No relevant resource is found in the selected language.
MENU
Support Documentation
S2700 and S3700 V100R006C05 Configuration Guide - Network Management
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Authenticated NTP Unicast Server/Client Mode

Example for Configuring Authenticated NTP Unicast Server/Client Mode

Networking Requirements

As shown in Figure 3-2, SwitchB, SwitchC, and SwitchD are on a local area network (LAN), and are connected to SwitchA through a network. SwitchA has synchronized its clock to an authoritative clock, the Global Positioning System (GPS).

As is required by the user, the three devices SwitchB, SwitchC, and SwitchD on the LAN must synchronize their clocks to the clock of SwitchA to ensure a precise charging service.

Figure 3-2  Networking diagram for configuring NTP unicast client/server mode

Configuration Roadmap

You can configure the authenticated unicast server/client mode to meet the user's requirement for clock synchronization on the LAN. The configuration roadmap is as follows:

  1. Configure SwitchA as the primary time server.

  2. The NTP unicast server/client mode is used to synchronize the clocks of SwitchA and SwitchB. SwitchA functions as the server, and SwitchB functions as the client.

  3. The NTP unicast server/client mode is used to synchronize the clocks of SwitchB, SwitchC, and SwitchD. SwitchB functions as the server, while SwitchC and SwitchD function as the clients.

  4. SwitchA and SwitchB are connected through the network, which is not secure, so that the NTP authentication function is enabled.

When configuring NTP authentication in the unicast server/client mode, enable the NTP authentication on the client, and specify the NTP server address and the authentication key sent to the server. Otherwise, the NTP authentication is not performed, and the NTP client and server are directly synchronized.

Procedure

  1. According to Figure 3-2, configure IP addresses, and configure reachable routes between any two of SwitchA, SwitchB, SwitchC, and SwitchD.

    # Configure an IP address on SwitchA. For details about the configurations of SwitchB, SwitchC, and SwitchD, see "Configuration Files".

    <Quidway> system-view
[Quidway] sysname SwitchA
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface vlanif 100
[SwitchA-Vlanif100] ip address 2.2.2.2 24
[SwitchA-Vlanif100] quit
[SwitchA] interface ethernet 0/0/1
[SwitchA-Ethernet0/0/1] port hybrid untagged vlan 100
[SwitchA-Ethernet0/0/1] port hybrid pvid vlan 100
[SwitchA-Ethernet0/0/1] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 2.2.2.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit

  2. Configure an NTP primary clock on SwitchA and enable the NTP authentication function.

    # Specify the local clock of SwitchA as the primary clock, and set the clock stratum to 2.

    [SwitchA] ntp-service refclock-master 2

    # Enable the NTP authentication function, configure the authentication key, and specify the key as reliable.

    [SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 42 authentication-mode md5 Hello123
[SwitchA] ntp-service reliable authentication-keyid 42

  3. Configure an NTP primary clock on SwitchB and enable the NTP authentication function.

    # Enable the NTP authentication function on SwitchB, configure the authentication key, and specify the key as reliable.

    <SwitchB> system-view
[SwitchB] ntp-service authentication enable
[SwitchB] ntp-service authentication-keyid 42 authentication-mode md5 Hello123
[SwitchB] ntp-service reliable authentication-keyid 42

    # Specify SwitchA as the NTP server of SwitchB, and use the configured authentication key.

    [SwitchB] ntp-service unicast-server 2.2.2.2 authentication-keyid 42

  4. # Specify on SwitchC that SwitchB functions as the NTP server of SwitchC. 

    <SwitchC> system-view
[SwitchC] ntp-service authentication enable
[SwitchC] ntp-service authentication-keyid 42 authentication-mode md5 Hello123
[SwitchC] ntp-service reliable authentication-keyid 42
[SwitchC] ntp-service unicast-server 1.0.0.1 authentication-keyid 42

  5. # Specify on SwitchD that SwitchB functions as the NTP server of SwitchD. 

    <SwitchD> system-view
[SwitchD] ntp-service authentication enable
[SwitchD] ntp-service authentication-keyid 42 authentication-mode md5 Hello123
[SwitchD] ntp-service reliable authentication-keyid 42
[SwitchD] ntp-service unicast-server 1.0.0.1 authentication-keyid 42

  6. Verify the configuration.

    # Check the NTP status of SwitchA.

    [SwitchA] display ntp-service status
 clock status: synchronized
 clock stratum: 2
 reference clock ID: LOCAL(0)
 nominal frequency: 60.0002 Hz
 actual frequency: 60.0002 Hz
 clock precision: 2^18
 clock offset: 0.0000 ms
 root delay: 0.00 ms
 root dispersion: 26.50 ms
 peer dispersion: 10.00 ms
 reference time: 12:01:48.377 UTC Mar 2 2012(C7B15D2C.60A15981)

    # Check the NTP status of SwitchB, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 3, which is one stratum lower than that of the clock of the server SwitchA. 

    [SwitchB] display ntp-service status
 clock status: synchronized
 clock stratum: 3
 reference clock ID: 2.2.2.2
 nominal frequency: 60.0002 Hz
 actual frequency: 60.0002 Hz
 clock precision: 2^18
 clock offset: 3.8128 ms
 root delay: 31.26 ms
 root dispersion: 74.20 ms
 peer dispersion: 34.30 ms
 reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)

    # Check the NTP status of SwitchC, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of the server SwitchB.

    [SwitchC] display ntp-service status
 clock status: synchronized
 clock stratum: 4
 reference clock ID: 1.0.0.1
 nominal frequency: 60.0002 Hz
 actual frequency: 60.0002 Hz
 clock precision: 2^18
 clock offset: 3.8128 ms
 root delay: 31.26 ms
 root dispersion: 74.20 ms
 peer dispersion: 34.30 ms
 reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)

    # Check the NTP status of SwitchD, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of the server SwitchB.

    [SwitchD] display ntp-service status
 clock status: synchronized
 clock stratum: 4
 reference clock ID: 1.0.0.1
 nominal frequency: 60.0002 Hz
 actual frequency: 60.0002 Hz
 clock precision: 2^18
 clock offset: 3.8128 ms
 root delay: 31.26 ms
 root dispersion: 74.20 ms
 peer dispersion: 34.30 ms
 reference time: 11:55:56.833 UTC Mar 2 2012(C7B15BCC.D5604189)

Configuration Files

  • Configuration file of SwitchA

    #
sysname SwitchA
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$
ntp-service reliable authentication-keyid 42                                    
ntp-service refclock-master 2 
#
vlan batch 100
#
interface Vlanif100
 ip address 2.2.2.2 255.255.255.0
#
interface Ethernet0/0/1
 port hybrid pvid vlan 100
 port hybrid untagged vlan 100
#
ospf 1
 area 0.0.0.0
  network 2.2.2.0 0.0.0.255
#
return

  • Configuration file of SwitchB

    #
sysname SwitchB
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 2.2.2.2 authentication-keyid 42
#
vlan batch 110 to 111
#
interface Vlanif110
 ip address 1.0.1.1 255.255.255.0
#
interface Vlanif111
 ip address 1.0.0.1 255.255.255.0
#
interface Ethernet0/0/1
 port hybrid pvid vlan 110
 port hybrid untagged vlan 110
#
interface Ethernet0/0/2
 port hybrid pvid vlan 111
 port hybrid untagged vlan 111
#
ospf 1
 area 0.0.0.0
  network 1.0.0.0 0.0.0.255
  network 1.0.1.0 0.0.0.255
#
return

  • Configuration file of SwitchC

    #
sysname SwitchC
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 1.0.0.1 authentication-keyid 42
#
vlan batch 111
#
interface Vlanif111
 ip address 1.0.0.2 255.255.255.0
#
interface Ethernet0/0/1
 port hybrid pvid vlan 111
 port hybrid untagged vlan 111
#
ospf 1
 area 0.0.0.0
  network 1.0.0.0 0.0.0.255
#
return

  • Configuration file of SwitchD

    #
sysname SwitchD
#
ntp-service authentication enable
ntp-service authentication-keyid 42 authentication-mode md5 cipher %$%$iU;C@~zqb+};!@!vGIp5q}tk%$%$
ntp-service reliable authentication-keyid 42
ntp-service unicast-server 1.0.0.1 authentication-keyid 42
#
vlan batch 111
#
interface Vlanif111
 ip address 1.0.0.3 255.255.255.0
#
interface Ethernet0/0/1
 port hybrid pvid vlan 111
 port hybrid untagged vlan 111
#
ospf 1
 area 0.0.0.0
  network 1.0.0.0 0.0.0.255
#
return
Translation
简体中文
Download
Updated: 2020-05-22

Document ID: EDOC1000017276

Views: 39745

Downloads: 660

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Share
Previous Next
Enterprise APP

Copyright © 2021 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :