Table of Contents

Chapter 1 NTP Configuration. 1-1

1.1 Introduction to NTP. 1-1

1.1.1 Applications of NTP. 1-1

1.1.2 Implementation Principle of NTP. 1-2

1.1.3 NTP Implementation Modes. 1-4

1.2 Configuring NTP Implementation Modes. 1-6

1.2.1 Configuration Prerequisites. 1-6

1.2.2 Configuration Procedure. 1-7

1.3 Configuring Access Control Right 1-9

1.4 Configuring NTP Authentication. 1-9

1.4.1 Configuration Prerequisites. 1-10

1.4.2 Configuration Procedure. 1-10

1.5 Configuring Optional NTP Parameters. 1-12

1.6 Displaying and Debugging NTP. 1-13

1.7 Configuration Example. 1-13

1.7.1 Configuring NTP Server Mode. 1-13

1.7.2 Configuring NTP Peer Mode. 1-15

1.7.3 Configuring NTP Broadcast Mode. 1-17

1.7.4 Configuring NTP Multicast Mode. 1-19

1.7.5 Configuring NTP Server Mode with Authentication. 1-21

 

Chapter 1  NTP Configuration

1.1  Introduction to NTP

Network time protocol (NTP) is a time synchronization protocol defined in RFC1305. It is used for time synchronization between a set of distributed time servers and clients. NTP transmits packets through UDP port 123.

NTP is intended for time synchronization between all devices that have clocks in a network so that the clocks of all devices can keep consistent. Thus, the devices can provide multiple unified-time-based applications.

A local system running NTP can not only be synchronized by other clock sources, but also serve as a clock source to synchronize other clocks. Besides, it can synchronize, or be synchronized by other systems by exchanging NTP packets.

1.1.1  Applications of NTP

NTP is mainly applied to synchronizing the clocks of all devices in a network. For example:

l           In network management, the analysis of the log information and debugging information collected from different devices is meaningful and valid only when network devices that generate the information adopts the same time.

l           The billing system requires that the clocks of all network devices be consistent.

l           Some functions, such as restarting all network devices in a network simultaneously require that they adopt the same time.

l           When multiple systems cooperate to handle a rather complex transaction, they must adopt the same time to ensure a correct execution order.

l           To perform incremental backup operations between a backup server and a host, you must make sure they adopt the same time.

As setting the system time manually in a network with many devices leads to a lot of workload and cannot ensure the accuracy, it is unfeasible for an administrator to perform the operation. However, an administrator can synchronize the clocks of devices in a network with required accuracy by performing NTP configuration.

NTP has the following advantages:

l           Defining the accuracy of clocks by stratum to synchronize the clocks of all devices in a network quickly

l           Supporting access control and MD5 authentication

l           Sending protocol packets in unicast, multicast, or broadcast mode

 

 

1.1.2  Implementation Principle of NTP

Figure 1-1 shows the implementation principle of NTP.

Ethernet switch A (LS_A) is connected to Ethernet switch B (LS_B) through Ethernet ports. Both have their own system clocks, and they need to synchronize the clocks of each other through NTP. To help you to understand the implementation principle, we suppose that:

l           Before the system clocks of LS_A and LS_B are synchronized, the clock of LS_A is set to 10:00:00 am, and the clock of LS_B is set to 11:00:00 am.

l           LS_B serves as the NTP server, that is, the clock of LS_A will be synchronized to that of LS_B.

l           It takes one second to transfer an NTP packet from LS_A to LS_B or from LS_A to LS_B.

Figure 1-1 Implementation principle of NTP

The procedure of synchronizing the system clock is as follows:

l           LS_A sends an NTP packet to LS_B, with a timestamp 10:00:00 am (T₁) identifying when it is sent.

l           When the packet arrives at LS_B, LS_B inserts its own timestamp 11:00:01 am (T₂) into the packet.

l           When the NTP packet leaves LS_B, LS_B inserts its own timestamp 11:00:02 am (T₃) into the packet.

l           When receiving a response packet, LS_A inserts a new timestamp 10:00:03 am (T₄) into it.

At this time, LS_A has enough information to calculate the following two parameters:

l           Delay for an NTP packet to make a round trip between LS_A and LS_B:

Delay = (T₄ -T₁)-(T₃ -T₂).

l           Time offset of LS_A relative to LS_B:

Offset = ((T₂ -T₁) + (T₃ -T₄))/2.

LS_A can then set its own clock according to the above information to synchronize its clock to that of LS_B.

For detailed information, refer to RFC1305.

1.1.3  NTP Implementation Modes

According to the network structure and the position of the local Ethernet switch in the network, the local Ethernet switch can work in multiple NTP modes to synchronize the clock.

I. Client/server mode

Figure 1-2 Client/sever mode

II. Peer mode

Figure 1-3 Peer mode

In the peer mode, the local S3100-52P Ethernet switch serves as the active peer and sends clock synchronization request packets first, while the remote server serves as the passive peer automatically.

If both of the peers have reference clocks, the one with a smaller stratum number is adopted.

III. Broadcast mode

Figure 1-4 Broadcast mode

IV. Multicast mode

Figure 1-5 Multicast mode

Table 1-1 describes how the above mentioned NTP modes are implemented on S3100-52P Ethernet switch.

Table 1-1 NTP implementation modes on S3100-52P Ethernet switch

NTP implementation mode	Configuration on S3100-52P switch
Client/server mode	Configure the local S3100-52P Ethernet switch to operate in the NTP server mode. In this mode, the remote server serves as the local time server, while the local switch serves as the client.
Peer mode	Configure the local S3100-52P switch to operate in NTP peer mode. In this mode, the remote server serves as the peer of the S3100-52P switch, and the local switch serves as the active peer.
Broadcast mode	l      Configure the local S3100-52P Ethernet switch to operate in NTP broadcast server mode. In this mode, the local switch broadcasts NTP packets through the VLAN interface configured on the switch. l      Configure the S3100-52P switch to operate in NTP broadcast client mode. In this mode, the local S3100-52P switch receives broadcast NTP packets through the VLAN interface configured on the switch.
Multicast mode	l      Configure the local S3100-52P Ethernet switch to operate in NTP multicast server mode. In this mode, the local switch sends multicast NTP packets through the VLAN interface configured on the switch. l      Configure the local S3100-52P Ethernet switch to operate in NTP multicast client mode. In this mode, the local switch receives multicast NTP packets through the VLAN interface configured on the switch.

 

 

1.2  Configuring NTP Implementation Modes

An S3100-52P Ethernet switch can operate in one of the following NTP modes:

l           NTP client mode

l           NTP server mode

l           NTP peer mode

l           NTP broadcast server mode

l           NTP broadcast client mode

l           NTP multicast server mode

l           NTP multicast client mode

1.2.1  Configuration Prerequisites

You need to perform configurations only on the client (or the active peer) when you want an S3100-52P Ethernet switch to operate in NTP server mode (or NTP peer mode). However, you need to perform configurations on both the server and client when you want the switch to operate in NTP broadcast mode or NTP multicast mode.

1.2.2  Configuration Procedure

Table 1-2 Configure NTP implementation modes

Operation	Command	Description
Enter system view	system-view	—
Configure the switch to operate in NTP client mode	ntp-service unicast-server { remote-ip | server-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*	Optional By default, no Ethernet switch operates in NTP client mode.
Configure the switch to operate in NTP peer mode	ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*	Optional By default, no Ethernet switch operates in NTP peer mode.
Enter VLAN interface view	interface Vlan-interface vlan-id	—
Configure the switch to operate in the NTP broadcast client mode	ntp-service broadcast-client	Optional By default, no Ethernet switch operates in NTP broadcast client mode.
Configure the switch to operate in NTP broadcast server mode	ntp-service broadcast-server [ authentication-keyid key-id | version number ]*	Optional By default, no Ethernet switch operates in NTP broadcast server mode.
Configure the switch to operate in NTP multicast client mode	ntp-service multicast-client [ ip-address ]	Optional By default, no Ethernet switch operates in NTP multicast client mode.
Configure the switch to operate in NTP multicast server mode	ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ]*	Optional By default, no Ethernet switch operates in NTP multicast server mode.

 

 

I. NTP client mode

l           The remote server specified by the remote-ip or server-name argument serves as the NTP server. The local S3100-52P Ethernet switch serves as the client. The clock of the client is synchronized to the NTP server, while the clock of the NTP server is not synchronized to the client.

l           The IP address specified by the remote-ip argument cannot be a broadcast address, a multicast address, or the IP address used by the local reference clock.

II. NTP peer mode

l           The remote server specified by the remote-ip or peer-name argument serves as the peer of the local Ethernet switch, and the local Ethernet switch operates in the active peer mode. The clock of the local switch can be synchronized to the remote server or used to synchronize the clock of the remote server.

l           The IP address specified by the remote-ip argument cannot be a broadcast address, a multicast address, or the IP address used by the local reference clock.

III. NTP broadcast server mode

When an S3100-52P Ethernet switch operates in NTP broadcast server mode, it broadcasts clock synchronization packets periodically. The devices in NTP broadcast client mode will respond to these packets and start the clock synchronization process.

IV. NTP multicast server mode

When an S3100-52P Ethernet switch operates in NTP multicast server mode, it multicasts clock synchronization packets periodically. The devices in the NTP multicast client mode will respond to these packets and start the clock synchronization process. The switch operating in this mode can support up to 1,024 multicast clients.

 

 

1.3  Configuring Access Control Right

The access control right to the NTP server only provides a minimal degree of security measure. A more secure way is to perform identity authentication.

The right of an access request received by the NTP server is matched from the highest to the lowest in order of peer, server, synchronization, and query.

Table 1-3 Configure the access control right to the local NTP server

Operation	Command	Description
Enter system view	system-view	—
Configure the access control right to the local NTP server	ntp-service access { peer | server | synchronization | query } acl-number	Optional By default, the access control right to the local NTP server is peer.

 

1.4  Configuring NTP Authentication

In networks with higher security requirements, the NTP authentication function must be enabled to run NTP. Through password authentication on the client and the server, the client is synchronized only to the server that passes the authentication. This improves network security.

1.4.1  Configuration Prerequisites

NTP authentication configuration involves:

l           Configuring NTP authentication on the client

l           Configuring NTP authentication on the server

Observe the following principles when configuring NTP authentication:

l           If the NTP authentication function is not enabled on the client, the client can be synchronized to a server no matter whether the NTP authentication function is enabled on the server (assuming that other related configurations are performed).

l           You need to couple the NTP authentication with a trusted key.

l           Configurations on the server and the client must be consistent.

l           The client with the NTP authentication function enabled is only synchronized to the server that provides a trusted key.

1.4.2  Configuration Procedure

I. Configuring NTP authentication on the client

Table 1-4 Configure NTP authentication on the client

Operation	Command	Description
Enter system view	system-view	—
Enable the NTP authentication function globally	ntp-service authentication enable	Required By default, the NTP authentication function is disabled.
Configure the NTP authentication key	ntp-service authentication-keyid key-id authentication-model md5 value	Required By default, no NTP authentication key is configured.
Configure the specified key to be a trusted key	ntp-service reliable authentication-keyid key-id	Required By default, no trusted key is configured.
Associate the specified key with the corresponding NTP server	NTP client mode: ntp-service unicast-server { remote-ip | server-name } authentication-keyid key-id	l      In NTP client mode and NTP peer mode, you need to associate the specified key with the corresponding NTP server on the client. l      You can associate the NTP server with the authentication key while configuring NTP mode. You can also use this command to associate them after configuring NTP mode.
	Peer mode: ntp-service unicast-peer { remote-ip | peer-name } authentication-keyid key-id

 

 

II. Configuring NTP authentication on the server

Table 1-5 Configure NTP authentication on the server

Operation	Command	Description
Enter system view	system-view	—
Enable NTP authentication	ntp-service authentication enable	Required By default, the NTP authentication function is disabled.
Configure an NTP authentication key	ntp-service authentication-keyid key-id authentication-mode md5 value	Required By default, no NTP authentication key is configured.
Configure the specified key to be a trusted key	ntp-service reliable authentication-keyid key-id	Required By default, no trusted authentication key is configured.
Enter VLAN interface view	interface Vlan-interface vlan-id	—
Associate the specified key with the corresponding NTP server	Broadcast server mode: ntp-service broadcast-server authentication-keyid key-id	l      In NTP broadcast server mode and NTP multicast server mode, you need to associate the specified key with the corresponding NTP server on the server l      You can associate an NTP server with an authentication key while configuring NTP mode. You can also use this command to associate them after configuring the NTP mode.
	Multicast server mode: ntp-service multicast-server authentication-keyid key-id

 

 

1.5  Configuring Optional NTP Parameters

Optional NTP parameters are:

l           Local VLAN interface that sends NTP packets

l           Number of dynamic sessions that can be established locally

l           VLAN interface disabled from receiving NTP packets

Table 1-6 Configure optional NTP parameters

Operation	Command	Description
Enter system view	system-view	—
Configure a local interface that sends NTP packets	ntp-service source-interface Vlan-interface vlan-id	Optional
Configure the number of sessions that can be established locally	ntp-service max-dynamic-sessions number	Optional By default, up to 100 dynamic sessions can be established locally.
Enter VLAN interface view	interface Vlan-interface vlan-id	—
Disable an interface from receiving NTP packets	ntp-service in-interface disable	Optional By default, a VLAN interface receives NTP packets.

 

 

1.6  Displaying and Debugging NTP

After the above configurations, you can execute display commands in any view to display the running status of switch, and verify the effect of the configurations.

Table 1-7 Display and debug NTP

Operation	Command	Description
Display the status of NTP services	display ntp-service status	The display commands can be executed in any view
Display the information about the sessions maintained by NTP	display ntp-service sessions [ verbose ]
Display the brief information about NTP servers along the path from the local device to the reference clock source	display ntp-service trace

 

1.7  Configuration Example

1.7.1  Configuring NTP Server Mode

I. Network requirements

The local clock of H3C1 is set to the NTP master clock, with a stratum level of 2.

 

 

An S3100-52P Ethernet switch considers H3C1 as the NTP server and operates in client mode, while H3C1 operates in server mode automatically.

II. Network diagram

Figure 1-6 Network diagram for the NTP server mode configuration

III. Configuration procedure

Perform the following configurations on the S3100-52P switch.

# View the NTP status of the S3100-52P switch before synchronization.

<S3100-52P> display ntp-service status

Clock status: unsynchronized

Clock stratum: 16

Reference clock ID: none

Nominal frequence: 99.8562 Hz

Actual frequence: 99.8562 Hz

Clock precision: 2^7

Clock offset: 0.0000 ms

Root delay: 0.00 ms

Root dispersion: 0.00 ms

Peer dispersion: 0.00 ms

Reference time: 00:00:00.000 UTC Jan 1 1900 (00000000.00000000)

# Set H3C1 to the NTP server of the S3100-52P switch.

<S3100-52P> system-view

[S3100-52P] ntp-service unicast-server 1.0.1.11

# (After the above configurations, the S3100-52P switch is synchronized to H3C1.) View the NTP status of the S3100-52P switch.

[S3100-52P] display ntp-service status

Clock status: synchronized

Clock stratum: 3

Reference clock ID: 1.0.1.11

Nominal frequence: 250.0000 Hz

Actual frequence: 249.9992 Hz

Clock precision: 2^19

Clock offset: 0.66 ms

Root delay: 27.47 ms

Root dispersion: 208.39 ms

Peer dispersion: 9.63 ms

Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The above output information indicates that the S3100-52P switch is synchronized to H3C1, and the stratum level of its clock is 3, one level lower than that of H3C1.

# View the information about NTP sessions of the S3100-52P switch. (You can see that the S3100-52P switch establishes a connection with H3C1.)

[S3100-52P] display ntp-service sessions

     source        reference       stra reach poll  now offset  delay disper

**************************************************************************

[12345]1.0.1.11    127.127.1.0     2    1   64    1   350.1   15.1    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.2  Configuring NTP Peer Mode

I. Network requirements

The local clock of H3C2 is set to the NTP master clock, with the clock stratum level of 2.

An S3100-52P Ethernet switch considers H3C2 as the NTP server and serves as the client, while H3C2 operates in server mode automatically. In addition, H3C3 considers the S3100-52P Ethernet switch as its peer.

 

 

II. Network diagram

Figure 1-7 Network diagram for NTP peer mode configuration

III. Configuration procedure

1)         Configure the S3100-52P switch.

# Set H3C2 to the NTP server.

<S3100-52P> system-view

[S3100-52P] ntp-service unicast-server 3.0.1.31

2)         Configure H3C3 (after the S3100-52P Ethernet switch is synchronized to H3C2).

# Enter system view.

<H3C3> system-view

[H3C3]

# Set the S3100-52P Ethernet switch to the peer of H3C3.

[H3C3] ntp-service unicast-peer 3.0.1.33

The S3100-52P Ethernet switch and H3C3 are a pair of peers. H3C3 operates in active peer mode, while the S3100-52P Ethernet switch operates in passive peer mode. Because the stratum level of the local clock of H3C3 is 1, and that of the S3100-52P Ethernet switch is 3, the S3100-52P Ethernet switch is synchronized to Qudiway3.

View the status of the S3100-52P Ethernet switch after synchronization.

[S3100-52P] display ntp-service status

Clock status: synchronized

 Clock stratum: 2

 Reference clock ID: 3.0.1.32

 Nominal frequency: 250.0000 Hz

 Actual frequency: 249.9992 Hz

 Clock precision: 2^19

Clock offset: 0.66 ms

 Root delay: 27.47 ms

 Root dispersion: 208.39 ms

 Peer dispersion: 9.63 ms

 Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that the S3100-52P Ethernet switch is synchronized to H3C3 and the stratum level of its local clock is 2, one level lower than that H3C3.

# View the information about the NTP sessions of the S3100-52P Ethernet switch (you can see that a connection is established between the S3100-52P Ethernet switch and H3C3).

[S3100-52P] display ntp-service sessions

     source        reference       stra reach poll  now offset  delay disper

**************************************************************************

[2]3.0.1.32       127.127.1.0     1     1     64    1  350.1   15.1    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.3  Configuring NTP Broadcast Mode

I. Network requirements

The local clock of H3C3 is set to the NTP master clock, with a stratum level of 2. NTP packets are broadcast through Vlan-interface2.

Configure S3100-52P-1 and S3100-52P-2 to listen to broadcast packets through their own Vlan-interface2.

 

 

II. Network diagram

Figure 1-8 Network diagram for the NTP broadcast mode configuration

III. Configuration procedure

1)         Configure H3C3.

# Enter system view.

<H3C3> system-view

[H3C3]

# Enter Vlan-interface2 view.

[H3C3] interface Vlan-interface 2

[H3C3-Vlan-interface2]

# Set H3C3 to the broadcast server, which sends broadcast packets through Vlan-interface2.

[H3C3-Vlan-interface2] ntp-service broadcast-server

2)         Configure S3100-52P-1.

# Enter system view.

<S3100-52P-1> system-view

[S3100-52P-1]

# Enter Vlan-interface2 view.

[S3100-52P-1] interface Vlan-interface 2

[S3100-52P-1-Vlan-interface2]

# Set S3100-52P-1 to a broadcast client.

[S3100-52P-1-Vlan-interface2] ntp-service broadcast-client

3)         Configure S3100-52P-2

# Enter system view.

<S3100-52P-2> system-view

[S3100-52P-2]

# Enter Vlan-interface2 view.

[S3100-52P-2] interface Vlan-interface 2

[S3100-52P-2-Vlan-interface2]

# Set S3100-52P-2 to a broadcast client.

[S3100-52P-2-Vlan-interface2] ntp-service broadcast-client

After the above configurations, S3100-52P-1 and S3100-52P-2 will listen to broadcast packets through their own Vlan-interface2, and H3C3 will send broadcast packets through Vlan-interface2. Because S3100-52P-2 and H3C3 do not share the same network segment, S3100-52P-2 cannot receive broadcast packets from H3C3, while S3100-52P-1 is synchronized to H3C3 after receiving broadcast packets from H3C3.

View the status of S3100-52P-1 after synchronization.

[S3100-52P-1] display ntp-service status

Clock status: synchronized

 Clock stratum: 3

 Reference clock ID: 3.0.1.31

 Nominal frequency: 250.0000 Hz

 Actual frequency: 249.9992 Hz

 Clock precision: 2^19

 Clock offset: 198.7425 ms

 Root delay: 27.47 ms

 Root dispersion: 208.39 ms

 Peer dispersion: 9.63 ms

 Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that S3100-52P-1 is synchronized to H3C3, with the clock stratum level of 3, one level lower than that of H3C3.

# View the information about the NTP sessions of S3100-52P-1 and you can see that a connection is established between S3100-52P-1 and H3C3.

[S3100-52P-1] display ntp-service sessions

    source          reference       stra reach poll  now offset   delay disper

**************************************************************************

[1]3.0.1.31        127.127.1.0      2    1    64   377    26.1   199.53   9.7

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.4  Configuring NTP Multicast Mode

I. Network requirements

The local clock of H3C3 is set to the NTP master clock, with a clock stratum level of 2. H3C3 advertises multicast packets through Vlan-interface2.

S3100-52P-1 and S3100-52P-2 respectively listen to multicast packets through their own Vlan-interface2.

 

 

II. Network diagram

Figure 1-9 Network diagram for NTP multicast mode configuration

III. Configuration procedure

1)         Configure H3C3.

# Enter system view.

<H3C3> system-view

[H3C3]

# Enter VLAN-interface2 view.

[H3C3] interface Vlan-interface 2

# Set H3C3 to a multicast server.

[H3C3-Vlan-interface2] ntp-service multicast-server

2)         Configure S3100-52P-1.

# Enter system view.

<S3100-52P-1> system-view

[S3100-52P-1]

# Enter Vlan-interface2 view.

[S3100-52P-1] interface Vlan-interface 2

# Set S3100-52P-1 to a multicast client.

[S3100-52P-1-Vlan-interface2] ntp-service multicast-client

3)         Configure S3100-52P-2.

# Enter system view.

<S3100-52P-2> system-view

[S3100-52P-2]

# Enter Vlan-interface2 view.

[S3100-52P-2] interface Vlan-interface 2

# Set S3100-52P-2 to a multicast client.

[S3100-52P-2-Vlan-interface2] ntp-service multicast-client

After the above configurations, S3100-52P-1 and S3100-52P-2 respectively listen to multicast packets through their own Vlan-interface2, and H3C3 advertises multicast packets through Vlan-interface2. Because S3100-52P-2 and S3100-52P-3 do not share the same network segment, S3100-52P-2 cannot receive multicast packets from H3C3, while S3100-52P-1 is synchronized to H3C3 after receiving multicast packets from H3C3.

View the status of S3100-52P-1 after synchronization.

[S3100-52P-1] display ntp-service status

Clock status: synchronized

 Clock stratum: 3

 Reference clock ID: 3.0.1.31

 Nominal frequency: 250.0000 Hz

 Actual frequency: 249.9992 Hz

 Clock precision: 2^19

 Clock offset: 198.7425 ms

 Root delay: 27.47 ms

 Root dispersion: 208.39 ms

 Peer dispersion: 9.63 ms

 Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that S3100-52P-1 is synchronized to H3C3, with a clock stratum level of 3, one stratum level lower than that H3C3.

# View the information about the NTP sessions of S3100-52P-1 (You can see that a connection is established between S3100-52P-1 and H3C3).

[S3100-52P-1] display ntp-service sessions

   source        reference       stra reach poll  now offset  delay disper

**************************************************************************

[1]3.0.1.31     127.127.1.0      2    1     64    377  26.1   199.53  9.7

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.5  Configuring NTP Server Mode with Authentication

I. Network requirements

The local clock of H3C1 is set to the NTP master clock, with a clock stratum level of 2.

An S3100-52P Ethernet switch considers H3C1 as the NTP server and operates in client mode, while H3C1 operates in server mode automatically. In addition, the NTP authentication function is enabled on both sides.

 

 

II. Network diagram

Figure 1-10 Network diagram for NTP se rver mode with authentication configuration

III. Configuration procedure

1)         Configure the S3100-52P Ethernet switch.

# Enter system view.

<S3100-52P> system-view

[S3100-52P]

# Set H3C1 to the NTP server.

[S3100-52P] ntp-service unicast-server 1.0.1.11

# Enable the NTP authentication function.

[S3100-52P] ntp-service authentication enable

# Configure an MD5 authentication key, with the key ID being 42 and the key being aNiceKey.

[S3100-52P] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey

# Specify the key as a trusted key.

[S3100-52P] ntp-service reliable authentication-keyid 42

[S3100-52P] ntp-service unicast-server 1.0.1.11 authentication-keyid 42

After the above configurations, S3100-52P is ready to synchronize with H3C1. Because the NTP authentication function is not enabled on H3C1, S3100-52P will fail to be synchronized to H3C1.

To synchronize the S3100-52P Ethernet switch, you need to perform the following configurations on H3C1.

# Enable the NTP authentication function on H3C1.

[H3C1] system-view

[H3C1] ntp-service authentication enable

# Configure an MD5 authentication key, with the key ID being 42 and the key being aNiceKey.

[H3C1] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey

# Specify the key as a trusted key.

[H3C1] ntp-service reliable authentication-keyid 42

(After the above configurations, the S3100-52P Ethernet switch can be synchronized to H3C1.) View the status of S3100-52P after synchronization.

[S3100-52P] display ntp-service status

Clock status: synchronized

Clock stratum: 3

Reference clock ID: 1.0.1.11

Nominal frequence: 250.0000 Hz

Actual frequence: 249.9992 Hz

Clock precision: 2^19

Clock offset: 0.66 ms

Root delay: 27.47 ms

Root dispersion: 208.39 ms

Peer dispersion: 9.63 ms

Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that S3100-52P is synchronized to H3C1, with a clock stratum level of 3, one stratum level lower than that H3C1.

# View the information about NTP sessions of S3100-52P (You can see that a connection is established between S3100-52P and H3C1).

<S3100-52P> display ntp-service sessions

     source        reference       stra reach poll  now offset  delay disper

**************************************************************************

    [5]1.0.1.11    127.127.1.0    2    1      64    1   350.1   15.1    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured