Example for Configuring Authenticated NTP Unicast Server/Client Mode
Networking Requirements
As shown in Figure 3-2, SwitchB, SwitchC, and SwitchD are on a local area network (LAN), and are connected to SwitchA through a network. SwitchA has synchronized its clock to an authoritative clock, the Global Positioning System (GPS).
As is required by the user, the three devices SwitchB, SwitchC, and SwitchD on the LAN must synchronize their clocks to the clock of SwitchA to ensure a precise charging service.
Configuration Roadmap
You can configure the authenticated unicast server/client mode to meet the user's requirement for clock synchronization on the LAN. The configuration roadmap is as follows:
Configure SwitchA as the primary time server.
The NTP unicast server/client mode is used to synchronize the clocks of SwitchA and SwitchB. SwitchA functions as the server, and SwitchB functions as the client.
The NTP unicast server/client mode is used to synchronize the clocks of SwitchB, SwitchC, and SwitchD. SwitchB functions as the server, while SwitchC and SwitchD function as the clients.
SwitchA and SwitchB are connected through the network, which is not secure, so that the NTP authentication function is enabled.
When configuring NTP authentication in the unicast server/client mode, enable the NTP authentication on the client, and specify the NTP server address and the authentication key sent to the server. Otherwise, the NTP authentication is not performed, and the NTP client and server are directly synchronized.
Procedure
- According to Figure 3-2, configure
IP addresses, and configure reachable routes between any two of SwitchA, SwitchB, SwitchC, and SwitchD.
# Configure an IP address on SwitchA. For details about the configurations of SwitchB, SwitchC, and SwitchD, see "Configuration Files".
<Quidway> system-view [Quidway] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 2.2.2.2 24 [SwitchA-Vlanif100] quit [SwitchA] interface ethernet 0/0/1 [SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100 [SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100 [SwitchA-Ethernet0/0/1] quit [SwitchA] ospf 1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 2.2.2.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
- Configure an NTP primary clock on SwitchA and enable the NTP authentication function.
# Specify the local clock of SwitchA as the primary clock, and set the clock stratum to 2.
[SwitchA] ntp-service refclock-master 2
# Enable the NTP authentication function, configure the authentication key, and specify the key as reliable.
[SwitchA] ntp-service authentication enable [SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 Hello123 [SwitchA] ntp-service reliable authentication-keyid 42
- Configure an NTP primary clock on SwitchB and enable the NTP authentication function.
# Enable the NTP authentication function on SwitchB, configure the authentication key, and specify the key as reliable.
<SwitchB> system-view [SwitchB] ntp-service authentication enable [SwitchB] ntp-service authentication-keyid 42 authentication-mode md5 Hello123 [SwitchB] ntp-service reliable authentication-keyid 42
# Specify SwitchA as the NTP server of SwitchB, and use the configured authentication key.
[SwitchB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42
- # Specify on SwitchC that SwitchB functions as the NTP server of SwitchC.
<SwitchC> system-view [SwitchC] ntp-service authentication enable [SwitchC] ntp-service authentication-keyid 42 authentication-mode md5 Hello123 [SwitchC] ntp-service reliable authentication-keyid 42 [SwitchC] ntp-service unicast-server 1.0.0.1 authentication-keyid 42
- # Specify on SwitchD that SwitchB functions as the NTP server of SwitchD.
<SwitchD> system-view [SwitchD] ntp-service authentication enable [SwitchD] ntp-service authentication-keyid 42 authentication-mode md5 Hello123 [SwitchD] ntp-service reliable authentication-keyid 42 [SwitchD] ntp-service unicast-server 1.0.0.1 authentication-keyid 42
- Verify the configuration.
# Check the NTP status of SwitchA.
[SwitchA] display ntp-service status clock status: synchronized clock stratum: 2 reference clock ID: LOCAL(0) nominal frequency: 60.0002 Hz actual frequency: 60.0002 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 26.50 ms peer dispersion: 10.00 ms reference time: 12:01:48.377 UTC Mar 2 2012(C7B15D2C.60A15981)
# Check the NTP status of SwitchB, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 3, which is one stratum lower than that of the clock of the server SwitchA.
[SwitchB] display ntp-service status clock status: synchronized clock stratum: 3 reference clock ID: 2.2.2.2 nominal frequency: 60.0002 Hz actual frequency: 60.0002 Hz clock precision: 2^18 clock offset: 3.8128 ms root delay: 31.26 ms root dispersion: 74.20 ms peer dispersion: 34.30 ms reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)
# Check the NTP status of SwitchC, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of the server SwitchB.
[SwitchC] display ntp-service status clock status: synchronized clock stratum: 4 reference clock ID: 1.0.0.1 nominal frequency: 60.0002 Hz actual frequency: 60.0002 Hz clock precision: 2^18 clock offset: 3.8128 ms root delay: 31.26 ms root dispersion: 74.20 ms peer dispersion: 34.30 ms reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)
# Check the NTP status of SwitchD, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of the server SwitchB.
[SwitchD] display ntp-service status clock status: synchronized clock stratum: 4 reference clock ID: 1.0.0.1 nominal frequency: 60.0002 Hz actual frequency: 60.0002 Hz clock precision: 2^18 clock offset: 3.8128 ms root delay: 31.26 ms root dispersion: 74.20 ms peer dispersion: 34.30 ms reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)
Configuration Files
Configuration file of SwitchA
# sysname SwitchA # ntp-service authentication enable ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$ ntp-service reliable authentication-keyid 42 ntp-service refclock-master 2 # vlan batch 100 # interface Vlanif100 ip address 2.2.2.2 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 100 port hybrid untagged vlan 100 # ospf 1 area 0.0.0.0 network 2.2.2.0 0.0.0.255 # return
Configuration file of SwitchB
# sysname SwitchB # ntp-service authentication enable ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$ ntp-service reliable authentication-keyid 42 ntp-service unicast-server 2.2.2.2 authentication-keyid 42 # vlan batch 110 to 111 # interface Vlanif110 ip address 1.0.1.1 255.255.255.0 # interface Vlanif111 ip address 1.0.0.1 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 110 port hybrid untagged vlan 110 # interface Ethernet0/0/2 port hybrid pvid vlan 111 port hybrid untagged vlan 111 # ospf 1 area 0.0.0.0 network 1.0.0.0 0.0.0.255 network 1.0.1.0 0.0.0.255 # return
Configuration file of SwitchC
# sysname SwitchC # ntp-service authentication enable ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$ ntp-service reliable authentication-keyid 42 ntp-service unicast-server 1.0.0.1 authentication-keyid 42 # vlan batch 111 # interface Vlanif111 ip address 1.0.0.2 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 111 port hybrid untagged vlan 111 # ospf 1 area 0.0.0.0 network 1.0.0.0 0.0.0.255 # return
Configuration file of SwitchD
# sysname SwitchD # ntp-service authentication enable ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$ ntp-service reliable authentication-keyid 42 ntp-service unicast-server 1.0.0.1 authentication-keyid 42 # vlan batch 111 # interface Vlanif111 ip address 1.0.0.3 255.255.255.0 # interface Ethernet0/0/1 port hybrid pvid vlan 111 port hybrid untagged vlan 111 # ospf 1 area 0.0.0.0 network 1.0.0.0 0.0.0.255 # return