters

keyid: Authentication key ID.

authentication-mode md5 value: Specifies to use the MD5 algorithm for key authentication. value is the MD5 authentication key, a string of 1 to 32 characters.

Description

Use the ntp-service authentication-keyid command to set the NTP authentication key.

Use the undo ntp-service authentication-keyid command to remove the set NTP authentication key.

By default, no NTP authentication key is set.

 

 

Examples

# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey

1.1.8  ntp-service broadcast-client

Syntax

ntp-service broadcast-client

undo ntp-service broadcast-client

View

Interface view

Default Level

2: System level

Parameters

None

Description

Use the ntp-service broadcast-client command to configure the device to work in the NTP broadcast client mode.

Use the undo ntp-service broadcast-client command to remove the device as an NTP broadcast client.

Examples

# Configure the device to receive NTP broadcast messages on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-client

1.1.9  ntp-service broadcast-server

Syntax

ntp-service broadcast-server [ authentication-keyid keyid | version number ] *

undo ntp-service broadcast-server

View

Interface view

Default Level

2: System level

Parameters

authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients. This keyword and argument combination is not needed if authentication is not required.

version number: Specifies the NTP version, where number defaults to 3.

Description

Use the ntp-service broadcast-server command to configure the device to work in the NTP broadcast server mode.

Use the undo ntp-service broadcast-server command to remove the device as an NTP broadcast server.

Examples

# Configure the device to send NTP broadcast messages on VLAN-interface 1, using key 4 for encryption, and set the NTP version to 3.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-server authentication-keyid 4 version 3

1.1.10  ntp-service in-interface disable

Syntax

ntp-service in-interface disable

undo ntp-service in-interface disable

View

Interface view

Default Level

2: System level

Parameters

None

Description

Use the ntp-service in-interface disable command to disable an interface from receiving NTP messages.

Use the undo ntp-service in-interface disable command to restore the default.

By default, an interface is enabled to receive NTP messages.

Examples

# Disable VLAN-interface 1 from receiving NTP messages.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service in-interface disable

1.1.11  ntp-service max-dynamic-sessions

Syntax

ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

View

System view

Default Level

2: System level

Parameters

number: Maximum number of dynamic NTP sessions to be set up.

Description

Use the ntp-service max-dynamic-sessions command to set the maximum number of dynamic NTP sessions that allowed to be established locally.

Use the undo ntp-service max-dynamic-sessions command to restore the allowed maximum number of dynamic NTP sessions to the default.

By default, the number is 100.

Examples

# Set the maximum number of dynamic NTP sessions allowed to be established locally to 50.

<Sysname> system-view

[Sysname] ntp-service max-dynamic-sessions 50

1.1.12  ntp-service multicast-client

Syntax

ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

View

Interface view

Default Level

2: System level

Parameters

ip-address: Multicast IP address, which must be 224.0.1.1.

Description

Use the ntp-service multicast-client command to configure the device to work in the NTP multicast client mode.

Use the undo ntp-service multicast-client command to remove the device as an NTP multicast client.

Examples

# Configure the device to work in the multicast client mode and receive NTP multicast messages on VLAN-interface 1, and set the multicast address to 224.0.1.1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.1

1.1.13  ntp-service multicast-server

Syntax

ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *

undo ntp-service multicast-server [ ip-address ]

View

Interface view

Default Level

2: System level

Parameters

ip-address: Multicast IP address, which must be 224.0.1.1.

authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients. This keyword and argument combination is not needed if authentication is not required.

ttl ttl-number: Specifies the TTL of NTP multicast messages, where ttl-number defaults to 16.

version number: Specifies the NTP version, where number defaults to 3.

Description

Use the ntp-service multicast-server command to configure the device to work in the NTP multicast server mode.

Use the undo ntp-service multicast-server command to remove the device as an NTP multicast server.

Examples

# Configure the device to send NTP multicast messages on VLAN-interface 1 to the multicast address 224.0.1.1, using key 4 for encryption, and set the NTP version to 3.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-server 224.0.1.1 version 3 authentication-keyid 4

1.1.14  ntp-service refclock-master

Syntax

ntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]

View

System view

Default Level

2: System level

Parameters

ip-address: IP address of the local reference clock, which is 127.127.1.u, where u is the NTP process ID. If you do not specify ip-address, it defaults to 127.127.1.0.

stratum: Stratum level of the local clock. The default value of this argument is 8.

Description

Use the ntp-service refclock-master command to configure the local clock as a reference source for other devices.

Use the undo ntp-service refclock-master command to remove the local clock as a reference source.

 

 

Examples

# Specify the local clock as the NTP primary reference clock, with the stratum level of 3.

<Sysname> system-view

[Sysname] ntp-service refclock-master 3

1.1.15  ntp-service reliable authentication-keyid

Syntax

ntp-service reliable authentication-keyid keyid

undo ntp-service reliable authentication-keyid keyid

View

System view

Default Level

2: System level

Parameters

keyid: Authentication key number.

Description

Use the ntp-service reliable authentication-keyid command to specify that the authentication key is a trusted key. When NTP authentication enabled, a client can be synchronized only to a server that can provide the trusted authentication key.

Use the ntp-service reliable authentication-keyid command to cancel the configuration.

No trusted authentication key is configured by default.

Examples

# Enable NTP authentication, specify to use MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey, and specify that this key is a trusted key.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey

[Sysname] ntp-service reliable authentication-keyid 37

1.1.16  ntp-service source-interface

Syntax

ntp-service source-interface interface-type interface-number

undo ntp-service source-interface

View

System view

Default Level

2: System level

Parameters

interface-type interface-number: Interface type and interface number of the interface that sends the NTP messages.

Description

Use the ntp-service source-interface command to specify a local interface for sending NTP messages.

Use the undo ntp-service source-interface command to remove the configured interface for sending NTP messages.

You can use this command to specify a particular interface for sending all NTP messages. In this case, the source address in all NTP messages is the primary IP address of this interface, so that IP addresses of other interfaces will not be the destination IP addresses of the NTP response messages.

Examples

# Specify that all NTP messages are to be sent out from VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service source-interface vlan-interface 1

1.1.17  ntp-service unicast-peer

Syntax

ntp-service unicast-peer [ vpn-instance vpn-instance-name ] { ip-address | peer-name } [ authentication-keyid keyid | priority | source-interface interface-type interface-number | version number ] *

undo ntp-service unicast-peer [ vpn-instance vpn-instance-name ] { ip-address | server-name }

View

System view

Default Level

2: System level

Parameters

vpn-instance vpn-instance-name: Specifies a VPN instance by its name, where vpn-instance-name is a string of 1 to 31 characters.

ip-address: IP address of the symmetric-passive peer. It must be a host address, rather than a broadcast address, a multicast address or the IP address of the local clock.

peer-name: Host name of the symmetric-passive peer.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer.

priority: Specifies the peer designated by ip-address or peer-name as the first choice in case that multiple clocks that are allowed to be configured with this keyword meet the following conditions:

l           The clocks have passed the checks and enter the candidate clock list.

l           The clocks are with the same stratum.

source-interface interface-type interface-number: Specifies an interface for sending NTP messages. In an NTP message the local device sends to its peer, the source IP address is the primary IP address of this interface. interface-type interface-number is the interface type and interface number.

version number: Specifies the NTP version, where number defaults to 3.

Description

Use the ntp-service unicast-peer command to designate a symmetric-passive peer for the device.

Use the undo ntp-service unicast-peer command to remove the symmetric-passive peer designated for the device.

No symmetric-passive peer is designated for the device by default.

 

 

Examples

# Configure the local device to be synchronized to peer 128.108.22.44, and the peer also can be synchronized to the local device, and run NTPv3. Use the IP address of VLAN-interface 1 as the source IP address of the NTP messages.

<Sysname> system-view

[Sysname] ntp-service unicast-peer 128.108.22.44 version 3 source-interface vlan-interface 1

1.1.18  ntp-service unicast-server

Syntax

ntp-service unicast-server [ vpn-instance vpn-instance-name ] { ip-address | server-name } [ authentication-keyid keyid | priority | source-interface interface-type interface-number | version number  ] *

undo ntp-service unicast-server [ vpn-instance vpn-instance-name ] { ip-address | server-name }

View

System view

Default Level

2: System level

Parameters

vpn-instance vpn-instance-name: Specifies a VPN instance by its name.

ip-address: IP address of the NTP server. It must be a host address, rather than a broadcast address, a multicast address or the IP address of the local clock.

server-name: Host name of the NTP server.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server.

priority: Specifies the peer designated by ip-address or peer-name as the first choice in case that multiple clocks that are allowed to be configured with this keyword meet the following conditions:

l           The clocks have passed the checks and enter the candidate clock list.

l           The clocks are with the same stratum.

source-interface interface-type interface-number: Specifies an interface for sending NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. interface-type interface-number is the interface type and interface number.

version number: Specifies the NTP version, where number defaults to 3.

Description

Use the ntp-service unicast-server command to configure the NTP server for the local device. In this case, the local device acts as a client, and can be synchronized to the NTP server, but the NTP server cannot be synchronized to the local client.

Use the undo ntp-service unicast-server command to cancel the NTP server configuration.

No NTP server is configured for the local device by default.

 

 

Examples

# Configure the local device to be synchronized to the NTP server 128.108.22.44, and set the NTP version number to 3.

<Sysname> system-view

[Sysname] ntp-service unicast-server 128.108.22.44 version 3