Login
| Title | Size | Download |
|---|---|---|
| 02-NTP Commands | 82.54 KB |
Table of Contents
ntp-service authentication enable
ntp-service authentication-keyid·
ntp-service in-interface disable·
ntp-service max-dynamic-sessions·
ntp-service reliable authentication-keyid·
l Support of the H3C WA series WLAN access points (APs) for commands may vary by AP model. For more information, see Feature Matrix.
l The interface types and the number of interfaces vary by AP model.
l The models listed in this document are not applicable to all regions. Please consult your local sales office for the models applicable to your region.
NTP Configuration Commands
display ntp-service sessions
Syntax
display ntp-service sessions [ verbose ]
View
Any view
Default Level
1: Monitor level
Parameters
verbose: Displays the detailed information of all NTP sessions. If you do not specify this keyword, only the brief information of the NTP sessions will be displayed.
Description
Use the display ntp-service sessions command to view the information of all NTP sessions.
Examples
# View the brief information of NTP service sessions.
<Sysname> display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************************
[12345]127.127.1.0 127.127.1.0 3 1 64 33 0.0 0.0 0.0
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
Total associations : 1
Table 1-1 display ntp-service sessions command output description
|
Field |
Description |
|
source |
IP address of the clock source |
|
reference |
Reference clock ID of the clock source 1) If the reference clock is the local clock, the value of this field is related to the value of the stra field: l When the value of the stra field is 0 or 1, this field will be “LOCL”; l When the stra field has another value, this filed will be the IP address of the local clock. 2) If the reference clock is the clock of another AP on the network, the value of this field will be the IP address of that AP. |
|
stra |
Stratum level of the clock source, which determines the clock precision. The value range is 1 to 16. The clock precision decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock. |
|
reach |
Reachability count of the clock source. 0 indicates that the clock source in unreachable. |
|
poll |
Poll interval, namely, the maximum interval between successive NTP messages. |
|
now |
The length of time in minutes from when the last NTP message was received or when the local clock was last updated to the current time The time is in second by default. If the time length is greater than 2048 seconds, it is displayed in minute; if greater than 300 minutes, in hour; if greater than 96 hours, in day. |
|
offset |
The offset of the system clock relative to the reference clock, in milliseconds |
|
delay |
the roundtrip delay from the local AP to the clock source, in milliseconds |
|
disper |
The maximum error of the system clock relative to the reference source. |
|
[12345] |
1: Clock source selected by the system, namely, the current reference source, with a system clock stratum level less than or equal to 15. 2: Stratum level of this system source is less than or equal to 15. 3: This clock source has passed the clock selection process. 4: This clock source is a candidate clock source. 5: This clock source was created by a configuration command. |
|
Total associations |
Total number of associations |
# View the detailed information of all NTP sessions.
<Sysname> display ntp-service sessions verbose
clock source: 127.127.1.0
clock stratum: 3
clock status: configured, master, sane, valid
reference clock ID: 127.127.1.0
local mode: client, local poll: 6
peer mode: server, peer poll: 6
offset: 0.0000 ms,delay: 0.00 ms, disper: 0.02 ms
root delay: 0.00 ms, root disper: 10.00 ms
reach: 1, sync dist: 0.010, sync state: 2
precision: 2^18, version: 3, peer interface: InLoopBack0
reftime: 10:56:22.442 UTC Aug 7 2009(CE2686D6.71484513)
orgtime: 10:56:22.442 UTC Aug 7 2009(CE2686D6.71484513)
rcvtime: 10:56:22.442 UTC Aug 7 2009(CE2686D6.7149E881)
xmttime: 10:56:22.442 UTC Aug 7 2009(CE2686D6.71464DC2)
filter delay : 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filter offset: 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filter disper: 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
reference clock status: working abnormally
timecode:
Total associations : 1
Table 1-2 display ntp-service sessions verbose command output description
|
Field |
Description |
|
clock source |
IP address of the clock source |
|
clock stratum |
Stratum level of the clock source, which determines the clock precision. The value range is 1 to 16. The clock precision decreases from stratum 1 to stratum 16. A stratum 1 clock has the highest precision, and a stratum 16 clock is not synchronized and cannot be used as a reference clock. |
|
clock status |
Status of the clock source corresponding to this session, including l configured: The session was created by a configuration command. l dynamic: This session is established dynamically. l master: The clock source is the primary reference source of the current system. l selected: The clock source has survived the clock selection algorithm. l candidate: The clock source is the candidate reference source. l sane: The clock source has passed the sane authentication. l insane: The clock source has failed the sane authentication. l valid: The clock source is valid, which means the clock source meet the following requirements: it has passed the authentication and is being synchronized; its stratum level is valid; its root delay and root dispersion values are within their ranges. l invalid: The clock source is invalid. l unsynced: The clock source has not been synchronized or the value of the stratum level is invalid. |
|
reference clock ID |
Reference clock ID of the clock source 1) If the reference clock is the local clock, the value of this field is related to the stratum level of the clock source: l When the stratum level of the clock source is 0 or 1, this field will be “LOCL”; l When the stratum level of the clock source has another value, this field will be the IP address of the local clock. 2) If the reference clock is the clock of another AP on the network, the value of this field will be the IP address of that AP. |
|
local mode |
Operation mode of the local AP, including l unspec: The mode is unspecified. l active: Active mode. l passive: Passive mode. l client: Client mode. l server: Server mode. l bdcast: Broadcast server mode. l control: Control query mode. l private: Private message mode. |
|
local poll |
Poll interval of the local AP, in seconds. The value displayed is a power of 2, for example, if the displayed value is 6, it indicates that the poll interval of the local AP is 26, that is, 64 seconds. |
|
peer mode |
Operation mode of the peer AP, including l unspec: The mode is unspecified. l active: Active mode. l passive: Passive mode. l client: Client mode. l server: Server mode. l bdcast: Broadcast server mode. l control: Control query mode. l private: Private message mode. |
|
peer poll |
Poll interval of the peer AP, in seconds. The value displayed is a power of 2, for example, if the displayed value is 6, it indicates that the poll interval of the local AP is 26, that is, 64 seconds. |
|
offset |
The offset of the system clock relative to the reference clock, in milliseconds |
|
delay |
The roundtrip delay from the local AP to the clock source, in milliseconds |
|
disper |
The maximum error of the system clock relative to the reference clock |
|
root delay |
The roundtrip delay from the local AP to the primary reference source, in milliseconds |
|
root disper |
The maximum error of the system clock relative to the primary reference clock, in milliseconds |
|
reach |
Reachability count of the clock source. 0 indicates that the clock source is unreachable. |
|
sync dist |
The synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values. |
|
sync state |
State of the state machine The displayed value is an integral that ranges from 0 to 5. |
|
precision |
Precision of the system clock |
|
version |
NTP version The displayed value is an integral that ranges from 1 to 3. |
|
peer interface |
Source interface If the source interface is not specified, this field will be wildcard. |
|
reftime |
Reference timestamp in the NTP message |
|
orgtime |
Originate timestamp in the NTP message |
|
rcvtime |
Receive timestamp in the NTP message |
|
xmttime |
Transmit timestamp in the NTP message |
|
filter delay |
Delay information |
|
filter offset |
Offset information |
|
filter disper |
Dispersion information |
|
reference clock status |
Status of the reference clock, including l working normally l working abnormally |
|
timecode |
Time code |
|
Total associations |
Total number of associations |
When an AP is working in the NTP broadcast/multicast server mode, the display ntp-service sessions command executed on the AP will not display the NTP session information corresponding to the broadcast/multicast server, but the sessions will be counted in the total number of associations.
display ntp-service status
Syntax
display ntp-service status
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display ntp-service status command to view the NTP service status information.
Examples
# View the NTP service status information.
<Sysname> display ntp-service status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)
Table 1-3 display ntp-service status command output description
|
Field |
Description |
|
Clock status |
Status of the system clock |
|
Clock stratum |
Stratum level of the local clock |
|
Reference clock ID |
After the system clock is synchronized to a remote time server or a local reference source, this field indicates the address of the remote time server or the identifier of the local clock source respectively: l When the local clock has a stratum level of 1, the value of this field is “LOCL”; l When the stratum of the local clock has another value, the value of this filed is the IP address of the local clock. |
|
Nominal frequency |
The nominal frequency of the local system hardware clock |
|
Actual frequency |
The actual frequency of the local system hardware clock |
|
Clock precision |
The precision of the system clock |
|
Clock offset |
The offset of the system clock relative to the reference source |
|
Root delay |
The roundtrip delay from the local AP to the primary reference source |
|
Root dispersion |
The maximum error of the system clock relative to the primary reference source |
|
Peer dispersion |
The maximum error of the system clock relative to the reference source |
|
Reference time |
Reference timestamp |
display ntp-service trace
Syntax
display ntp-service trace
View
Any view
Default Level
1: Monitor level
Parameters
None
Description
Use the display ntp-service trace command view the brief information of each NTP server along the NTP server chain from the local AP back to the primary reference source.
The display ntp-service trace command takes effect only if routes are available between the local AP and all the APs on the NTP server chain; otherwise, this command will fail to display all the NTP servers on the NTP chain due to timeout.
Examples
# View the brief information of each NTP server from the local AP back to the primary reference source.
<Sysname> display ntp-service trace
server 127.0.0.1,stratum 2, offset -0.013500, synch distance 0.03154
server 133.1.1.1,stratum 1, offset -0.506500, synch distance 0.03429
refid LOCL
The information above shows an NTP server chain for the server 127.0.0.1: The server 127.0.0.1 is synchronized to the server 133.1.1.1, and the server 133.1.1.1 is synchronized to the local clock source.
Table 1-4 display ntp-service trace command output description
|
Field |
Description |
|
server |
IP address of the NTP server |
|
stratum |
The stratum level of the corresponding system clock |
|
offset |
The clock offset relative to the upper-level clock, in seconds. |
|
synch distance |
The synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values. |
|
refid |
Identifier of the primary reference source. When the stratum level of the primary reference clock is 0, it is displayed as LOCL; otherwise, it is displayed as the IP address of the primary reference clock. |
ntp-service access
Syntax
ntp-service access { peer | query | server | synchronization } acl-number
undo ntp-service access { peer | query | server | synchronization }
View
System view
Default Level
3: Manage level
Parameters
peer: Specifies to permit full access. This level of right permits the peer APs to perform synchronization and control query to the local AP and also permits the local AP to synchronize its clock to that of a peer AP. Control query refers to query of NTP status information, such as alarm information, authentication status, and clock source information.
query: Specifies to permit control query. This level of right permits the peer APs to perform control query to the NTP service on the local AP but does not permit a peer AP to synchronize its clock to that of the local AP.
server: Specifies to permit server access and query. This level of right permits the peer APs to perform synchronization and control query to the local AP but does not permit the local AP to synchronize its clock to that of a peer AP.
synchronization: Specifies to permit server access only. This level of right permits a peer AP to synchronize its clock to that of the local AP but does not permit the peer APs to perform control query.
acl-number: Basic ACL number, in the range of 2000 to 2999
Description
Use the ntp-service access command to configure the NTP service access-control right for a peer AP to access the local AP.
Use the undo ntp-service access command to remove the configured NTP service access-control right to the local AP.
By default, the local NTP service access-control right for a peer AP to access the local AP is set to peer.
From the highest NTP service access-control right to the lowest one are peer, server, synchronization, and query. When an AP receives an NTP request, it will perform an access-control right match and will use the first matched right.
Before specifying an ACL number in the ntp-service access command, make sure you have already created and configured this ACL.
The ntp-service access command provides only a minimum degree of security protection. A more secure method is identity authentication. The related command is ntp-service authentication enable.
Examples
# Configure APs on the subnet 10.10.0.0/16 to have the full access right to the local AP.
<Sysname> system-view
[Sysname] acl number 2001
[Sysname-acl-basic-2001] rule permit source 10.10.0.0 0.0.255.255
[Sysname-acl-basic-2001] quit
[Sysname] ntp-service access peer 2001
ntp-service authentication enable
Syntax
ntp-service authentication enable
undo ntp-service authentication enable
View
System view
Default Level
3: Manage level
Parameters
None
Description
Use the ntp-service authentication enable command to enable NTP authentication.
Use the undo ntp-service authentication enable command to disable NTP authentication.
By default, NTP authentication is disabled.
Related commands: ntp-service authentication-keyid and ntp-service reliable authentication-keyid.
Examples
# Enable NTP authentication.
<Sysname> system-view
[Sysname] ntp-service authentication enable
ntp-service authentication-keyid
Syntax
ntp-service authentication-keyid keyid authentication-mode md5 value
undo ntp-service authentication-keyid keyid
View
System view
Default Level
3: Manage level
Parameters
keyid: Authentication key ID, which ranges from 1 to 4294967295.
authentication-mode md5 value: Specifies to use the MD5 algorithm for key authentication, where value represents authentication key and is a string of 1 to 32 characters.
Description
Use the ntp-service authentication-keyid command to set the NTP authentication key.
Use the undo ntp-service authentication-keyid command to remove the set NTP authentication key.
By default, no NTP authentication key is set.
In a network where there is a high security demand, the NTP authentication feature should be enabled for a system running NTP. This feature enhances the network security by means of the client-server key authentication, which prohibits a client from synchronizing with an AP that has failed authentication.
After the NTP authentication key is configured, you need to configure the key as a trusted key by using the ntp-service reliable authentication-keyid command.
l Presently the system supports only the MD5 algorithm for key authentication.
l You can set a maximum of 1,024 keys for each AP.
l If an NTP authentication key is specified as a trusted key, the key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.
Related commands: ntp-service reliable authentication-keyid.
Examples
# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey.
<Sysname> system-view
[Sysname] ntp-service authentication enable
[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey
ntp-service broadcast-client
Syntax
ntp-service broadcast-client
undo ntp-service broadcast-client
View
Interface view
Default Level
3: Manage level
Parameters
None
Description
Use the ntp-service broadcast-client command to configure the AP to work in the NTP broadcast client mode and use the current interface to receive NTP broadcast packets.
Use the undo ntp-service broadcast-client command to cancel the configuration.
By default, the AP does not work in the NTP broadcast client mode.
Examples
# Configure the AP to work in the broadcast client mode and receive NTP broadcast messages on VLAN-interface 1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service broadcast-client
ntp-service broadcast-server
Syntax
ntp-service broadcast-server [ authentication-keyid keyid | version number ] *
undo ntp-service broadcast-server
View
Interface view
Default Level
3: Manage level
Parameters
authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients, where keyid ranges from 1 to 4294967295. This parameter is not meaningful if authentication is not required.
version number: Specifies the NTP version, where number is in the range of 1 to 3 and defaults to 3.
Description
Use the ntp-service broadcast-server command to configure the AP to work in the NTP broadcast server mode and use the current interface to send NTP broadcast packets.
Use the undo ntp-service broadcast-server command to cancel the configuration.
By default, the AP does not work in the NTP broadcast server mode.
Examples
# Configure the AP to work in the broadcast server mode and send NTP broadcast messages on VLAN-interface 1, using key 4 for encryption, and set the NTP version to 3.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service broadcast-server authentication-keyid 4 version 3
ntp-service in-interface disable
Syntax
ntp-service in-interface disable
undo ntp-service in-interface disable
View
Interface view
Default Level
3: Manage level
Parameters
None
Description
Use the ntp-service in-interface disable command to disable an interface from receiving NTP messages.
Use the undo ntp-service in-interface disable command to restore the default.
By default, all interfaces are enabled to receive NTP messages.
Examples
# Disable VLAN-interface 1 from receiving NTP messages.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service in-interface disable
ntp-service max-dynamic-sessions
Syntax
ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
View
System view
Default Level
3: Manage level
Parameters
number: Maximum number of dynamic NTP sessions that are allowed to be established, in the range of 0 to 100.
Description
Use the ntp-service max-dynamic-sessions command to set the maximum number of dynamic NTP sessions that are allowed to be established locally.
Use the undo ntp-service max-dynamic-sessions command to restore the maximum number of dynamic NTP sessions to the system default.
By default, the number is 100.
A single AP can have a maximum of 128 associations at the same time, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command, while a dynamic association is a temporary association created by the system during operation. A dynamic association will be removed if the system fails to receive messages from it over a specific long time. In the client/server mode, for example, when you carry out a command to synchronize the time to a server, the system will create a static association, and the server will just respond passively upon the receipt of a message, rather than creating an association (static or dynamic). In the symmetric mode, static associations will be created at the symmetric-active peer side, and dynamic associations will be created at the symmetric-passive peer side; in the broadcast or multicast mode, static associations will be created at the server side, and dynamic associations will be created at the client side.
Examples
# Set the maximum number of dynamic NTP sessions allowed to be established to 50.
<Sysname> system-view
[Sysname] ntp-service max-dynamic-sessions 50
ntp-service multicast-client
Syntax
ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]
View
Interface view
Default Level
3: Manage level
Parameters
ip-address: Multicast IP address, defaulting to 224.0.1.1.
Description
Use the ntp-service multicast-client command to configure the AP to work in the NTP multicast client mode and use the current interface to receive NTP multicast packets.
Use the undo ntp-service multicast-client command to cancel the configuration.
By default, the AP does not work in the NTP multicast client mode.
Examples
# Configure the AP to work in the multicast client mode and receive NTP multicast messages on VLAN-interface 1, and set the multicast address to 224.0.1.1.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.1
ntp-service multicast-server
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *
undo ntp-service multicast-server [ ip-address ]
View
Interface view
Default Level
3: Manage level
Parameters
ip-address: Multicast IP address, defaulting to 224.0.1.1.
ttl ttl-number: Specifies the TTL of NTP multicast messages, where ttl-number is in the range of 1 to 255 and defaults to 16.
version number: Specifies the NTP version, where number is in the range of 1 to 3 and defaults to 3.
Description
Use the ntp-service multicast-server command to configure the AP to work in the NTP multicast server mode and use the current interface to send NTP multicast packets.
Use the undo ntp-service multicast-server command to cancel the configuration.
By default, the AP does not work in the NTP multicast server mode.
Examples
# Configure the AP to work in the multicast server mode and send NTP multicast messages on VLAN-interface 1 to the multicast address 224.0.1.1, using key 4 for encryption, and set the NTP version to 3.
<Sysname> system-view
[Sysname] interface vlan-interface 1
[Sysname-Vlan-interface1] ntp-service multicast-server 224.0.1.1 version 3 authentication-keyid 4
ntp-service reliable authentication-keyid
Syntax
ntp-service reliable authentication-keyid keyid
undo ntp-service reliable authentication-keyid keyid
View
System view
Default Level
3: Manage level
Parameters
keyid: Authentication key number, in the range of 1 to 4294967295.
Description
Use the ntp-service reliable authentication-keyid command to specify that the created authentication key is a trusted key. When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.
Use the undo ntp-service reliable authentication-keyid command to remove a trusted authentication key.
No authentication key is configured to be trusted by default.
Examples
# Enable NTP authentication, specify to use MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey.
<Sysname> system-view
[Sysname] ntp-service authentication enable
[Sysname] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey
# Specify this key as a trusted key.
[Sysname] ntp-service reliable authentication-keyid 37
ntp-service source-interface
Syntax
ntp-service source-interface interface-type interface-number
undo ntp-service source-interface
View
System view
Default Level
3: Manage level
Parameters
interface-type interface-number: Specifies an interface by its interface type and interface number.
Description
Use the ntp-service source-interface command to specify the source interface for sending NTP messages.
Use the undo ntp-service source-interface command to restore the default.
By default, no source interface is specified for NTP messages, and the system uses the IP address of the interface determined by the matched route as the source IP address of NTP messages.
If you do not wish the IP address of a certain interface on the local AP to become the destination address of response messages, you can use this command to specify the source interface for sending all NTP messages, so that the source address in all NTP messages is the primary IP address of this interface.
Examples
# Specify VLAN-interface 1 as the source interface for all NTP messages.
<Sysname> system-view
[Sysname] ntp-service source-interface vlan-interface 1
ntp-service unicast-server
Syntax
ntp-service unicast-server { ip-address | server-name } [ authentication-keyid keyid | priority | source-interface interface-type interface-number | version number ] *
undo ntp-service unicast-server { ip-address | server-name }
View
System view
Default Level
3: Manage level
Parameters
ip-address: IP address of the NTP server. It must be a unicast address, rather than a broadcast address, a multicast address or the IP address of the local clock.
server-name: Host name of the NTP server, a string of 1 to 20 characters.
authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server, where keyid is in the range of 1 to 4294967295.
priority: Specifies this NTP server as the first choice under the same condition.
source-interface interface-type interface-number: Specifies the source interface for sending NTP messages. In an NTP message the local AP sends to the NTP server, the source IP address is the primary IP address of this interface. interface-type interface-number represents the interface type and number.
version number: Specifies the NTP version, where number is in the range of 1 to 3 and defaults to 3.
Description
Use the ntp-service unicast-server command to designate an NTP server for the AP.
Use the undo ntp-service unicast-server command to remove an NTP server designated for the AP.
No NTP server is designated for the AP by default.
Examples
# Designate NTP server 10.1.1.1 for the AP, and configure the AP to run NTP version 3.
<Sysname> system-view
[Sysname] ntp-service unicast-server 10.1.1.1 version 3
