The configuration of NTP server mode on H3C 5600 switch
I Requirement for the diagram
1. Set the switch1’s local clock as the master clock of NTP. Layer is 2.
2. Switch1 act as NTP server for S5600 and S5600 act as client. Configure NTP authentication on both switches.
II Network topology.
III Steps of configuration
Configure 5600:
1. Enter system view
<S5600> system-view
2. Set the switch1 as NTP server
[S5600] ntp-service unicast-server 1.0.1.11
3. Set NTP authentication
[S5600] ntp-service authentication enable
4. Set the number 42 as the MD5 key, content is “aNiceKey”.
[S5600] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey
5. Designate the key as reliable
[S5600] ntp-service reliable authentication-keyid 42
[S5600] ntp-service unicast-server 1.0.1.11 authentication-keyid 42
Configure Switch1:
1. Start the authentication on the switch1
[Switch1] system-view
[Switch1] ntp-service authentication enableEnter the vlan-interface2 interface view
2. Set the number 42 as the MD5 key, content is “aNiceKey”.
[Switch1] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey
3. Designate the key as reliable
[Switch1] ntp-service reliable authentication-keyid 42
Display the NTP server status:
[S5600] display ntp-service status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
Nominal frequence: 250.0000 Hz
Actual frequence: 249.9992 Hz
Clock precision: 2^19
Clock offset: 0.66 ms
Root delay: 27.47 ms
Root dispersion: 208.39 ms
Peer dispersion: 9.63 ms
Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)
Display the NTP server session:
<S5600> display ntp-service sessions
source reference stra reach poll now offset delay disper
**************************************************************************
[5]1.0.1.11 127.127.1.0 2 1 64 1 350.1 15.1 0.0
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
IV Key notes in the configuration
1. Switch1 supports that local clock act as master clock.
2. When you configure the NTP connection with authentication, you must configure the key on the NTP server or peer. or else the sending packet will not take the authentication message.
3. When the switch receives the NTP packet with authentication message:
If NTP authentication function has been started on local, the packet will be authenticated in normal.
If NTP authentication function has not been started on local, the packet will be authenticated default and then enter next step to deal with.
4. When the switch receives the NTP packet without authentication message:
If NTP authentication function has been started on local, the packet will fail the authentication and the packet will be considered as lawless packet to discard.
If NTP authentication function has not been started on local, the packet will not be any authenticated.
5. Before S5600 act as NTP server, S5600 should keep synchronization with other NTP server.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作