H3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)

HomeSupportResource CenterSwitchesH3C S3100 Switch SeriesH3C S3100 Switch SeriesTechnical DocumentsConfigure & DeployConfiguration GuidesH3C S3100-52P Ethernet Switch Operation Manual-Release 1500(V1.02)
25-NTP Operation
Title Size Download
25-NTP Operation 476.54 KB

Chapter 1  NTP Configuration

1.1  Introduction to NTP

Network time protocol (NTP) is a time synchronization protocol defined in RFC1305. It is used for time synchronization between a set of distributed time servers and clients. NTP transmits packets through UDP port 123.

NTP is intended for time synchronization between all devices that have clocks in a network so that the clocks of all devices can keep consistent. Thus, the devices can provide multiple unified-time-based applications.

A local system running NTP can not only be synchronized by other clock sources, but also serve as a clock source to synchronize other clocks. Besides, it can synchronize, or be synchronized by other systems by exchanging NTP packets.

1.1.1  Applications of NTP

NTP is mainly applied to synchronizing the clocks of all devices in a network. For example:

l           In network management, the analysis of the log information and debugging information collected from different devices is meaningful and valid only when network devices that generate the information adopts the same time.

l           The billing system requires that the clocks of all network devices be consistent.

l           Some functions, such as restarting all network devices in a network simultaneously require that they adopt the same time.

l           When multiple systems cooperate to handle a rather complex transaction, they must adopt the same time to ensure a correct execution order.

l           To perform incremental backup operations between a backup server and a host, you must make sure they adopt the same time.

As setting the system time manually in a network with many devices leads to a lot of workload and cannot ensure the accuracy, it is unfeasible for an administrator to perform the operation. However, an administrator can synchronize the clocks of devices in a network with required accuracy by performing NTP configuration.

NTP has the following advantages:

l           Defining the accuracy of clocks by stratum to synchronize the clocks of all devices in a network quickly

l           Supporting access control and MD5 authentication

l           Sending protocol packets in unicast, multicast, or broadcast mode

 

&  Note:

l      The clock stratum determines the accuracy, which ranges from 1 to 16. The stratum of a reference clock ranges from 1 to 15. The clock accuracy decreases as the stratum number increases. A stratum 16 clock is in the unsynchronized state and cannot serve as a reference clock.

l      The local clock of an S3100-52P Ethernet switch cannot operate as a reference clock. It can serve as a NTP server only after synchronized.

 

1.1.2  Implementation Principle of NTP

Figure 1-1 shows the implementation principle of NTP.

Ethernet switch A (LS_A) is connected to Ethernet switch B (LS_B) through Ethernet ports. Both have their own system clocks, and they need to synchronize the clocks of each other through NTP. To help you to understand the implementation principle, we suppose that:

l           Before the system clocks of LS_A and LS_B are synchronized, the clock of LS_A is set to 10:00:00 am, and the clock of LS_B is set to 11:00:00 am.

l           LS_B serves as the NTP server, that is, the clock of LS_A will be synchronized to that of LS_B.

l           It takes one second to transfer an NTP packet from LS_A to LS_B or from LS_A to LS_B.

Figure 1-1 Implementation principle of NTP

The procedure of synchronizing the system clock is as follows:

l           LS_A sends an NTP packet to LS_B, with a timestamp 10:00:00 am (T1) identifying when it is sent.

l           When the packet arrives at LS_B, LS_B inserts its own timestamp 11:00:01 am (T2) into the packet.

l           When the NTP packet leaves LS_B, LS_B inserts its own timestamp 11:00:02 am (T3) into the packet.

l           When receiving a response packet, LS_A inserts a new timestamp 10:00:03 am (T4) into it.

At this time, LS_A has enough information to calculate the following two parameters:

l           Delay for an NTP packet to make a round trip between LS_A and LS_B:

Delay = (T4 -T1)-(T3 -T2).

l           Time offset of LS_A relative to LS_B:

Offset = ((T2 -T1) + (T3 -T4))/2.

LS_A can then set its own clock according to the above information to synchronize its clock to that of LS_B.

For detailed information, refer to RFC1305.

1.1.3  NTP Implementation Modes

According to the network structure and the position of the local Ethernet switch in the network, the local Ethernet switch can work in multiple NTP modes to synchronize the clock.

I. Client/server mode

Figure 1-2 Client/sever mode

II. Peer mode

Figure 1-3 Peer mode

In the peer mode, the local S3100-52P Ethernet switch serves as the active peer and sends clock synchronization request packets first, while the remote server serves as the passive peer automatically.

If both of the peers have reference clocks, the one with a smaller stratum number is adopted.

III. Broadcast mode

Figure 1-4 Broadcast mode

IV. Multicast mode

Figure 1-5 Multicast mode

Table 1-1 describes how the above mentioned NTP modes are implemented on S3100-52P Ethernet switch.

Table 1-1 NTP implementation modes on S3100-52P Ethernet switch

NTP implementation mode

Configuration on S3100-52P switch

Client/server mode

Configure the local S3100-52P Ethernet switch to operate in the NTP server mode. In this mode, the remote server serves as the local time server, while the local switch serves as the client.

Peer mode

Configure the local S3100-52P switch to operate in NTP peer mode. In this mode, the remote server serves as the peer of the S3100-52P switch, and the local switch serves as the active peer.

Broadcast mode

l      Configure the local S3100-52P Ethernet switch to operate in NTP broadcast server mode. In this mode, the local switch broadcasts NTP packets through the VLAN interface configured on the switch.

l      Configure the S3100-52P switch to operate in NTP broadcast client mode. In this mode, the local S3100-52P switch receives broadcast NTP packets through the VLAN interface configured on the switch.

Multicast mode

l      Configure the local S3100-52P Ethernet switch to operate in NTP multicast server mode. In this mode, the local switch sends multicast NTP packets through the VLAN interface configured on the switch.

l      Configure the local S3100-52P Ethernet switch to operate in NTP multicast client mode. In this mode, the local switch receives multicast NTP packets through the VLAN interface configured on the switch.

 

  Caution:

An S3100-52P Ethernet switch can operate in the NTP peer, NTP broadcast server, or NTP multicast server mode only after its clock is synchronized.

 

1.2  Configuring NTP Implementation Modes

An S3100-52P Ethernet switch can operate in one of the following NTP modes:

l           NTP client mode

l           NTP server mode

l           NTP peer mode

l           NTP broadcast server mode

l           NTP broadcast client mode

l           NTP multicast server mode

l           NTP multicast client mode

1.2.1  Configuration Prerequisites

You need to perform configurations only on the client (or the active peer) when you want an S3100-52P Ethernet switch to operate in NTP server mode (or NTP peer mode). However, you need to perform configurations on both the server and client when you want the switch to operate in NTP broadcast mode or NTP multicast mode.

1.2.2  Configuration Procedure

Table 1-2 Configure NTP implementation modes

Operation

Command

Description

Enter system view

system-view

Configure the switch to operate in NTP client mode

ntp-service unicast-server { remote-ip | server-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*

Optional

By default, no Ethernet switch operates in NTP client mode.

Configure the switch to operate in NTP peer mode

ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-id | version number ]*

Optional

By default, no Ethernet switch operates in NTP peer mode.

Enter VLAN interface view

interface Vlan-interface vlan-id

Configure the switch to operate in the NTP broadcast client mode

ntp-service broadcast-client

Optional

By default, no Ethernet switch operates in NTP broadcast client mode.

Configure the switch to operate in NTP broadcast server mode

ntp-service broadcast-server [ authentication-keyid key-id | version number ]*

Optional

By default, no Ethernet switch operates in NTP broadcast server mode.

Configure the switch to operate in NTP multicast client mode

ntp-service multicast-client [ ip-address ]

Optional

By default, no Ethernet switch operates in NTP multicast client mode.

Configure the switch to operate in NTP multicast server mode

ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ]*

Optional

By default, no Ethernet switch operates in NTP multicast server mode.

 

&  Note:

To reduce the risk of being attacked by malicious users against opened socket and enhance switch security, the S3100-52P Ethernet switch provide the following functions, so that a socket is opened only when it is needed:

l      Opening UDP port 123 (used for NTP) when NTP is enabled;

l      Close UDP port 123 when NTP is disabled.

The preceding functions are implemented as follows:

l      When you enable NTP by using the ntp-service unicast-server, ntp-service unicast-peer, ntp-service broadcast-client, ntp-service broadcast-server, ntp-service multicast-client, or ntp-service multicast-server command, UDP port 123 is opened at the same time.

l      When you disable NTP from operating in any modes by using the undo forms of the preceding six commands, UDP port 123 is closed at the same time.

 

I. NTP client mode

l           The remote server specified by the remote-ip or server-name argument serves as the NTP server. The local S3100-52P Ethernet switch serves as the client. The clock of the client is synchronized to the NTP server, while the clock of the NTP server is not synchronized to the client.

l           The IP address specified by the remote-ip argument cannot be a broadcast address, a multicast address, or the IP address used by the local reference clock.

II. NTP peer mode

l           The remote server specified by the remote-ip or peer-name argument serves as the peer of the local Ethernet switch, and the local Ethernet switch operates in the active peer mode. The clock of the local switch can be synchronized to the remote server or used to synchronize the clock of the remote server.

l           The IP address specified by the remote-ip argument cannot be a broadcast address, a multicast address, or the IP address used by the local reference clock.

III. NTP broadcast server mode

When an S3100-52P Ethernet switch operates in NTP broadcast server mode, it broadcasts clock synchronization packets periodically. The devices in NTP broadcast client mode will respond to these packets and start the clock synchronization process.

IV. NTP multicast server mode

When an S3100-52P Ethernet switch operates in NTP multicast server mode, it multicasts clock synchronization packets periodically. The devices in the NTP multicast client mode will respond to these packets and start the clock synchronization process. The switch operating in this mode can support up to 1,024 multicast clients.

 

&  Note:

l      The total number of the servers and peers configured for a switch is up to 128.

l      After the configuration, an S3100-52P Ethernet switch does not establish connections with peers if it operates in NTP server mode. Whereas if it operates in any of the other modes, it establishes connections with peers.

l      If an S3100-52P Ethernet switch operates in passive peer mode, NTP broadcast client mode, or NTP multicast client mode, it establishes connections with peers dynamically. If it operates in any of the other modes, it establishes connections with peers statically.

 

1.3  Configuring Access Control Right

The access control right to the NTP server only provides a minimal degree of security measure. A more secure way is to perform identity authentication.

The right of an access request received by the NTP server is matched from the highest to the lowest in order of peer, server, synchronization, and query.

Table 1-3 Configure the access control right to the local NTP server

Operation

Command

Description

Enter system view

system-view

Configure the access control right to the local NTP server

ntp-service access { peer | server | synchronization | query } acl-number

Optional

By default, the access control right to the local NTP server is peer.

 

1.4  Configuring NTP Authentication

In networks with higher security requirements, the NTP authentication function must be enabled to run NTP. Through password authentication on the client and the server, the client is synchronized only to the server that passes the authentication. This improves network security.

1.4.1  Configuration Prerequisites

NTP authentication configuration involves:

l           Configuring NTP authentication on the client

l           Configuring NTP authentication on the server

Observe the following principles when configuring NTP authentication:

l           If the NTP authentication function is not enabled on the client, the client can be synchronized to a server no matter whether the NTP authentication function is enabled on the server (assuming that other related configurations are performed).

l           You need to couple the NTP authentication with a trusted key.

l           Configurations on the server and the client must be consistent.

l           The client with the NTP authentication function enabled is only synchronized to the server that provides a trusted key.

1.4.2  Configuration Procedure

I. Configuring NTP authentication on the client

Table 1-4 Configure NTP authentication on the client

Operation

Command

Description

Enter system view

system-view

Enable the NTP authentication function globally

ntp-service authentication enable

Required

By default, the NTP authentication function is disabled.

Configure the NTP authentication key

ntp-service authentication-keyid key-id authentication-model md5 value

Required

By default, no NTP authentication key is configured.

Configure the specified key to be a trusted key

ntp-service reliable authentication-keyid key-id

Required

By default, no trusted key is configured.

Associate the specified key with the corresponding NTP server

NTP client mode:

ntp-service unicast-server { remote-ip | server-name } authentication-keyid key-id

l      In NTP client mode and NTP peer mode, you need to associate the specified key with the corresponding NTP server on the client.

l      You can associate the NTP server with the authentication key while configuring NTP mode. You can also use this command to associate them after configuring NTP mode.

Peer mode:

ntp-service unicast-peer { remote-ip | peer-name } authentication-keyid key-id

 

&  Note:

l      NTP authentication requires that the authentication keys configured for the server and the client are the same. Besides, the authentication keys must be trusted keys. Otherwise, the client cannot be synchronized with the server.

l      In NTP server mode and NTP peer mode, you need to associate the specified key with the corresponding NTP server (active peer) on the client (passive peer). In these two modes, multiple servers (active peers) may be configured for a client/passive peer, and therefore, the authentication key is required to determine which server the client is synchronized to.

 

II. Configuring NTP authentication on the server

Table 1-5 Configure NTP authentication on the server

Operation

Command

Description

Enter system view

system-view

Enable NTP authentication

ntp-service authentication enable

Required

By default, the NTP authentication function is disabled.

Configure an NTP authentication key

ntp-service authentication-keyid key-id authentication-mode md5 value

Required

By default, no NTP authentication key is configured.

Configure the specified key to be a trusted key

ntp-service reliable authentication-keyid key-id

Required

By default, no trusted authentication key is configured.

Enter VLAN interface view

interface Vlan-interface vlan-id

Associate the specified key with the corresponding NTP server

Broadcast server mode:

ntp-service broadcast-server authentication-keyid key-id

l      In NTP broadcast server mode and NTP multicast server mode, you need to associate the specified key with the corresponding NTP server on the server

l      You can associate an NTP server with an authentication key while configuring NTP mode. You can also use this command to associate them after configuring the NTP mode.

Multicast server mode:

ntp-service multicast-server authentication-keyid key-id

 

&  Note:

The procedure for configuring NTP authentication on the server is the same as that on the client. Besides, the client and the server must be configured with the same authentication key.

 

1.5  Configuring Optional NTP Parameters

Optional NTP parameters are:

l           Local VLAN interface that sends NTP packets

l           Number of dynamic sessions that can be established locally

l           VLAN interface disabled from receiving NTP packets

Table 1-6 Configure optional NTP parameters

Operation

Command

Description

Enter system view

system-view

Configure a local interface that sends NTP packets

ntp-service source-interface Vlan-interface vlan-id

Optional

Configure the number of sessions that can be established locally

ntp-service max-dynamic-sessions number

Optional

By default, up to 100 dynamic sessions can be established locally.

Enter VLAN interface view

interface Vlan-interface vlan-id

Disable an interface from receiving NTP packets

ntp-service in-interface disable

Optional

By default, a VLAN interface receives NTP packets.

 

  Caution:

l      If a sending interface is specified in the ntp-service unicast-server command or the ntp-service unicast-peer command, the source IP address of an NTP packet is the address of this interface.

l      Dynamic connections can be established when a switch operates in passive peer mode, NTP broadcast client mode, or NTP multicast client mode. In other modes, the connections established are static.

 

1.6  Displaying and Debugging NTP

After the above configurations, you can execute display commands in any view to display the running status of switch, and verify the effect of the configurations.

Table 1-7 Display and debug NTP

Operation

Command

Description

Display the status of NTP services

display ntp-service status

The display commands can be executed in any view

Display the information about the sessions maintained by NTP

display ntp-service sessions [ verbose ]

Display the brief information about NTP servers along the path from the local device to the reference clock source

display ntp-service trace

 

1.7  Configuration Example

1.7.1  Configuring NTP Server Mode

I. Network requirements

The local clock of H3C1 is set to the NTP master clock, with a stratum level of 2.

 

&  Note:

H3C1 is a switch that allows the local clock to serve as the NTP master clock.

 

An S3100-52P Ethernet switch considers H3C1 as the NTP server and operates in client mode, while H3C1 operates in server mode automatically.

II. Network diagram

Figure 1-6 Network diagram for the NTP server mode configuration

III. Configuration procedure

Perform the following configurations on the S3100-52P switch.

# View the NTP status of the S3100-52P switch before synchronization.

<S3100-52P> display ntp-service status

Clock status: unsynchronized

Clock stratum: 16

Reference clock ID: none

Nominal frequence: 99.8562 Hz

Actual frequence: 99.8562 Hz

Clock precision: 2^7

Clock offset: 0.0000 ms

Root delay: 0.00 ms

Root dispersion: 0.00 ms

Peer dispersion: 0.00 ms

Reference time: 00:00:00.000 UTC Jan 1 1900 (00000000.00000000)

# Set H3C1 to the NTP server of the S3100-52P switch.

<S3100-52P> system-view

[S3100-52P] ntp-service unicast-server 1.0.1.11

# (After the above configurations, the S3100-52P switch is synchronized to H3C1.) View the NTP status of the S3100-52P switch.

[S3100-52P] display ntp-service status

Clock status: synchronized

Clock stratum: 3

Reference clock ID: 1.0.1.11

Nominal frequence: 250.0000 Hz

Actual frequence: 249.9992 Hz

Clock precision: 2^19

Clock offset: 0.66 ms

Root delay: 27.47 ms

Root dispersion: 208.39 ms

Peer dispersion: 9.63 ms

Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The above output information indicates that the S3100-52P switch is synchronized to H3C1, and the stratum level of its clock is 3, one level lower than that of H3C1.

# View the information about NTP sessions of the S3100-52P switch. (You can see that the S3100-52P switch establishes a connection with H3C1.)

[S3100-52P] display ntp-service sessions

     source        reference       stra reach poll  now offset  delay disper

**************************************************************************

[12345]1.0.1.11    127.127.1.0     2    1   64    1   350.1   15.1    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.2  Configuring NTP Peer Mode

I. Network requirements

The local clock of H3C2 is set to the NTP master clock, with the clock stratum level of 2.

An S3100-52P Ethernet switch considers H3C2 as the NTP server and serves as the client, while H3C2 operates in server mode automatically. In addition, H3C3 considers the S3100-52P Ethernet switch as its peer.

 

&  Note:

This example assumes that:

l      H3C2 is a switch that allows its local clock to be the master clock.

l      H3C3 is a switch that allows its local clock to be the master clock and the stratum level of its clock is 1.

 

II. Network diagram

Figure 1-7 Network diagram for NTP peer mode configuration

III. Configuration procedure

1)         Configure the S3100-52P switch.

# Set H3C2 to the NTP server.

<S3100-52P> system-view

[S3100-52P] ntp-service unicast-server 3.0.1.31

2)         Configure H3C3 (after the S3100-52P Ethernet switch is synchronized to H3C2).

# Enter system view.

<H3C3> system-view

[H3C3]

# Set the S3100-52P Ethernet switch to the peer of H3C3.

[H3C3] ntp-service unicast-peer 3.0.1.33

The S3100-52P Ethernet switch and H3C3 are a pair of peers. H3C3 operates in active peer mode, while the S3100-52P Ethernet switch operates in passive peer mode. Because the stratum level of the local clock of H3C3 is 1, and that of the S3100-52P Ethernet switch is 3, the S3100-52P Ethernet switch is synchronized to Qudiway3.

View the status of the S3100-52P Ethernet switch after synchronization.

[S3100-52P] display ntp-service status

Clock status: synchronized

 Clock stratum: 2

 Reference clock ID: 3.0.1.32

 Nominal frequency: 250.0000 Hz

 Actual frequency: 249.9992 Hz

 Clock precision: 2^19

Clock offset: 0.66 ms

 Root delay: 27.47 ms

 Root dispersion: 208.39 ms

 Peer dispersion: 9.63 ms

 Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that the S3100-52P Ethernet switch is synchronized to H3C3 and the stratum level of its local clock is 2, one level lower than that H3C3.

# View the information about the NTP sessions of the S3100-52P Ethernet switch (you can see that a connection is established between the S3100-52P Ethernet switch and H3C3).

[S3100-52P] display ntp-service sessions

     source        reference       stra reach poll  now offset  delay disper

**************************************************************************

[2]3.0.1.32       127.127.1.0     1     1     64    1  350.1   15.1    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.3  Configuring NTP Broadcast Mode

I. Network requirements

The local clock of H3C3 is set to the NTP master clock, with a stratum level of 2. NTP packets are broadcast through Vlan-interface2.

Configure S3100-52P-1 and S3100-52P-2 to listen to broadcast packets through their own Vlan-interface2.

 

&  Note:

This example assumes that H3C3 is a switch that supports the local clock being the master clock.

 

II. Network diagram

Figure 1-8 Network diagram for the NTP broadcast mode configuration

III. Configuration procedure

1)         Configure H3C3.

# Enter system view.

<H3C3> system-view

[H3C3]

# Enter Vlan-interface2 view.

[H3C3] interface Vlan-interface 2

[H3C3-Vlan-interface2]

# Set H3C3 to the broadcast server, which sends broadcast packets through Vlan-interface2.

[H3C3-Vlan-interface2] ntp-service broadcast-server

2)         Configure S3100-52P-1.

# Enter system view.

<S3100-52P-1> system-view

[S3100-52P-1]

# Enter Vlan-interface2 view.

[S3100-52P-1] interface Vlan-interface 2

[S3100-52P-1-Vlan-interface2]

# Set S3100-52P-1 to a broadcast client.

[S3100-52P-1-Vlan-interface2] ntp-service broadcast-client

3)         Configure S3100-52P-2

# Enter system view.

<S3100-52P-2> system-view

[S3100-52P-2]

# Enter Vlan-interface2 view.

[S3100-52P-2] interface Vlan-interface 2

[S3100-52P-2-Vlan-interface2]

# Set S3100-52P-2 to a broadcast client.

[S3100-52P-2-Vlan-interface2] ntp-service broadcast-client

After the above configurations, S3100-52P-1 and S3100-52P-2 will listen to broadcast packets through their own Vlan-interface2, and H3C3 will send broadcast packets through Vlan-interface2. Because S3100-52P-2 and H3C3 do not share the same network segment, S3100-52P-2 cannot receive broadcast packets from H3C3, while S3100-52P-1 is synchronized to H3C3 after receiving broadcast packets from H3C3.

View the status of S3100-52P-1 after synchronization.

[S3100-52P-1] display ntp-service status

Clock status: synchronized

 Clock stratum: 3

 Reference clock ID: 3.0.1.31

 Nominal frequency: 250.0000 Hz

 Actual frequency: 249.9992 Hz

 Clock precision: 2^19

 Clock offset: 198.7425 ms

 Root delay: 27.47 ms

 Root dispersion: 208.39 ms

 Peer dispersion: 9.63 ms

 Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that S3100-52P-1 is synchronized to H3C3, with the clock stratum level of 3, one level lower than that of H3C3.

# View the information about the NTP sessions of S3100-52P-1 and you can see that a connection is established between S3100-52P-1 and H3C3.

[S3100-52P-1] display ntp-service sessions

    source          reference       stra reach poll  now offset   delay disper

**************************************************************************

[1]3.0.1.31        127.127.1.0      2    1    64   377    26.1   199.53   9.7

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.4  Configuring NTP Multicast Mode

I. Network requirements

The local clock of H3C3 is set to the NTP master clock, with a clock stratum level of 2. H3C3 advertises multicast packets through Vlan-interface2.

S3100-52P-1 and S3100-52P-2 respectively listen to multicast packets through their own Vlan-interface2.

 

&  Note:

This example assumes that H3C3 is a switch that supports the local clock being the master clock.

 

II. Network diagram

Figure 1-9 Network diagram for NTP multicast mode configuration

III. Configuration procedure

1)         Configure H3C3.

# Enter system view.

<H3C3> system-view

[H3C3]

# Enter VLAN-interface2 view.

[H3C3] interface Vlan-interface 2

# Set H3C3 to a multicast server.

[H3C3-Vlan-interface2] ntp-service multicast-server

2)         Configure S3100-52P-1.

# Enter system view.

<S3100-52P-1> system-view

[S3100-52P-1]

# Enter Vlan-interface2 view.

[S3100-52P-1] interface Vlan-interface 2

# Set S3100-52P-1 to a multicast client.

[S3100-52P-1-Vlan-interface2] ntp-service multicast-client

3)         Configure S3100-52P-2.

# Enter system view.

<S3100-52P-2> system-view

[S3100-52P-2]

# Enter Vlan-interface2 view.

[S3100-52P-2] interface Vlan-interface 2

# Set S3100-52P-2 to a multicast client.

[S3100-52P-2-Vlan-interface2] ntp-service multicast-client

After the above configurations, S3100-52P-1 and S3100-52P-2 respectively listen to multicast packets through their own Vlan-interface2, and H3C3 advertises multicast packets through Vlan-interface2. Because S3100-52P-2 and S3100-52P-3 do not share the same network segment, S3100-52P-2 cannot receive multicast packets from H3C3, while S3100-52P-1 is synchronized to H3C3 after receiving multicast packets from H3C3.

View the status of S3100-52P-1 after synchronization.

[S3100-52P-1] display ntp-service status

Clock status: synchronized

 Clock stratum: 3

 Reference clock ID: 3.0.1.31

 Nominal frequency: 250.0000 Hz

 Actual frequency: 249.9992 Hz

 Clock precision: 2^19

 Clock offset: 198.7425 ms

 Root delay: 27.47 ms

 Root dispersion: 208.39 ms

 Peer dispersion: 9.63 ms

 Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that S3100-52P-1 is synchronized to H3C3, with a clock stratum level of 3, one stratum level lower than that H3C3.

# View the information about the NTP sessions of S3100-52P-1 (You can see that a connection is established between S3100-52P-1 and H3C3).

[S3100-52P-1] display ntp-service sessions

   source        reference       stra reach poll  now offset  delay disper

**************************************************************************

[1]3.0.1.31     127.127.1.0      2    1     64    377  26.1   199.53  9.7

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

1.7.5  Configuring NTP Server Mode with Authentication

I. Network requirements

The local clock of H3C1 is set to the NTP master clock, with a clock stratum level of 2.

An S3100-52P Ethernet switch considers H3C1 as the NTP server and operates in client mode, while H3C1 operates in server mode automatically. In addition, the NTP authentication function is enabled on both sides.

 

&  Note:

This example assumes that H3C1 is a switch that supports the local clock being the NTP master clock.

 

II. Network diagram

Figure 1-10 Network diagram for NTP se rver mode with authentication configuration

III. Configuration procedure

1)         Configure the S3100-52P Ethernet switch.

# Enter system view.

<S3100-52P> system-view

[S3100-52P]

# Set H3C1 to the NTP server.

[S3100-52P] ntp-service unicast-server 1.0.1.11

# Enable the NTP authentication function.

[S3100-52P] ntp-service authentication enable

# Configure an MD5 authentication key, with the key ID being 42 and the key being aNiceKey.

[S3100-52P] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey

# Specify the key as a trusted key.

[S3100-52P] ntp-service reliable authentication-keyid 42

[S3100-52P] ntp-service unicast-server 1.0.1.11 authentication-keyid 42

After the above configurations, S3100-52P is ready to synchronize with H3C1. Because the NTP authentication function is not enabled on H3C1, S3100-52P will fail to be synchronized to H3C1.

To synchronize the S3100-52P Ethernet switch, you need to perform the following configurations on H3C1.

# Enable the NTP authentication function on H3C1.

[H3C1] system-view

[H3C1] ntp-service authentication enable

# Configure an MD5 authentication key, with the key ID being 42 and the key being aNiceKey.

[H3C1] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey

# Specify the key as a trusted key.

[H3C1] ntp-service reliable authentication-keyid 42

(After the above configurations, the S3100-52P Ethernet switch can be synchronized to H3C1.) View the status of S3100-52P after synchronization.

[S3100-52P] display ntp-service status

Clock status: synchronized

Clock stratum: 3

Reference clock ID: 1.0.1.11

Nominal frequence: 250.0000 Hz

Actual frequence: 249.9992 Hz

Clock precision: 2^19

Clock offset: 0.66 ms

Root delay: 27.47 ms

Root dispersion: 208.39 ms

Peer dispersion: 9.63 ms

Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

The output information indicates that S3100-52P is synchronized to H3C1, with a clock stratum level of 3, one stratum level lower than that H3C1.

# View the information about NTP sessions of S3100-52P (You can see that a connection is established between S3100-52P and H3C1).

<S3100-52P> display ntp-service sessions

     source        reference       stra reach poll  now offset  delay disper

**************************************************************************

    [5]1.0.1.11    127.127.1.0    2    1      64    1   350.1   15.1    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured