CloudEngine 16800, 12800, 9800, 8800, 7800, 6800, and 5800 Series Switches Typical Configuration Examples (V100 and V200)
Configuring NTP to Synchronize Time
Applicable Products and Versions
This example applies to all models and versions.
For details about the mapping between software versions and switch models, see the Hardware Center.
Networking Requirements
On the data center network, manually setting system time on all devices is time-consuming and the system time may be inaccurate. The NTP protocol can quickly synchronize system time of all devices on the network.
As shown in Figure 2-37, the IP addresses of SwitchA and SwitchB have been configured. SwitchA has synchronized its clock to an authoritative clock, for example, the Global Positioning System (GPS). SwitchA functions as the time server of SwitchB.
Configuration Roadmap
The configuration roadmap is as follows:
- Configuring IP addresses for SwitchA and SwitchB
- Configuring SwitchA as the master clock so that the local clock of SwitchA can be used as the reference clock
- Configuring SwitchB to synchronize time from SwitchA and configuring NTP authentication to ensure time synchronization security
Procedure
- Configure IP addresses for SwitchA and SwitchB.
# Configure the IP address for SwitchA.
<HUAWEI> system-view [*HUAWEI] sysname SwitchA [~HUAWEI] commit [~SwitchA] vlan batch 100 [*SwitchA] interface vlanif 100 [*SwitchA-Vlanif100] ip address 10.10.1.1 24 [*SwitchA-Vlanif100] quit [*SwitchA] interface 10ge 1/0/1 [*SwitchA-10GE1/0/1] port link-type trunk [*SwitchA-10GE1/0/1] port trunk pvid vlan 100 [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 100 [*SwitchA-10GE1/0/1] quit [*SwitchA] commit
# Configure the IP address for SwitchB.
<HUAWEI> system-view [~HUAWEI] sysname SwitchB [~HUAWEI] commit [*SwitchB] vlan batch 100 [*SwitchB] interface vlanif 100 [*SwitchB-Vlanif100] ip address 10.10.1.2 24 [*SwitchB-Vlanif100] quit [*SwitchB] interface 10ge 1/0/1 [*SwitchB-10GE1/0/1] port link-type trunk [*SwitchB-10GE1/0/1] port trunk pvid vlan 100 [*SwitchB-10GE1/0/1] port trunk allow-pass vlan 100 [*SwitchB-10GE1/0/1] quit [*SwitchB] commit
- Configure SwitchA as the master clock server and enable NTP authentication. Set the clock stratum to 1.
![]()
The value of clock stratum ranges from 1 to 15. The clocks on the subnet are synchronized in an ascending order of stratum. The clock stratum can be set. In this example, the clock stratum is 1.
In actual circumstances, the NTP server synchronized with the authoritative clock is set as stratum 1, and is used as a clock source. Other devices on the network synchronize their clocks with the clock of the NTP server, which means the local clock of the NTP server is configured as the NTP master clock.
[~SwitchA] ntp refclock-master 1 //Set the clock stratum to 1. [*SwitchA] ntp authentication enable [*SwitchA] ntp authentication-keyid 45 authentication-mode hmac-sha256 QAZWSXedc@1987 //Authentication methods includes MD5 and HMAC-SHA256. HMAC-SHA256 has a higher security and MD5 has a higher speed. In this example, HMAC-SHA256 is used. [*SwitchA] ntp trusted authentication-keyid 45 [*SwitchA] commit# Specify a listening interface on SwitchA.
[~SwitchA] ntp server source-interface vlanif 100 [*SwitchA] commit
- Enable the NTP server function of SwitchA.
[~SwitchA] undo ntp server disable [*SwitchA] commit [~SwitchA] quit
- Configure SwitchB to synchronize time with SwitchA and enable NTP authentication. The IP address of NTP server is 10.10.1.1.
[~SwitchB] ntp authentication enable [*SwitchB] ntp authentication-keyid 45 authentication-mode hmac-sha256 QAZWSXedc@1987 //Authentication methods includes MD5 and HMAC-SHA256. HMAC-SHA256 has a higher security and MD5 has a higher speed. In this example, hmac-sha256 is used. [*SwitchB] ntp trusted authentication-keyid 45 [*SwitchB] ntp unicast-server 10.10.1.1 authentication-keyid 45 //Set the clock synchronization mode to unicast client/server. [*SwitchB] commit [~SwitchB] quit
![]()
The authentication key ID on SwitchB must be the same as that on SwitchA; otherwise, the authentication will fail.
Verifying the Configuration
Check the configurations on SwitchA.
Run the display ntp status command on SwitchA to view the NTP status.
<SwitchA> display ntp status clock status: synchronized //Local clock status. clock stratum: 1 //Clock stratum. reference clock ID: LOCAL(0) nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.0000 ms root delay: 0.00 ms root dispersion: 11.65 ms peer dispersion: 10.00 ms reference time: 15:13:24.754 UTC Aug 21 2013(D5BF5794.C13458CD) //Reference time stamp. synchronization state: clock synchronized //Local clock synchronization status.
Run the display clock command on SwitchA to view the current time and date of the system.
<SwitchA> display clock 2013-08-21 15:14:23 Wednesday Time Zone(DefaultZoneName) : UTC
Check the configurations on SwitchB.
Run the display ntp status command on SwitchB to view the NTP status.
<SwitchB> display ntp status clock status: synchronized //Local clock status. clock stratum: 2 //Clock stratum. reference clock ID: 10.10.1.1 nominal frequency: 100.0000 Hz actual frequency: 100.0000 Hz clock precision: 2^18 clock offset: 0.6828 ms root delay: 2.74 ms root dispersion: 24.84 ms peer dispersion: 10.93 ms reference time: 15:13:24.518 UTC Aug 21 2013(D5BF5B33.84A4A05D) //Reference time stamp. synchronization state: clock synchronized //Local clock synchronization status.
Run the display clock command on SwitchB to view the current time and date of the system.
<SwitchB> display clock 2013-08-21 15:14:23 Wednesday Time Zone(DefaultZoneName) : UTC
Configuration File
Configuration file of SwitchA
#
sysname SwitchA
#
ntp ipv6 server disable
ntp authentication-keyid 45 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# //The ciphertext format provided here is for example only. The format may vary depending on the system software version.
ntp trusted authentication-keyid 45
ntp refclock-master 1
ntp authentication enable
ntp server source-interface Vlanif100
#
vlan batch 100
#
interface Vlanif100
ip address 10.10.1.1 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
#
return
Configuration file of SwitchB
#
sysname SwitchB
#
ntp server disable
ntp ipv6 server disable
ntp authentication-keyid 45 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# //The ciphertext format provided here is for example only. The format may vary depending on the system software version.
ntp trusted authentication-keyid 45
ntp unicast-server 10.10.1.1 authentication-keyid 45
ntp authentication enable
#
vlan batch 100
#
interface Vlanif100
ip address 10.10.1.2 255.255.255.0
#
interface 10GE1/0/1
port link-type trunk
port trunk pvid vlan 100
port trunk allow-pass vlan 100
#
return
Conclusions and Suggestions
The NTP usage scenarios are as follows:
- Unicast client/server mode: used at a higher stratum on a synchronization subnet. In this mode, the clients need to obtain the IP address of the server before synchronizing time.
- Peer mode: used at a lower stratum on the synchronization subnet. In this mode, an active peer and a passive peer can be synchronized with each other. To be specific, a peer of a higher stratum is synchronized to a peer of a lower stratum.
- Broadcast mode: used when the IP address of a server or peer is not determined, or when the clocks of a large number of devices need to be synchronized on a network.
- Multicast mode: used for the high-speed network that has multiple workstations and does not require high clock accuracy. In a typical scenario, one or more clock servers on the network periodically send multicast packets to the workstations. The delay of packet transmission in a LAN is at the milliseconds level.
- Manycast mode (V100R002C00 or later): used in the scenario where servers are scattered on a network. The client can discover and synchronize to the closest manycast server. On a network where the server is unstable, the manycast mode avoids reconfigurations on clients after the server changes.
The NTP traverses the following states during synchronization:
- clock not set: indicates that the clock is not updated.
- frequency set by configuration: indicates that the clock frequency is set by NTP.
- clock set: indicates that the clock is set.
- clock set but frequency not determined: indicates that the clock is set, but the clock frequency is not determined.
- clock synchronized: indicates that the clock has been synchronized.
- spike (clock will be set in XXX secs): indicates that the system detects that the time difference between the clock server and the client exceeds 128 milliseconds, and the local clock will be revalidated in XXX seconds.
If an error occurs in NTP synchronization, use the following methods to locate the fault:
- Run the display ntp event clock-unsync command to view the latest 10 reasons of NTP synchronization failures.
- Run the display ntp sessions command to view information about all sessions of local NTP.
- Run the display ntp slot-status command to view the clock system status.
Document ID:EDOC1000039339
Views:741000
Downloads:13318
Average rating:4.87Points