1.1 Introduction to NTP
Network time protocol (NTP) is a timesynchronization protocol defined by RFC1305. It is used for timesynchronization among a set of distributed time servers and clients. NTP transmitspackets through UDP port 123.
NTP is intended for time synchronization ofall devices that have clocks in a network, so that the clocks of all devices cankeep consistent. This enables the applications that require unified time.
A system running NTP not only can besynchronized by other clock sources, but also can serve as a clock source tosynchronize other clocks. Besides, it can synchronize, or be synchronized by othersystems by exchanging NTP packets.
1.1.1 Applications of NTP
NTP is mainly applied to synchronizing theclocks of all the network devices in a network. For example:
lIn network management, the analysis of the loginformation and debugging information collected from different devices ismeaningful and valid only when network devices that generate the informationadopt the same time.
lThe accounting system requires that the clocksof all the network devices be consistent.
lSome functions, such as restarting all thenetwork devices in a network simultaneously, require that they adopt the sametime.
lWhen multiple systems cooperate to handle arather complex event, to ensure a correct execution order, they must adopt thesame time.
lTo perform incremental backup operations betweena backup server and a host, you must make sure they adopt the same time.
As setting the system time manually in anetwork with many devices leads to a lot of workload and cannot ensure theaccuracy, it is unfeasible for an administrator to perform the operation. However,an administrator can synchronize the devices in a network with requiredaccuracy by performing NTP configuration.
NTP benefits from the following advantages:
lDefining the accuracy of clocks by strata tosynchronize the time of all the devices in a network quickly
lSupporting access control and MD5 authentication
lSending protocol packets in unicast, multicastor broadcast mode
& Note:
The accuracy of a clock is determined by its stratum, which rangesfrom 1 to 16. The stratum of the reference clock ranges from 1 to 15. Theaccuracy descends with the increasing of stratum number. The clocks with thestratum of 16 are in unsynchronized state and cannot serve as reference clocks.
1.1.2 Working Principle of NTP
The working principle of NTP is shown in Figure 1-1.
In Figure 1-1, The Ethernet switch A (LS_A) is connected to the Ethernet switch B (LS_B) through their Ethernet ports. Both of them have system clocks of their own, and they need to synchronize the clocks of each otherthrough NTP. For ease of understanding, suppose that:
lBefore the system clocks of LS_A and LS_B aresynchronized, the clock of LS_A is set to 10:00:00am, and the clock of LS_B isset to 11:00:00am.
lLS_B serves as the NTP time server, that is, theclock of LS_A will be synchronized to that of LS_B.
lIt takes one second for a packet sent by oneswitch to reach the other.
Figure 1-1 Working principle of NTP
The procedures of synchronizing systemclocks are as follows:
lLS_A sends an NTP packet to LS_B, with thetimestamp identifying the time when it is sent (that is, 10:00:00am, noted as T1)carried.
lWhen the packet arrives at LS_B, LS_B inserts itsown timestamp, which identifies 11:00:01am (noted as T2) into thepacket.
lBefore this NTP packet leaves LS_B, LS_B insertsits own timestamp once again, which identifies 11:00:02am (noted as T3).
lWhen receiving the response packet, the localtime of LS_A is 10:00:03am.
At this time, LS_A has enough informationto calculate the following two parameters:
lThe delay for an NTP packet to make a round tripbetween LS_A and LS_B: delay = (T4 -T1)-(T3 -T2).
lThe time offset of LS_A with regard to LS_B:offset = ((T2 -T1) + (T3 -T4))/2.
LS_A can then set its own clock accordingto the above information to synchronize its clock to that of LS_B.
For the detailed information, refer toRFC1305.
1.1.3 NTP ImplementationMode
To accommodate networks of different structuresand switches in different network positions, NTP can operate in multiple modes,as described in the following.
I. Client/Server mode
Figure 1-2 NTP implementation mode: client/Severmode
II. Peer mode
Figure 1-3 NTP implementation mode: peermode
In peer mode, the active peer sends clocksynchronization packets first, and its peer works as a passive peerautomatically.
If both of the peers have reference clocks,the one with smaller stratum is adopted.
III. Broadcast mode
Figure 1-4 NTP implementation mode: broadcastmode
IV. Multicast mode
Figure 1-5 NTP implementation mode: multicastmode
Table 1-1 describes how the above mentioned NTP modes are implemented on an S7500series switch.
Table 1-1 NTPimplementation modes on an S7500 series switch
| NTP implementation mode | Configuration on S7500 switches |
| Client/Server mode | Configure the S7500 switch to operate in the NTP server mode. In this case, the remote server operates as the local time server, and the S7500 switch operates as the client. |
| Peer mode | Configure the S7500 switch to operate in NTP peer mode. In this case, the remote server operates as the peer of the S7500 switch, and the S7500 switch operates as the active peer. |
| Broadcast mode | l Configure the S7500 switch to operate in NTP broadcast server mode. In this case, the S7500 switch broadcasts NTP packets through the VLAN interface configured on the switch. l Configure the S7500 switch to operate in NTP broadcast client mode. In this case, the S7500 switch receives broadcast NTP packets through the VLAN interface configured on the switch. |
| Multicast mode | l Configure the S7500 switch to operate in NTP multicast server mode. In this case, the S7500 switch sends multicast NTP packets through the VLAN interface configured on the switch. l Configure the S7500 switch to operate in NTP multicast client mode. In this case, the S7500 switch receives multicast NTP packets through the VLAN interface configured on the switch. |
1.2 NTP Implementation Mode Configuration
A switch can operate in the following NTPmodes:
lNTP client mode
lNTP server mode
lNTP peer mode
lNTP broadcast server mode
lNTP broadcast client mode
lNTP multicast server mode
lNTP multicast client mode
1.2.1 Prerequisites
When an S7500 switch operates in NTP servermode or NTP peer mode, you need to perform configuration on the client or theactive peer only. When an S7500 switch operates in NTP broadcast mode or NTPmulticast mode, you need to perform configurations on both the server side andthe client side.
1.2.2 Configuring NTP Implementation Modes
Follow these steps to configure NTP implementation modes:
| To do... | Use the command... | Remarks |
| Enter system view | system-view | — |
| Configure to operate in the NTP client mode | ntp-service unicast-server { remote-ip | server-name } [ authentication-keyid key-id | priority | source-interface interface -type interface-number | version number ]* | Optional By default, no Ethernet switch operates in the NTP client mode |
| Configure to operate in the NTP peer mode | ntp-service unicast-peer { remote-ip | peer-name } [ authentication-keyid key-id | priority | source-interface interface -type interface-number | version number ]* | Optional By default, no Ethernet switch operates in the NTP peer mode |
| Enter interface view | interface interface -type interface-number | — |
| Configure to operate in the NTP broadcast client mode | ntp-service broadcast-client | Optional By default, no Ethernet switch operates in the NTP broadcast client mode |
| Configure to operate in the NTP broadcast server mode | ntp-service broadcast-server [ authentication-keyid key-id | version number ]* | Optional By default, no Ethernet switch operates in the NTP broadcast server mode |
| Configure to operate in the NTP multicast client mode | ntp-service multicast-client [ ip-address ] | Optional By default, no Ethernet switch operates in the NTP multicast client mode |
| Configure to operate in the NTP multicast server mode | ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ]* | Optional By default, no Ethernet switch operates in the NTP multicast server mode |
I. NTP client mode
When an S7500 series switch operates in theNTP client mode,
lThe remote server identified by the remote-ipargument operates as the NTP time server. The S7500 series switch operates asthe client, whose clock is synchronized to the NTP server. (In this case, theclock of the NTP server is not synchronized to the local client.)
lWhen the remote-ip argument is an IPaddress of a host, it cannot be a broadcast or a multicast address, neither canit be the IP address of a reference clock.
II. NTP peer mode
When an S7500 series switch operates in NTPpeer mode,
lThe remote server identified by the remote-ipargument operates as the peer of the S7500 series switch, and the S7500 seriesswitch operates as the active peer. The clock of the S7500 series switch can besynchronized to the remote server or be used to synchronize the clock of theremote server.
lWhen the remote-ip argument is an IPaddress of a host, it cannot be a broadcast or a multicast address, neither canit be the IP address of a reference clock.
III. NTP broadcast server mode
When an S7500 series switch operates in NTPbroadcast server mode, it broadcasts a clock synchronization packetperiodically. The devices which are configured to be in the NTP broadcastclient mode will respond this packet and start the clock synchronizationprocedure.
IV. NTP multicast server mode
When an S7500 series switch operates in NTPmulticast server mode, it multicasts a clock synchronization packetperiodically. The devices which are configured to be in the NTP multicastclient mode will respond this packet and start the clock synchronizationprocedure. In this mode, the switch can accommodate up to 1,024 multicastclients.
& Note:
lThe total number of the servers and peersconfigured for a switch can be up to 128.
lAfter the configuration, the S7500 series switchdoes not establish connections with the peer if it operates in NTP server mode.Whereas if it operates in any of the other modes, it establishes connectionswith the peer.
lIf an S7500 series switch operates as a passivepeer in peer mode, NTP broadcast client mode, or NTP multicast client mode, theconnections it establishes with the peers are dynamic. If it operates in othermodes, the connections it establishes with the peers are static.
1.3 AccessControl Permission Configuration
Access control permission to NTP server is asecurity measure that is of the minimum extent. Authentication is more reliablecomparing to it.
An access request made to an NTP server ismatched from the highest permission to the lowest, that is, in the order of peer,server, synchronization, and query.
Follow thesesteps to configure the access control permission to the local NTP server:
| To do... | Use the command... | Remarks |
| Enter system view | system-view | — |
| Configure the access control permission to the local NTP server | ntp-service access { peer | server | synchronization | query } acl-number | Optional By default, the access control permission to the local NTP server is peer |
1.4 NTP Authentication Configuration
For the networks with higher securityrequirements, you can specify to perform authentications when enabling NTP. Withthe authentications performed on both the client side and the server side, theclient is synchronized only to the server that passes the authentication. Thisimproves network security.
1.4.1 Prerequisites
NTP authentication configuration involves:
lConfiguring NTP authentication on the client
lConfiguring NTP authentication on the server
Note the following when performing NTPauthentication configuration:
lIf the NTP authentication is not enabled on a client,the client can be synchronized to a server regardless of the NTP authenticationconfiguration performed on the server (assuming that the related configurationsare performed).
lYou need to couple the NTP authentication with atrusted key.
lThe configurations performed on the server andthe client must be the same.
lA client with NTP authentication enabled is onlysynchronized to a server that can provide a trusted key.
1.4.2 Configuring NTP Authentication
I. Configuring NTP authenticationon the client
Follow these stepsto configure NTP authentication on the client:
| To do... | Use the command... | Remarks |
| Enter system view | system-view | — |
| Enable NTP authentication globally | ntp-service authentication enable | Required By default, the NTP authentication is disabled |
| Configure the NTP authentication key | ntp-service authentication-keyid key-id authentication-mode md5 value | Required By default, the NTP authentication key is not configured |
| Configure the specified key to be a trusted key | ntp-service reliable authentication-keyid key-id | Required By default, no trusted authentication key is configured |
| Associate the specified key with the corresponding NTP server | NTP client mode: ntp-service unicast-server { remote-ip | server-name } authentication-keyid key-id | l In NTP client mode and NTP peer mode, you need to associate the specified key with the corresponding NTP server on the client. l You can associate the NTP server with the authentication key while configuring the switch to operate in a specific NTP mode. You can also associate them using this command after configuring the NTP mode where the switch is to operate |
| Peer mode: ntp-service unicast-peer { remote-ip | peer-name } authentication-keyid key-id |
& Note:
lNTP authentication requires that theauthentication keys configured for the server and the client are the same.Besides, the authentication keys must be trusted keys. Otherwise, the clientcannot be synchronized with the server.
lIn NTP server mode and NTP peer mode, you needto associate the specified key with the corresponding NTP server/active peer onthe client/passive peer. In these two modes, multiple servers/active peers maybe configured for a client/passive peer, and a client/passive peer chooses theserver/active peer to synchronize to by the authentication key.
II. Configuring NTP authenticationon the server
Follow these stepsto configure NTP authentication on the server:
| To do... | Use the command... | Remarks |
| Enter system view | system-view | — |
| Enable NTP authentication | ntp-service authentication enable | Required By default, NTP authentication is disabled |
| Configure NTP authentication key | ntp-service authentication-keyid key-id authentication-mode md5 value | Required By default, NTP authentication key is not configured |
| Configure the specified key to be a trusted key | ntp-service reliable authentication-keyid key-id | Required By default, an authentication key is not a trusted key |
| Enter VLAN interface view | interface interface-type interface-number | — |
| Associate a specified key with the corresponding NTP server | Broadcast server mode: ntp-service broadcast-server authentication-keyid key-id | l In NTP broadcast server mode and NTP multicast server mode, you need to associate the specified key with the corresponding NTP server on the server l You can associate an NTP server with an authentication key while configuring a switch to operate in a specific NTP mode. You can also associate them using this command after configuring the NTP mode where a switch is to operate |
| Multicast server mode: ntp-service multicast-server authentication-keyid key-id |
& Note:
The procedures for configuring NTP authentication on the server arethe same as those on the client. Besides, the client and the server must beconfigured with the same authentication key.
1.5 Configuration of Optional NTP Parameters
The configurations of optional NTPparameters are:
lSetting the local clock as the NTP master clock
lConfiguring the local VLAN interface that sendsNTP packets
lConfiguring the number of the dynamic sessions thatcan be established locally
lDisabling the VLAN interface configured on aswitch from receiving NTP packets
lDisabling NTP service globally
Follow thesesteps to configure optional NTP parameters:
| To do... | Use the command... | Remarks |
| Enter system view | system-view | — |
| Configure the local clock as the NTP master clock | ntp-service refclock-master [ ip-address ] [ stratum ] | Optional |
| Configure the local interface that sends NTP packets | ntp-service source-interface interface-type interface-number | Optional |
| Configure the number of the sessions that can be established locally | ntp-service max-dynamic-sessions number | Optional By default, up to 100 dynamic sessions can be established locally. |
| Enter VLAN interface view | interface interface-type interface-number | — |
| Disable the interface from receiving NTP packets | ntp-service in-interface disable | Optional By default, a VLAN interface receives NTP packets. |
| Return to system view | quit | — |
| Disable NTP service globally | ntp-service disable | Optional By default, the NTP service is enabled |
Caution:
lThe source IP address in an NTP packet is theaddress of the sending interface specified by the ntp-service unicast-servercommand or the ntp-service unicast-peer command if you provide theaddress of the sending interface in these two commands.
lDynamic connections can only be established whena switch operates in passive peer mode, NTP broadcast client mode, or NTPmulticast client mode. In other modes, the connections established are static.
1.6 Displaying and Maintaining NTP
| To do... | Use the command... | Remarks |
| Display the status of NTP service | display ntp-service status | Available in any view |
| Display the information about the sessions maintained by NTP | display ntp-service sessions [ verbose ] | |
| Display the brief information about the NTP time servers of the reference clock sources that the local device traces to | display ntp-service trace |
1.7 Configuration Example
1.7.1 NTP Server Mode Configuration
I. Network requirements
Configure the local clock of S7500-1 to be theNTP master clock, with the stratum being 2.
S7500-2 operates in client mode, with S7500-1as the time server. S7500-1 operates in server mode automatically.
II. Network diagram
Figure 1-6 Networkdiagram for the NTP server mode configuration
III. Configuration procedures
Configure S7500-1.
# Set the local clock as the NTP masterclock, with the stratum being 2.
<S7500-1> system-view
System View: return to User View withCtrl+Z.
[S7500-1] ntp-service refclock-master127.127.1.1 2
The following configurations are for S7500-2.
# View the NTP status of S7500-2 beforesynchronization.
<S7500-2> display ntp-servicestatus
Service status: enabled
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequence: 99.8562 Hz
Actual frequence: 99.8562 Hz
Clock precision: 2^7
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan1 1900 (00000000.00000000)
# Configure S7500-1 to be the time serverof S7500-2.
<S7500-2> system-view
[S7500-2] ntp-service unicast-server1.0.1.11
# After the above configuration, S7500-2 issynchronized to S7500-1. View the NTP status of S7500-2.
[S7500-2] display ntp-service status
Service status: enabled
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
Nominal frequence: 250.0000 Hz
Actual frequence: 249.9992 Hz
Clock precision: 2^19
Clock offset: 0.66 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC ThuSep 6 2001 (BF422AE4.05AEA86C)
The above output information indicates thatS7500-2 is synchronized to S7500-1, and the stratum of its clock is 3, onestratum higher than S7500-1.
# View the information about the NTPsessions of S7500-2. You can see that S7500-2 establishes a connection with S7500-1.
[S7500-2]dis ntp-service sessions
source reference stra reach poll now offset delay disper
**************************************************************************
[12345]1.0.1.11 127.127.1.12 1 64 1 350.1 15.1 0.0
note: 1 source(master),2source(peer),3 selected,4 candidate,5 configured
1.7.2 NTP PeerMode Configuration
I. Network requirements
H3C2 sets the local clock to be the NTP masterclock, with the clock stratum being 2.
Configure an S7500 series switch to operateas a client, with H3C2 as the time server. H3C2 will then operate in the servermode automatically. Meanwhile, H3C3 sets the S7500 series switch to be itspeer.
& Note:
This exampleassumes that:
lH3C2 is a switch that allows its local clock tobe the master clock.
lH3C3 is a switch that allows its local clock tobe the master clock and the stratum of its clock is 1.
II. Network diagram
Figure1-7 Network diagram for NTP peer mode configuration
III. Configuration procedures
1)Configure the S7500 series switch.
# Set H3C2 to be the time server.
<S7500> system-view
[S7500] ntp-service unicast-server3.0.1.31
2)Configure H3C3 (after the S7500 series switch issynchronized to H3C2).
# Enter system view.
<H3C3> system-view
[H3C3]
# After the local synchronization, set theS7500 series switch to be its peer.
[H3C3] ntp-service unicast-peer3.0.1.33
The S7500 series switch and H3C3 areconfigured to be peers with regard to each other. H3C3 operates in the activepeer mode, while the S7500 series switch operates in the passive peer mode.Because the stratum of the local clock of H3C3 is 1, and that of the S7500switch is 3, the S7500 series switch is synchronized to H3C3.
View the status of the S7500 switch afterthe synchronization.
[S7500] display ntp-service status
Service status: enabled
Clock status: synchronized
Clock stratum: 2
Reference clock ID: 3.0.1.32
Nominal frequency: 250.0000 Hz
Actual frequency: 249.9992 Hz
Clock precision: 2^19
Clock offset: 0.66 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC ThuSep 6 2001 (BF422AE4.05AEA86C)
The output information indicates that the S7500series switch is synchronized to H3C3 and the stratum of its local clock is 2, onestratum higher than H3C3.
# View the information about the NTPsessions of the S7500 series switch and you can see that a connection isestablished between the S7500 series switch and H3C3.
[S7500] display ntp-service sessions
source referencestra reach poll now offset delay disper
**************************************************************************
[2]3.0.1.32 127.127.1.0 11 64 1 350.1 15.1 0.0
note: 1 source(master),2source(peer),3 selected,4 candidate,5 configured
1.7.3 NTPBroadcast Mode Configuration
I. Network requirements
H3C3 sets its local clock to be an NTPmaster clock, with the stratum being 2. NTP packets are broadcast through VLANinterface 2.
Configure S7500-1and S7500-2 to listen to broadcast packets through their VLAN interface 2.
& Note:
This example assumes that H3C3 is a switch that supports the localclock being the master clock.
II. Network diagram
Figure1-8 Network diagram for the NTP broadcast modeconfiguration
III. Configuration procedures
1)Configure H3C3.
# Enter system view.
<H3C3> system-view
[H3C3]
# Enter VLAN-interface 2 view.
[H3C3] interface Vlan-interface 2
[H3C3-Vlan-Interface2]
# Configure H3C3 to be the broadcast serverand send broadcast packets through VLAN-interface 2.
[H3C3-Vlan-Interface2] ntp-servicebroadcast-server
2)Configure S7500-1.
# Enter system view.
<S7500-1> system-view
[S7500-1]
# Enter VLAN-interface 2 view.
[S7500-1] interface Vlan-interface 2
[S7500-1-Vlan-Interface2]
# Configure S7500-1 to be a broadcastclient.
[S7500-1-Vlan-Interface2] ntp-servicebroadcast-client
3)Configure S7500-2
# Enter system view.
<S7500-2> system-view
[S7500-2]
# Enter VLAN-interface 2 view.
[S7500-2] interface Vlan-interface 2
[S7500-2-Vlan-Interface2]
# Configure S7500-2 to be a broadcastclient.
[S7500-2-Vlan-Interface2] ntp-servicebroadcast-client
The above configuration configures S7500-1 andS7500-2 to listen to broadcast packets through their VLAN interface 2, and H3C3to send broadcast packets through VLAN interface 2. Because S7500-2 does notreside in the same network segment with H3C3, S7500-2 cannot receive broadcastpackets sent by H3C3, while S7500-1 is synchronized to H3C3 after receivingbroadcast packets sent by H3C3.
View the status of S7500-1 after thesynchronization.
[S7500-1] display ntp-service status
Service status: enabled
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 3.0.1.31
Nominal frequency: 250.0000 Hz
Actual frequency: 249.9992 Hz
Clock precision: 2^19
Clock offset: 198.7425 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC ThuSep 6 2001 (BF422AE4.05AEA86C)
The output information indicates that S7500-1is synchronized to H3C3, with the clock stratum of 3, one stratum higher than H3C3.
# View the information about the NTPsessions of S7500-1 and you can see that a connection is established between S7500-1and H3C3.
[S7500-1] display ntp-service sessions
source referencestra reach poll now offset delay disper
**************************************************************************
[1]3.0.1.31 127.127.1.02 1 64 377 26.1 199.53 9.7
note: 1 source(master),2source(peer),3 selected,4 candidate,5 configured
1.7.4 NTPMulticast Mode Configuration
I. Network requirements
H3C3 sets the local clock to be NTP masterclock, with the clock stratum of 2. It advertises multicast packets throughVLAN interface 2.
Configure S7500-1 and S7500-2 to listen to multicastpackets through their VLAN interface 2.
& Note:
This example assumesthat H3C3 is a switch that supports the local clock being the master clock.
II. Network diagram
Figure1-9 Network diagram for NTP multicast modeconfiguration
III. Configuration procedures
1)Configure H3C3.
# Enter system view.
<H3C3> system-view
[H3C3]
# Enter VLAN-interface 2 view.
[H3C3] interface Vlan-interface 2
# Configure H3C3 to be a multicast server.
[H3C3-Vlan-Interface2] ntp-servicemulticast-server
2)Configure S7500-1.
# Enter system view.
<S7500-1> system-view
[S7500-1]
# Enter VLAN-interface 2 view.
[S7500-1] interface vlan-interface 2
# Configure S7500-1 to be a multicastclient.
[S7500-1-Vlan-interface2] ntp-servicemulticast-client
3)Configure S7500-2.
# Enter system view.
<S7500-2> system-view
[S7500-2]
# Enter VLAN-interface 2 view.
[S7500-2] interface Vlan-interface 2
# Configure S7500-2 to be a multicastclient.
[S7500-2-Vlan-Interface2] ntp-servicemulticast-client
The above configuration configures S7500-1 andS7500-2 to listen to multicast packets through their VLAN interface 2, and H3C3to advertise multicast packets through VLAN interface 2. Because S7500-2 doesnot reside in the same network segment with H3C3, S7500-2 cannot receivemulticast packets sent by H3C3, while S7500-1 is synchronized to H3C3 afterreceiving multicast packets sent by H3C3.
View the status of S7500-1 after thesynchronization.
[S7500-1] display ntp-service status
Service status: enabled
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 3.0.1.31
Nominal frequency: 250.0000 Hz
Actual frequency: 249.9992 Hz
Clock precision: 2^19
Clock offset: 198.7425 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC ThuSep 6 2001 (BF422AE4.05AEA86C)
The output information indicates that S7500-1is synchronized to H3C3, with the clock stratum being 3, one stratum higherthan H3C3.
# View the information about the NTPsessions of S7500-1 and you can see that a connection is established between S7500-1and H3C3.
[S7500-1] display ntp-servicesessions
source reference strareach poll now offset delay disper
**************************************************************************
[1]3.0.1.31 127.127.1.02 1 64 377 26.1 199.53 9.7
note: 1 source(master),2source(peer),3 selected,4 candidate,5 configured
1.7.5 NTP Server Mode with Authentication Configuration
I. Network requirements
The local clock of S7500-1 operates as themaster NTP clock, with the clock stratum being 2.
S7500-2 operates in client mode with S7500-1as the time server. S7500-1 operates in the server mode automatically.Meanwhile, NTP authentication is enabled on both sides.
II. Network diagram
Figure1-10 Network diagram for NTP server mode withauthentication configuration
III. Configuration procedures
1)Configure S7500-2.
# Enter system view.
<S7500-2> system-view
[S7500-2]
# Configure S7500-1 to be the time server.
[S7500-2] ntp-service unicast-server1.0.1.11
# Enable NTP authentication.
[S7500-2] ntp-service authenticationenable
# Set the MD5 key to 42, with the contentbeing aNiceKey.
[S7500-2] ntp-serviceauthentication-keyid 42 authentication-mode md5 aNiceKey
# Specify the key to be a trusted key.
[S7500-2] ntp-service reliableauthentication-keyid 42
[S7500-2] ntp-service unicast-server1.0.1.11 authentication-keyid 42
The above configuration synchronizes S7500-2to S7500-1. As NTP authentication is not enabled on S7500-1, S7500-2 will fail tobe synchronized to S7500-1.
The following configuration is needed for S7500-1.
# Enable authentication on S7500-1.
[S7500-1] system-view
[S7500-1] ntp-service authenticationenable
# Set the MD5 key to 42, with the contentbeing aNiceKey.
[S7500-1] ntp-serviceauthentication-keyid 42 authentication-mode md5 aNiceKey
# Specify the key to be a trusted key.
[S7500-1] ntp-service reliableauthentication-keyid 42
After the above configuration, S7500-2 canbe synchronized to S7500-1. You can view the status of S7500-2 after thesynchronization.
[S7500-2] display ntp-service status
Service status: enabled
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
Nominal frequence: 250.0000 Hz
Actual frequence: 249.9992 Hz
Clock precision: 2^19
Clock offset: 0.66 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC ThuSep 6 2001 (BF422AE4.05AEA86C)
The output information indicates that S7500-2is synchronized to S7500-1, with the clock stratum being 3, one stratum higherthan S7500-1.
# View the information about the NTPsessions of S7500-2 and you can see that a connection is established between S7500-2and S7500-1.
<S7500-2> display ntp-servicesessions
source referencestra reach poll now offset delay disper
**************************************************************************
[5]1.0.1.11 127.127.1.02 1 64 1 350.1 15.1 0.0
note: 1 source(master),2source(peer),3 selected,4 candidate,5 configured
