No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Typical Configuration Examples

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring NTP to Synchronize Time

Configuring NTP to Synchronize Time

Applicable Products and Versions

This example applies to all models and versions.

Networking Requirements

On the data center network, manually setting system time on all devices is time-consuming and the system time may be inaccurate. The NTP protocol can quickly synchronize system time of all devices on the network.

As shown in Figure 2-39, the IP addresses of SwitchA and SwitchB have been configured. SwitchA has synchronized its clock to an authoritative clock, for example, the Global Positioning System (GPS). SwitchA functions as the time server of SwitchB.

Figure 2-39 Diagram for configuring NTP to synchronize time

Configuration Roadmap

The configuration roadmap is as follows:
  1. Configuring IP addresses for SwitchA and SwitchB
  2. Configuring SwitchA as the master clock so that the local clock of SwitchA can be used as the reference clock
  3. Configuring SwitchB to synchronize time from SwitchA and configuring NTP authentication to ensure time synchronization security

Procedure

  1. Configure IP addresses for SwitchA and SwitchB.

    # Configure the IP address for SwitchA.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [~HUAWEI] commit
    [~SwitchA] vlan batch 100
    [~SwitchA] interface vlanif 100
    [~SwitchA-Vlanif100] ip address 10.10.1.1 24
    [~SwitchA-Vlanif100] quit
    [~SwitchA] interface 10ge 1/0/1
    [~SwitchA-10GE1/0/1] port link-type trunk
    [~SwitchA-10GE1/0/1] port trunk pvid vlan 100
    [~SwitchA-10GE1/0/1] port trunk allow-pass vlan 100
    [~SwitchA-10GE1/0/1] quit
    [~SwitchA] commit

    # Configure the IP address for SwitchB.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchB
    [~HUAWEI] commit
    [~SwitchB] vlan batch 100
    [~SwitchB] interface vlanif 100
    [~SwitchB-Vlanif100] ip address 10.10.1.2 24
    [~SwitchB-Vlanif100] quit
    [~SwitchB] interface 10ge 1/0/1
    [~SwitchB-10GE1/0/1] port link-type trunk
    [~SwitchB-10GE1/0/1] port trunk pvid vlan 100
    [~SwitchB-10GE1/0/1] port trunk allow-pass vlan 100
    [~SwitchB-10GE1/0/1] quit
    [~SwitchB] commit

  2. Configure SwitchA as the master clock server and enable NTP authentication. Set the clock stratum to 1.

    NOTE:

    The value of clock stratum ranges from 1 to 15. The clocks on the subnet are synchronized in an ascending order of stratums. The clock stratum can be set. In this example, the clock stratum is 1.

    In actual circumstances, the NTP server synchronized with the authoritative clock is set as stratum 1, and is used as a clock source. Other devices on the network synchronize their clocks with the clock of the NTP server, which means the local clock of the NTP server is configured as the NTP master clock.

    [~SwitchA] ntp refclock-master 1                                           //Set the clock stratum to 1.
    [~SwitchA] ntp authentication enable
    [~SwitchA] ntp authentication-keyid 45 authentication-mode hmac-sha256 hello123456    //Authentication methods includes MD5 and HMAC-SHA256. HMAC-SHA256 has a higher security and MD5 has a higher speed. In this example, HMAC-SHA256 is used.
    [~SwitchA] ntp trusted authentication-keyid 45
    [~SwitchA] commit
    [~SwitchA] quit

  3. Enable the NTP server function of SwitchA.

    [~SwitchA] undo ntp server disable 
    [~SwitchA] commit
    [~SwitchA] quit

  4. Configure SwitchB to synchronize time with SwitchA and enable NTP authentication. The IP address of NTP server is 10.10.1.1.

    [~SwitchB] ntp authentication enable
    [~SwitchB] ntp authentication-keyid 45 authentication-mode hmac-sha256 hello123    //Authentication methods includes MD5 and HMAC-SHA256. HMAC-SHA256 has a higher security and MD5 has a higher speed. In this example, hmac-sha256 is used.
    [~SwitchB] ntp trusted authentication-keyid 45
    [~SwitchB] ntp unicast-server 10.10.1.1 authentication-keyid 45            //Set the clock synchronization mode to unicast client/server.
    [~SwitchB] commit
    [~SwitchB] quit
    NOTE:

    The authentication key ID on SwitchB must be the same as that on SwitchA; otherwise, the authentication will fail.

Verifying the Configuration

  • Check the configurations on SwitchA.

    1. Run the display ntp status command on SwitchA to view the NTP status.

      <SwitchA> display ntp status
       clock status: synchronized                                            //Local clock status.
       clock stratum: 1                                                      //Clock stratum.
       reference clock ID: LOCAL(0)                                                   
       nominal frequency: 100.0000 Hz                                                 
       actual frequency: 100.0000 Hz                                                  
       clock precision: 2^18                                                          
       clock offset: 0.0000 ms                                                        
       root delay: 0.00 ms                                                            
       root dispersion: 11.65 ms                                                      
       peer dispersion: 10.00 ms                                                      
       reference time: 15:13:24.754 UTC Aug 21 2013(D5BF5794.C13458CD)   //Reference time stamp.
       synchronization state: clock synchronized                             //Local clock synchronization status. 
    2. Run the display clock command on SwitchA to view the clock status.

      <SwitchA> display clock
      2013-08-21 15:14:23                                                             
      Wednesday                                                                       
      Time Zone(DefaultZoneName) : UTC  
  • Check the configurations on SwitchB.

    1. Run the display ntp status command on SwitchB to view the NTP status.

      <SwitchB> display ntp status
       clock status: synchronized                                             //Local clock status.
       clock stratum: 2                                                       //Clock stratum.
       reference clock ID: 10.10.1.1                                                  
       nominal frequency: 100.0000 Hz                                                 
       actual frequency: 100.0000 Hz                                                  
       clock precision: 2^18                                                          
       clock offset: 0.6828 ms                                                        
       root delay: 2.74 ms                                                            
       root dispersion: 24.84 ms                                                      
       peer dispersion: 10.93 ms                                                      
       reference time: 15:13:24.518 UTC Aug 21 2013(D5BF5B33.84A4A05D)   //Reference time stamp.       
       synchronization state: clock synchronized                              //Local clock synchronization status. 
    2. Run the display clock command on SwitchB to view the clock status.

      <SwitchB> display clock
      2013-08-21 15:14:23                                                             
      Wednesday                                                                       
      Time Zone(DefaultZoneName) : UTC  

Configuration File

Configuration file of SwitchA

#
sysname SwitchA
#
ntp ipv6 server disable
ntp authentication-keyid 45 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%#     //The ciphertext format provided here is for example only. The format may vary depending on the system software version. 
ntp trusted authentication-keyid 45  
ntp refclock-master 1
ntp authentication enable
#
vlan batch 100
#
interface Vlanif100
 ip address 10.10.1.1 255.255.255.0
#
interface 10GE1/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
#
return

Configuration file of SwitchB

#
sysname SwitchB
#
ntp server disable
ntp ipv6 server disable
ntp authentication-keyid 45 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%#     //The ciphertext format provided here is for example only. The format may vary depending on the system software version. 
ntp trusted authentication-keyid 45
ntp unicast-server 10.10.1.1 authentication-keyid 45
ntp authentication enable
#
vlan batch 100
#
interface Vlanif100
 ip address 10.10.1.2 255.255.255.0
#
interface 10GE1/0/1
 port link-type trunk
 port trunk pvid vlan 100
 port trunk allow-pass vlan 100
#
return

Conclusions and Suggestions

The NTP usage scenarios are as follows:
  • Unicast client/server mode: used at a higher stratum on a synchronization subnet. In this mode, the clients need to obtain the IP address of the server before synchronizing time.
  • Peer mode: used at a lower stratum on the synchronization subnet. In this mode, an active peer and a passive peer can be synchronized with each other. To be specific, a peer of a higher stratum is synchronized to a peer of a lower stratum.
  • Broadcast mode: used when the IP address of a server or peer is not determined, or when the clocks of a large number of devices need to be synchronized on a network.
  • Multicast mode: used for the high-speed network that has multiple workstations and does not require high clock accuracy. In a typical scenario, one or more clock servers on the network periodically send multicast packets to the workstations. The delay of packet transmission in a LAN is at the milliseconds level.
  • Manycast mode (V100R002C00 or later): used in the scenario where servers are scattered on a network. The client can discover and synchronize to the closest manycast server. On a network where the server is unstable, the manycast mode avoids reconfigurations on clients after the server changes.
The NTP traverses the following states during synchronization:
  • clock not set: indicates that the clock is not updated.
  • frequency set by configuration: indicates that the clock frequency is set by NTP.
  • clock set: indicates that the clock is set.
  • clock set but frequency not determined: indicates that the clock is set, but the clock frequency is not determined.
  • clock synchronized: indicates that the clock has been synchronized.
  • spike (clock will be set in XXX secs): indicates that the system detects that the time difference between the clock server and the client exceeds 128 milliseconds, and the local clock will be revalidated in XXX seconds.
If an error occurs in NTP synchronization, use the following methods to locate the fault:
  • Run the display ntp event clock-unsync command to view the latest 10 reasons of NTP synchronization failures.
  • Run the display ntp sessions command to view information about all sessions of local NTP.
  • Run the display ntp slot-status command to view the clock system status.
Download
Updated: 2019-04-03

Document ID: EDOC1000039339

Views: 116596

Downloads: 7528

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next