The configuration of NTP server mode on H3C 5600 switch

The configuration of NTP server mode on H3C 5600 switch

I            Requirement for the diagram

1.      Set the switch1’s local clock as the master clock of NTP. Layer is 2.

2.      Switch1 act as NTP server for S5600 and S5600 act as client. Configure NTP authentication on both switches.

II          Network topology.

III        Steps of configuration

Configure 5600:

1.      Enter system view

<S5600> system-view

2.      Set the switch1 as NTP server

[S5600] ntp-service unicast-server 1.0.1.11

3.      Set NTP authentication

[S5600] ntp-service authentication enable

4.      Set the number 42 as the MD5 key, content is “aNiceKey”.

[S5600] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey

5.      Designate the key as reliable

[S5600] ntp-service reliable authentication-keyid 42

[S5600] ntp-service unicast-server 1.0.1.11 authentication-keyid 42

Configure Switch1:

1.      Start the authentication on the switch1

[Switch1] system-view

[Switch1] ntp-service authentication enableEnter the vlan-interface2 interface view

2.      Set the number 42 as the MD5 key, content is “aNiceKey”.

[Switch1] ntp-service authentication-keyid 42 authentication-mode md5 aNiceKey

3.      Designate the key as reliable

[Switch1] ntp-service reliable authentication-keyid 42

Display the NTP server status:

[S5600] display ntp-service status

Clock status: synchronized

Clock stratum: 3

Reference clock ID: 1.0.1.11

Nominal frequence: 250.0000 Hz

Actual frequence: 249.9992 Hz

Clock precision: 2^19

Clock offset: 0.66 ms

Root delay: 27.47 ms

Root dispersion: 208.39 ms

Peer dispersion: 9.63 ms

Reference time: 17:03:32.022 UTC Thu Sep 6 2001 (BF422AE4.05AEA86C)

Display the NTP server session:

<S5600> display ntp-service sessions

source        reference       stra reach poll  now offset  delay disper

**************************************************************************

[5]1.0.1.11    127.127.1.0    2    1      64    1   350.1   15.1    0.0

note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

IV       Key notes in the configuration

1.      Switch1 supports that local clock act as master clock.

2.      When you configure the NTP connection with authentication, you must configure the key on the NTP server or peer. or else the sending packet will not take the authentication message.

3.      When the switch receives the NTP packet with authentication message:

If NTP authentication function has been started on local, the packet will be authenticated in normal.

If NTP authentication function has not been started on local, the packet will be authenticated default and then enter next step to deal with.

4.      When the switch receives the NTP packet without authentication message:

If NTP authentication function has been started on local, the packet will fail the authentication and the packet will be considered as lawless packet to discard.

If NTP authentication function has not been started on local, the packet will not be any authenticated.

5.      Before S5600 act as NTP server, S5600 should keep synchronization with other NTP server.