H3C S3100 Series Ethernet Switches Command Manual (For Soliton)(V1.02)

HomeSupportSwitchesH3C S3100 Switch SeriesReference GuidesCommand ReferencesH3C S3100 Series Ethernet Switches Command Manual (For Soliton)(V1.02)
27-NTP Commands
Title Size Download
27-NTP Commands 73.97 KB

Chapter 1  NTP Configuration Commands

 

&  Note:

To protect unused sockets against attacks by malicious users and improve security, H3C S3100 series Ethernet switches provide the following functions:

l      UDP port 123 is opened only when the NTP feature is enabled.

l      UDP port 123 is closed as the NTP feature is disabled.

These functions are implemented as follows:

l      Execution of one of the ntp-service unicast-server, ntp-service unicast-peer, ntp-service broadcast-client, ntp-service broadcast-server, ntp-service multicast-client, and ntp-service multicast-server commands enables the NTP feature and opens UDP port 123 at the same time.

l      Execution of the undo form of one of the above six commands disables all implementation modes of the NTP feature and closes UDP port 123 at the same time.

 

1.1  NTP Configuration Commands

1.1.1  display ntp-service sessions

Syntax

display ntp-service sessions [ verbose ]

View

Any view

Parameter

verbose: Displays the detailed information about all the sessions maintained by the NTP service. Without this keyword, the command displays the brief information about all the sessions.

Description

Use the display ntp-service sessions command to display the information about all the sessions maintained by local NTP services.

Example

# View the brief information of all sessions maintained by NTP services.

<Sysname> display ntp-service sessions

     source        reference       stra reach poll  now offset  delay disper

*************************************************************************

[12345]3.0.1.32    LOCL               1    95   64   42  -14.3   12.9    2.7

[25]3.0.1.31    127.127.1.0          2     1   64    1 4408.6   38.7    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

Total associations :  2

Table 1-1 Description on the fields of the display ntp-service sessions command

Field

Description

source

IP address of the synchronization source

reference

Reference clock ID of the synchronization source

1)        If the reference clock is the local clock, the value of this field is related to the value of the stra field:

l      When the value of the stra field is 0 or 1, this field will be “LOCL”;

l      When the stra field has another value, this filed will be the IP address of the local clock.

2)        If the reference clock is the clock of another switch on the network, the value of this field will be the IP address of that switch.

stra

Stratum of the clock of the synchronization source

reach

Reachability count of the clock source. 0 indicates that the clock source is unreachable

poll

Polling interval in seconds, that is, the maximum interval between two successive messages

now

Time elapsing since the last NTP packet is sent

offset

The offset of the system clock relative to the reference clock, in milliseconds

delay

Network delay, that is, the roundtrip delay from the local switch to the clock source, in milliseconds

disper

Maximum offset of the local clock relative to the reference clock

[12345]

1: Clock source selected by the system, namely the current reference source, with a system clock stratum level smaller than or equal to 15

2: Stratum level of this clock source is smaller than or equal to 15

3: This clock source has passed the clock selection process

4: This clock source is a candidate clock source

5: This clock source was created by a configuration command

Total associations

Total number of associations

 

  Caution:

An S3100 series switch does not establish a session with its client when it works in the NTP server mode, but does so when it works in other NTP implementation modes.

 

1.1.2  display ntp-service status

Syntax

display ntp-service status

View

Any view

Parameter

None

Description

Use the display ntp-service status command to display the status of NTP services.

Example

# View the status of the NTP service of the local switch.

<Sysname> display ntp-service status

 Clock status: synchronized

 Clock stratum: 4

 Reference clock ID: 1.1.1.11

 Nominal frequency: 100.0000 Hz

 Actual frequency: 100.0000 Hz

 Clock precision: 2^18

 Clock offset: 0.8174 ms

 Root delay: 37.86 ms

 Root dispersion: 45.98 ms

 Peer dispersion: 35.78 ms

 Reference time: 16:30:46.078 UTC Mar 29 2007(C9689FB6.1431593E) 

Table 1-2 Description on the fields of the display ntp-service status command

Field

Description

Clock status

Status of the local clock:

l      Synchronized

l      Unsynchronized

Clock stratum

Stratum of the local clock

Reference clock ID

Address of the remote server or ID of the reference clock after the local clock is synchronized to a remote NTP server or a reference clock

Nominal frequency

Nominal frequency of the local hardware clock, in Hz.

Actual frequency

Actual frequency of the local hardware clock, in Hz.

Clock precision

Precision of the local hardware clock

Clock offset

Offset of the local clock relative to the reference clock, in milliseconds.

Root delay

Roundtrip delay between the local clock and the primary reference clock source, in milliseconds.

Root dispersion

Maximum dispersion of the local clock relative to the primary reference clock, in milliseconds.

Peer dispersion

Maximum dispersion of the remote NTP server, in milliseconds.

Reference time

Reference timestamp

 

1.1.3  display ntp-service trace

Syntax

display ntp-service trace

View

Any view

Parameter

None

Description

Use the display ntp-service trace command to display the brief information of each NTP time server along the time synchronization chain from the local switch to the reference clock source.

Example

# View the brief information of each NTP time server along the time synchronization chain from the local switch to the reference clock source.

<Sysname> display ntp-service trace

 server 127.0.0.1,stratum 3, offset 0.018739, synch distance 0.04724

 server 172.1.2.3,stratum 2, offset 0.030714, synch distance 0.01094

 refid LOCL

The above information displays the time synchronization chain of server 127.0.0.1: server 172.0.0.1 is synchronized to server 172.1.2.3, and server 172.1.2.3 is synchronized to the local clock source.

Table 1-3 display ntp-service trace command output description

Field

Description

server

IP address of the NTP server

stratum

The stratum level of the corresponding system clock

offset

The clock offset relative to the upper-level clock, in milliseconds.

synch distance

The synchronization distance relative to the upper-level clock, in seconds

refid

Identifier of the primary reference source. When the stratum level of the primary reference clock is 0, it is displayed as LOCL; otherwise, it is displayed as the IP address of the primary reference clock.

 

1.1.4  ntp-service access

Syntax

ntp-service access { peer | server | synchronization | query } acl-number

undo ntp-service access { peer | server | synchronization | query }

View

System view

Parameter

query: Control query right. This level of right permits the peer device to perform control query to the NTP service on the local device but does not permit the peer device to synchronize its clock to the local device. The so-called “control query” refers to query of state of the NTP service, including alarm information, authentication status, clock source information, and so on.

synchronization: Synchronization right. This level of right permits the peer device to synchronize its clock to the local switch but does not permit the peer device to perform control query.

server: Server right. This level of right permits the peer device to perform synchronization and control query to the local switch but does not permit the local switch to synchronize its clock to the peer device.

peer: Peer right. This level of right permits the peer device to perform synchronization and control query to the local switch and also permits the local switch to synchronize its clock to the peer device.

acl-number: Basic access control list (ACL) number, in the range of 2000 to 2999.

Description

Use the ntp-service access command to set the access control right from the remote device to the local NTP server.

Use the undo ntp-service access command to remove the configured access control right to the local NTP server.

By default, the access control right from the remote device to the local NTP server is peer.

NTP service access-control rights from the highest to the lowest are peer, server, synchronization, and query. When a local NTP server receives an NTP request, it will perform an access-control right match and will use the first matched right.

The ntp-service access command only provides a minimal degree of security measure. A more secure way is to perform identity authentication.

Refer to the ntp-service authentication enable command for related configuration.

Example

# Configure the access right from the remote device in ACL 2076 to the local NTP server as peer.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service access peer 2076

# Configure the access right from the remote device in ACL 2028 to the local NTP server as server.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service access server 2028

1.1.5  ntp-service authentication enable

Syntax

ntp-service authentication enable

undo ntp-service authentication enable

View

System view

Parameter

None

Description

Use the ntp-service authentication enable command to enable the NTP authentication.

Use the undo ntp-service authentication enable command to disable the NTP authentication.

By default, the NTP authentication is disabled.

Refer to the ntp-service reliable authentication-keyid and ntp-service authentication-keyid commands for related configuration.

Example

# Enable the NTP authentication.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service authentication enable

1.1.6  ntp-service authentication-keyid

Syntax

ntp-service authentication-keyid key-id authentication-mode md5 value

undo ntp-service authentication-keyid key-id

View

System view

Parameter

key-id: Authentication key ID, in the range of 1 to 4294967295.

value: Authentication key, a string comprising 1 to 32 characters. Up to 1024 keys can be configured.

Description

Use the ntp-service authentication-keyid command to configure an NTP authentication key.

Use the undo ntp-service authentication-keyid command to remove an NTP authentication key.

By default, no NTP authentication key is configured.

Currently, the system only supports the message digest 5 (MD5) algorithm.

After configuring the NTP authentication key, you need to use the ntp-service reliable authentication-keyid command to specify the authentication key as a trusted key.

Related commands: ntp-service reliable authentication-keyid.

Example

# Configure an MD5 authentication key, with the key ID being 10 and the key being BetterKey.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey

1.1.7  ntp-service broadcast-client

Syntax

ntp-service broadcast-client

undo ntp-service broadcast-client

View

VLAN interface view

Parameter

None

Description

Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in the NTP broadcast client mode and receive NTP broadcast messages through the current interface.

Use the undo ntp-service broadcast-client command to remove the configuration.

By default, no switch operates in the broadcast client mode.

Example

# Configure the switch to operate in the broadcast client mode and receive NTP broadcast messages through Vlan-interface1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface1

[Sysname-Vlan-interface1] ntp-service broadcast-client

1.1.8  ntp-service broadcast-server

Syntax

ntp-service broadcast-server [ authentication-keyid key-id | version number ]*

undo ntp-service broadcast-server

View

VLAN interface view

Parameter

authentication-keyid key-id: Specifies the key ID used for sending messages to broadcast clients. The key-id argument ranges from 1 to 4294967295. You do not need to configure authentication-keyid key-id if authentication is not required.

version number: Specifies the NTP version number which ranges from 1 to 3. The default version number is 3.

Description

Use the ntp-service broadcast-server command to configure an Ethernet switch to operate in the NTP broadcast server mode and send NTP broadcast messages through the current interface.

Use the undo ntp-service broadcast-server command to remove the configuration.

By default, no Ethernet switch operates in the NTP broadcast server mode.

Example

# Configure the switch to send NTP broadcast messages through Vlan-interface1 and use authentication key 4 for encryption, and set the NTP version number to 3.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-server authentication-key 4 version 3

1.1.9  ntp-service in-interface disable

Syntax

ntp-service in-interface disable

undo ntp-service in-interface disable

View

VLAN interface view

Parameter

None

Description

Use the ntp-service in-interface disable command to disable the interface from receiving NTP messages.

Use the undo ntp-service in-interface disable command to restore the default.

By default, the interface can receive NTP messages.

Example

# Disable Vlan-interface1 from receiving NTP messages.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] ntp-service in-interface disable

1.1.10  ntp-service max-dynamic-sessions

Syntax

ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

View

System view

Parameter

number: Maximum number of the dynamic NTP sessions that can be established locally. This argument ranges from 0 to 100.

Description

Use the ntp-service max-dynamic-sessions command to set the maximum number of dynamic NTP sessions that can be established locally.

Use the undo ntp-service max-dynamic-sessions command to restore the default.

By default, up to 100 dynamic NTP sessions can be established locally.

Example

# Set the maximum number of dynamic NTP sessions that can be established locally to 50.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service max-dynamic-sessions 50

1.1.11  ntp-service multicast-client

Syntax

ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

View

VLAN interface view

Parameter

ip-address: Multicast IP address, in the range of 224.0.1.0 to 239.255.255.255. The default IP address is 224.0.1.1.

Description

Use the ntp-service multicast-client command to configure an Ethernet switch to operate in the NTP multicast client mode and receive NTP multicast messages through the current interface.

Use the undo ntp-service multicast-client command to remove the configuration.

By default, no Ethernet switch operates in the NTP multicast client mode.

Example

# Configure the switch to receive NTP multicast messages through Vlan-interface1, with the multicast IP address being 224.0.1.2.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.2

1.1.12  ntp-service multicast-server

Syntax

ntp-service multicast-server [ ip-address ] [ authentication-keyid key-id | ttl ttl-number | version number ]*

undo ntp-service multicast-server [ ip-address ]

View

VLAN interface view

Parameter

ip-address: Multicast IP address, in the range of 224.0.1.0 to 239.255.255.255. The default IP address is 224.0.1.1.

authentication-keyid key-id: Specifies the key ID used for sending messages to multicast clients. The key-id argument ranges from 1 to 4294967295.

ttl ttl-number: Defines the lifetime of multicast messages. The ttl-number argument ranges from 1 to 255 and defaults to 16.

version number: Specifies the NTP version number which ranges from 1 to 3 and defaults to 3.

Description

Use the ntp-service multicast-server command to configure an Ethernet switch to operate in the NTP multicast server mode and send NTP multicast messages through the current interface.

Use the undo ntp-service multicast-server command to remove the configuration.

By default, no Ethernet switch operates in multicast server mode.

Example

# Configure the switch to send NTP multicast messages through Vlan-interface1, and set the multicast group address to 224.0.1.2, keyid to 4, and the NTP version number to 2.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] interface Vlan-interface 1

[Sysname-Vlan-interface1]ntp-service multicast-server 224.0.1.2

authentication-keyid 4 version 2

1.1.13  ntp-service reliable authentication-keyid

Syntax

ntp-service reliable authentication-keyid key-id

undo ntp-service reliable authentication-keyid key-id

View

System view

Parameter

key-id: Authentication key ID, in the range of 1 to 4294967295.

Description

Use the ntp-service reliable authentication-keyid command to specify an authentication key as a trusted key.

Use the undo ntp-service reliable authentication-keyid command to remove the configuration.

By default, no trusted key is configured.

When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.

Related commands: ntp-service authentication-keyid.

Example

# Enable NTP authentication. The encryption algorithm is MD5, the key ID is 37, and the trusted key is abc.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 37 authentication-mode md5 abc

# Specify this key as a trusted key.

[Sysname] ntp-service reliable authentication-keyid 37

1.1.14  ntp-service source-interface

Syntax

ntp-service source-interface Vlan-interface vlan-id

undo ntp-service source-interface

View

System view

Parameter

vlan-interface vlan-id: Specifies an interface. The IP address of the interface serves as the source IP address of sent NTP messages. The vlan-id argument indicates the ID of the specified VLAN interface, ranging from 1 to 4094.

Description

Use the ntp-service source-interface command to specify a VLAN interface through which NTP messages are to be sent.

Use the undo ntp-service source-interface command to remove the configuration.

If you do not want the IP addresses of the other interfaces on the local switch to be the destination addresses of response messages, you can use this command to specify a specific interface to send all NTP packets. In this way, the IP address of the interface is the source IP address of all NTP messages sent by the local device.

Example

# Specify the source IP addresses of all sent NTP messages as the IP address of Vlan-interface1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service source-interface Vlan-interface 1

1.1.15  ntp-service unicast-peer

Syntax

ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*

undo ntp-service unicast-peer { remote-ip | peer-name }

View

System view

Parameter

remote-ip: IP address of the NTP symmetric-passive peer. This argument can be a unicast address only, and cannot be a broadcast address, a multicast address, or the IP address of the local reference clock.

peer-name: Symmetric-passive peer host name, a string comprising 1 to 20 characters.

authentication-keyid key-id: Specifies the key ID used for sending messages to the peer. The key-id argument ranges from 1 to 4294967295. By default, authentication is not enabled.

priority: Specifies the peer identified by the remote-ip argument as the preferred peer for synchronization.

source-interface Vlan-interface vlan-id: Specifies an interface whose IP address serves as the source IP address of NTP message sent to the peer. vlan-id is the VLAN interface number.

version number: Specifies the NTP version number. The version number ranges from 1 to 3 and defaults to 3.

Description

Use the ntp-service unicast-peer command to configure an Ethernet switch to operate in the symmetric-active peer mode.

Use the undo ntp-service unicast-peer command to remove the configuration.

By default, no NTP operate mode is configured.

 

&  Note:

If you use remote-ip or peer-name to specify a remote device as the peer of the local Ethernet switch, the local switch operates in the symmetric-active peer mode. In this case, the clock of local Ethernet switch and that of the remote device can be synchronized to each other.

 

Example

# Configure the local switch to obtain time information from the peer with the IP address 128.108.22.44 and also to provide time information to the peer. Set the NTP version number to 3. The source IP address of NTP messages is the IP address of Vlan- interface1.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service unicast-peer 128.108.22.44 version 3 source-interface Vlan-interface 1

1.1.16  ntp-service unicast-server

Syntax

ntp-service unicast-server { remote-ip | server-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*

undo ntp-service unicast-server { remote-ip | server-name }

View

System view

Parameter

remote-ip: IP address of an NTP server. This argument can be a unicast address only, and cannot be a broadcast address, multicast group address, or IP address of the local clock.

server-name: NTP server name, a string comprising 1 to 20 characters.

authentication-keyid key-id: Specifies the key ID used for sending messages to the NTP server. The key-id argument ranges from 1 to 4294967295. You do not need to configure authentication-keyid key-id if authentication is not required.

priority: Specifies the server identified by the remote-ip or the server-name argument as the preferred server.

source-interface Vlan-interface vlan-id: Specifies an interface whose IP address serves as the source IP address of NTP packets sent by the local switch to the server.

version number: Specifies the NTP version number. The number argument ranges from 1 to 3 and defaults to 3.

Description

Use the ntp-service unicast-server command to configure an Ethernet switch to operate in the NTP client mode.

Use the undo ntp-service unicast-server command to remove the configuration.

By default, no Ethernet switch operates in the NTP client mode.

 

&  Note:

The remote server specified by remote-ip or server-name serves as the NTP server, and the local switch serves as the NTP client. The clock of the NTP client will be synchronized by but will not synchronize that of the NTP server.

 

Example

# Configure the local switch to be synchronized to the NTP server with the IP address 128.108.22.44, and set the version number to 3.

<Sysname> system-view

System View: return to User View with Ctrl+Z.

[Sysname] ntp-service unicast-server 128.108.22.44 version 3

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网