No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Command Reference

CloudEngine 8800, 7800, 6800, and 5800 V200R002C50

This document describes all the configuration commands of the device, including the command function, syntax, parameters, views, default level, usage guidelines, examples, and related commands.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
NTP Configuration Commands

NTP Configuration Commands

display ntp event clock-unsync

Function

The display ntp event clock-unsync command displays clock unsynchronization reasons.

Format

display ntp event clock-unsync

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

You can run the display ntp event clock-unsync command to view information clock unsynchronization reasons in the current system. This command can only display the latest 10 reasons.

Example

# Display the latest clock unsynchronization reason.

<HUAWEI> display ntp event clock-unsync
  1. Clock source   : 10.1.1.1                                                  
     Session type   : client, configured                                        
     Unsync reason  : Authentication failure                                    
     Unsync time    : 2013-09-17 11:58:10   
Table 5-50  Description of the display ntp event clock-unsync command output

Item

Description

Clock source IP address of the server clock.
Session type Session type of the server clock.
Unsync reason Unsynchronous reasons.
Unsync time Unsynchronous time.

display ntp sessions

Function

The display ntp sessions command displays all session information maintained by NTP on the local end.

Format

display ntp sessions [ verbose ]

Parameters

Parameter Description Value
verbose

Displays detailed information about an NTP session.

If verbose is not specified, only summary information about the NTP session is displayed.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Run the display ntp sessions command. If the verbose option is not specified, only summary information about a session is displayed.

Example

# Display NTP session information of the local device.

<HUAWEI> display ntp sessions
 clock source: 127.127.1.0                                                      
 clock stratum: 1                                                               
 clock status: configured, master, sane, valid                                  
 reference clock ID: LOCAL(0)                                                   
 reach: 255                                                                     
 current poll: 64                                                               
 now: 32                                                                        
 offset: 0.0000 ms                                                              
 delay: 0.00 ms                                                                 
 disper: 1.42 ms  
Table 5-51  Description of the display ntp sessions command output

Item

Description

clock source

Address of the clock source.

clock stratum

Stratum of the clock source.

The clock stratum determines the precision of the clock, and its value ranges from 1 to 16. The higher the stratum value, the lower the clock precision. The value 1 indicates the highest precision, and the value 16 indicates the lowest precision. The clock with stratum 16 is in the unsynchronized status, and cannot be used as a reference clock.

clock status

Status of a clock, where
  • configured: indicates that the session is set up by a configuration command.
  • master: indicates that the clock source corresponding to the session is the primary clock source of the current system.
  • selected: indicates that the clock source corresponding to the session passes the clock selecting algorithm.
  • candidate: indicates that the clock source corresponding to the session is a candidate clock source.
  • sane: indicates that the clock source corresponding to the session passes the saneness test.
  • insane: indicates that the clock source corresponding to the session does not pass the saneness test.
  • valid: indicates that the clock source corresponding to the session is valid. The clock source corresponding to the session passes the test, is in a synchronized status and is of an effective stratum. The root delay and the root dispersion are within the normal range.
  • invalid: indicates that the clock source corresponding to the session is invalid.
  • unsynced: indicates that the clock source corresponding to the session is not yet synchronized or the stratum is invalid.

reference clock ID

When the local system has been synchronized to a remote NTP server or a clock source, the address of the remote server or the identifier of the clock source is displayed.

reach

Reachability count of the clock source. The value 0 indicates that the clock source is unreachable.

current poll

Poll interval of NTP packets. The interval for sending two successive NTP packets, in seconds.

now

Interval between the last synchronization and the current time.

offset

Offset to the superior clock source.

delay

Delay to the superior clock source.

disper

Dispersion to the superior clock source.

# Display detailed information about NTP sessions on the local device.

<HUAWEI> display ntp sessions verbose
 clock source: 127.127.1.0                                                      
 clock stratum: 1                                                               
 clock status: configured, master, sane, valid                                  
 reference clock ID: LOCAL(0)                                                   
 local mode: client, local poll: 64, current poll: 64                           
 peer mode: server, peer poll: 64, now: 60                                      
 offset: 0.0000 ms, delay: 0.00 ms, disper: 1.19 ms                             
 root delay: 0.00 ms, root disper: 10.00 ms                                     
 reach: 255, sync dist: 0.012, sync state: 4                                    
 precision: 2^17, version: 3, peer interface: InLoopBack0                       
 reftime: 11:07:58.371 UTC Sep 17 2013(D5E2B68E.5F08893B)                       
 orgtime: 11:07:58.371 UTC Sep 17 2013(D5E2B68E.5F08893B)                       
 rcvtime: 11:07:58.371 UTC Sep 17 2013(D5E2B68E.5F08FEAC)                       
 xmttime: 11:07:58.371 UTC Sep 17 2013(D5E2B68E.5F08461F)                       
 filter delay :  0.00   0.00   0.00   0.00   0.00   0.00   0.00   0.00          
 filter offset:  0.00   0.00   0.00   0.00   0.00   0.00   0.00   0.00          
 filter disper:  0.01   0.00   0.00   0.00   0.00   0.00   0.00   0.01          
 reference clock status: normal  
Table 5-52  Description of the display ntp sessions verbose command output

Item

Description

clock source

Address of the clock source.

clock stratum

NTP stratum on which the local system is located.

clock status

Status of a clock, where
  • configured: indicates that the session is set up by a configuration command.
  • master: indicates that the clock source corresponding to the session is the primary clock source of the current system.
  • selected: indicates that the clock source corresponding to the session passes the clock selecting algorithm.
  • candidate: indicates that the clock source corresponding to the session is a candidate clock source.
  • sane: indicates that the clock source corresponding to the session passes the saneness test.
  • insane: indicates that the clock source corresponding to the session does not pass the saneness test.
  • valid: indicates that the clock source corresponding to the session is valid. The clock source corresponding to the session passes the test, is in a synchronized status and is of an effective stratum. The root delay and the root dispersion are within the normal range.
  • invalid: indicates that the clock source corresponding to the session is invalid.
  • unsynced: indicates that the clock source corresponding to the session is not yet synchronized or the stratum is invalid.

reference clock ID

When the local system has been synchronized to a remote NTP server or a clock source, the address of the remote server or the identifier of the clock source is displayed. When the server is located on a certain VPN, the name of the VPN instance is displayed.

local mode

Local system mode.

peer mode

Peer system mode.

local poll

Local polling mode.

peer poll

Peer polling mode.

offset

Offset to the superior clock source.

delay

Delay to the superior clock source.

disper

Dispersion to the superior clock source.

root delay

Total system delay between the local end and the master reference clock. The default value is 0.

root disper

System dispersion of the local end to the master reference clock. The default value is 0.

reach

Reachability mark, indicating the reachability to the clock source.

sync dist

Synchronization distance to the superior clock source. This parameter evaluates and describes the clock source, and NTP chooses the clock source with the shortest synchronization distance.

sync state

Synchronization state:
  • 0: The clock has never been synchronized.

  • 1: Frequency information is obtained from configuration information.

  • 2: The clock is set.

  • 3: The clock is set, but the frequency is not yet determined.

  • 4: The clock is synchronized.

  • 5: An error is found.

precision

Precision of a peer clock.

version

NTP version.

peer interface

Peer interface.

reftime

Reference timestamp.

orgtime

Time when an NTP packet is sent for the last time.

rcvtime

Time when an NTP packet is received for the last time.

xmttime

Time when an NTP packet is forwarded for the last time.

filter delay

Time when a delayed NTP packet is received for the last time.

filter offset

Time when an offset NTP packet is received for the last time.

filter disper

Time when a dropped NTP packet is received for the last time.

reference clock status

The status of the reference clock, including:
  • normal: indicates that the peer clock is reachable.
  • abnormal: indicates that the peer clock is unreachable.

display ntp slot-status

Function

The display ntp slot-status command displays the status of the clock system on the switch.

Format

display ntp slot-status

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The synchronization status of the local clock system can be seen based on the status of the time service.

Example

# Display the clock synchronization status on the switch.

<HUAWEI> display ntp slot-status
                                                                                
Slot ID               : 1                                                       
Sync Source           : 127.127.1.0                                             
NTP Server Configured : Yes                                                     
Clock Status          : synchronized                                            
Offset                : 0.0000 ms                                               
Clock Precision       : 2^17                                                    
Poll                  : 64                                                      
Reference Time        : 11:19:49.467 UTC Sep 17 2013(D5E2B955.77B9170D)         
Current Time          : 11:20:01.713 UTC Sep 17 2013(D5E2B961.B6A7EF9D)  
Table 5-53  Description of the display ntp slot-status command output

Item

Description

Slot ID

Stack ID.

Sync Source

Synchronization clock source.

NTP Server Configured

Whether an NTP server is configured or not. It can be any of the following values:
  • Yes
  • No

Clock Status

The status of a clock. It can be any of the following values:
  • synchronized
  • unsynchronized

Offset

The clock offset.

Clock Precision

The clock precision.

Poll

The time interval after switch sends a packet to the clock synchronization source.

Reference Time

The time to which the clock is last synchronized.

Current Time

The current time of the clock.

display ntp statistics packet

Function

The display ntp statistics packet command displays statistics on NTP packets.

Format

display ntp statistics packet [ ipv6 | [ ipv6 ] interface { interface-type interface-number | all } | peer [ [ ip-address [ vpn-instance vpn-instance-name ] ] | ipv6 [ ipv6-address [ vpn-instance vpn-instance-name ] ] ] ]

Parameters

Parameter Description Value
ipv6 Displays statistics about global IPv6 NTP packets. -
interface interface-type interface-number

Displays statistics on NTP packets on an interface of a certain type and number.

-

peer

Displays statistics on an NTP peer.

-

ip-address

Specifies the IP address of an NTP peer.

-

vpn-instance vpn-instance-name

Specifies a VPN instance related to an NTP peer.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

ipv6 Displays the packet statistics on IPv6 peers. -
ipv6-address Displays the NTP packet statistics on the specified IPv6 peer. -
all

Displays statistics packets on all interfaces.

-

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

The display ntp statistics packet command output includes the following information, and can help you to debug NTP packets.

  • Number of packets sent and received by an interface
  • Number of packets failing authentication
  • Number of dropped packets
  • Reason for dropping an NTP packet last time

Example

# Display the statistics on NTP packets.

<HUAWEI> display ntp statistics packet
 NTP IPv4 Packet Statistical Information                                        
 ---------------------------------------                                        
 Sent                                  :          2                             
    Send failures                      :          0                             
 Received                              :          4                             
    Processed                          :          2                             
    Dropped                            :          2                             
       Validity test failures          :          0                             
          Authentication failures      :          0                             
       Invalid packets                 :          2                             
       Access denied                   :          0                             
       Rate-limited                    :          0                             
       Processing delay                :          0                             
       Interface disabled              :          0                             
       Max dynamic association reached :          0                             
       Server disabled                 :          0                             
       Others                          :          0                             
 Last 2 packets drop reasons:                                                   
   [2013-09-17 11:38:36] From Peer 10.1.1.1 Received invalid packet.            
   [2013-09-17 11:39:42] From Peer 10.1.1.1 Received invalid packet.  
Table 5-54  Description of the display ntp statistics packet command output

Item

Description

NTP IPv4 Packet Statistical Information Statistics on IPv4 NTP packets.
Sent Number of packets sent.
Send failures Number of failures in sending packets.
Received Number of received packets.
Processed Number of processed packets.
Dropped Number of dropped packets.
Validity test failures Number of packets dropped because the packets fail to pass the validity test.
Authentication failures Number of packets dropped because the packets fail to pass the authentication.
Invalid packets Number of packets dropped because the packets are invalid.
Access denied Number of packets dropped for lack of access control authority.
Rate-limited Number of packets dropped due to rate limit.
Processing delay Number of packets dropped because processing of the packets is delayed.
Interface disabled Number of packets dropped because the interface is disabled.
Max dynamic association reached Number of packets dropped because the maximum number of dynamic sessions is reached.
Server disabled Indicates the number of packets dropped as server disabled.
Others Number of packets dropped for other reasons.
Last 2 packets drop reasons Reason for dropping the last n packets, where the maximum value of n can be 10.

# Display NTP peer statistics.

<HUAWEI> display ntp statistics packet peer
NTP Peer Packet Statistical Information
--------------------------------------- 
Peer 10.12.12.12 (Local mode: bdcast client/dynamic,Interface: 10GE1/0/1)
 Sent                                  :          0
    Send failures                      :          0
 Received                              :          0
    Processed                          :          0
    Dropped                            :          0
       Validity test failures          :          0
          Authentication failures      :          0
       Access denied                   :          0
       Others                          :          0   
Table 5-55  Description of the display ntp statistics packet peer command output

Item

Description

Peer

IP address of an NTP peer

Local mode

Local mode of an NTP session:

client: The peer clock can synchronize with a local clock, but the local clock cannot synchronize with the peer clock.

server: The local clock can synchronize the peer clock but peer clock cannot synchronize local clock.

active: The local clock can get synchronized to its peer clock, and the peer clock can get synchronized to local clock based on a larger stratum value. The synchronization request is first sent by the local clock.

passive: The local clock can get synchronized to its peer clock, and the peer clock can get synchronized to local clock based on a larger stratum value. The synchronization request is first sent by the peer clock.

broadcast: The local clock is in broadcast server mode.

broadcast client: The local clock is in broadcast client mode.

configured: A peer is configured by the user.

dynamic: A peer is dynamically discovered.

Interface

Interface name of an NTP peer

Sent

Total number of packets sent

Send failures

Total number of send failures

Received

Total number of packets received

Processed

Total number of packets processed

Dropped

Total number of packets dropped

Validity test failures

Total number of packets dropped due to NTP validity test failures

Authentication failures

Total number of packets dropped due to authentication failures

Access denied

Total number of packets dropped due to denial of access

Others

Total number of packets dropped due to other reasons

display ntp status

Function

The display ntp status command displays the status of NTP.

Format

display ntp status

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

Based on the displayed status of the NTP service, you can know the synchronization status and stratum of the local system clock.

Example

# Display the status of the NTP service.

<HUAWEI> display ntp status
 clock status: synchronized                                                     
 clock stratum: 2                                                               
 reference clock ID: LOCAL(0)                                                   
 nominal frequency: 100.0000 Hz                                                 
 actual frequency: 100.0000 Hz                                                  
 clock precision: 2^17                                                          
 clock offset: 0.0000 ms                                                        
 root delay: 0.00 ms                                                            
 root dispersion: 11.42 ms                                                      
 peer dispersion: 10.00 ms                                                      
 reference time: 10:59:23.348 UTC Sep 17 2013(D5E2B48B.592EF911)                
 synchronization state: clock synchronized  
Table 5-56  Description of the display ntp status command output

Item

Description

clock status

Status of the clock:
  • synchronized: indicates that the local system clock is synchronized with an NTP server or a reference clock.

  • unsynchronized: indicates that the local system clock is not synchronized with any NTP server.

clock stratum

Stratum of the local system clock.

reference clock ID

Reference clock:
  • If the local system clock has been synchronized with a remote NTP server or a reference clock, this field displays the IP address of the remote NTP server or the identifier of the reference clock.

  • If the local system clock functions as a reference clock, this field displays "Local".

  • If clock status is unsynchronized, this field displays "None".

nominal frequency

Nominal frequency of the local system clock.

actual frequency

Actual frequency of the local system clock.

clock precision

Precision of the local system clock.

clock offset

Offset between the local system clock and the NTP server.

root delay

Total delay between the local system clock and the master reference clock.

root dispersion

Total dispersion between the local system clock and the master reference clock.

peer dispersion

Dispersion between the local system clock and the remote NTP peer.

reference time

Time when the latest system clock synchronization was performed.

synchronization state

Synchronization state of the local clock:
  • clock not set: indicates that the clock is not updated.
  • frequency set by configuration: indicates that the clock frequency is set through NTP configuration.
  • clock set: indicates that the clock is set.
  • clock set but frequency not determined: indicates that the clock is set, but the clock frequency is not determined.
  • clock synchronized: indicates that the clock has been synchronized.
  • spike (clock will be set in 600 secs): indicates that the system detects that the time difference between the clock server and the client exceeds 128 milliseconds, and the local clock will be revalidated in 600 seconds. The 600-second period is not fixed and may be changed in different situations.

display ntp trace

Function

The display ntp trace command displays the system to trace the path of reference clock source from the local device.

Format

display ntp trace

Parameters

None

Views

All views

Default Level

1: Monitoring level

Usage Guidelines

When you run the display ntp trace command, summary information of NTP servers for synchronizing time on the link from the local device to the reference clock source can be displayed.

Example

# Display the summary of each passing NTP server when you trace the reference clock source from the local device.

<HUAWEI> display ntp trace
server 127.0.0.1,stratum 5, offset 0.024099, synch distance 0.06337
server 192.168.1.2,stratum 4, offset 0.028786, synch distance 0.04575
server 192.168.2.1,stratum 3, offset 0.035199, synch distance 0.03075
server 192.168.10.1,stratum 2, offset 0.039855, synch distance 0.01096
refid 127.127.1.0
Table 5-57  Description of the display ntp trace command output

Item

Description

server

IP address of the NTP server.

stratum

Stratum of the clock on the NTP server.

offset

Offset to the superior reference clock.

synch distance

Synchronization distance to the superior reference clock.

This parameter evaluates and describes the reference clock and NTP chooses the reference clock with the shortest synchronization distance.

refid

Reference clock source.

ntp access

Function

The ntp access command sets the access control authority of the local NTP.

The undo ntp access command cancels the configured access control authority.

By default, no access control authority is set.

Format

ntp access { peer | query | server | synchronization | limited } { { acl-number | acl-name acl-name } | ipv6 { acl6-number | acl6-name acl6-name } } *

undo ntp access { peer | query | server | synchronization | limited } [ [ [ acl-number | acl-name acl-name ] | ipv6 [ acl6-number | acl6-name acl6-name ] ] * | all ]

Parameters

Parameter Description Value
peer

Indicates maximum access authority. Both time request and control query can be performed on the local NTP service, and the local clock can be synchronized to the remote server.

If the matching result is configured as permit for the source IP address configured in the ACL:

  • The local clock can be synchronized with the peer clock.
  • The peer clock can be synchronized with the local clock.
-
query Indicates minimum access. Only control query can be performed on the local NTP service. -
server

Indicates that server access and query are permitted. Both time request and control query can be performed on the local NTP service, but the local clock cannot be synchronized to the remote server.

If the matching result is configured as permit for the source IP address configured in the ACL, the peer clock can be synchronized with the local clock, but the local clock cannot be synchronized with the peer clock.

-
synchronization Indicates that only server access is permitted. Only time request can be performed on the local NTP service. -
limited When the rate of NTP packets exceeds the upper limit, the incoming NTP packets are discarded, and a Kiss code is sent if the KOD function is enabled. -
acl-number Indicates the number of a basic ACL with IPv4 address specified. The value is an integer that ranges from 2000 to 2999.
acl-name acl-name Indicates the basic access control list (ACL) name for IPv4 addresses. The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).
ipv6 acl6-number Indicates the number of an ACL with IPv6 address specified. The value is an integer that ranges from 2000 to 2999.
ipv6 acl6-name acl6-name Indicates the basic access control list (ACL) name for IPv6 addresses. The value is a string of 1 to 32 case-sensitive characters except spaces. The value must start with a letter (case-sensitive).

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Compared with NTP authentication, ntp access is simpler to ensure the network security. When an access request reaches the local end, the access request is successively matched with the access authority from the highest one to the lowest one. The first successfully matched access authority takes effect. The matching order is: peer, server, synchronization, query and limited.

Depending on the access authority to be limited, run the command on different devices accordingly. For details, see the following table.

Table 5-58  Configuration of the NTP access control authority

NTP Operating Mode

Usage Scenario

Device Configured

Unicast NTP server/client mode

The client is restricted from being synchronized to a server, so that the client will not be synchronized to an unreliable unicast NTP server on the network.

Client

Unicast NTP server/client mode

The server is restricted from processing the synchronization time request of the client, so that the synchronization range of the server is controlled.

Server

NTP symmetric peer mode

The two ends are restricted from being synchronized with each other to prevent an unreliable symmetric passive peer on the network from synchronizing the client.

Symmetric active peer

NTP symmetric peer mode

The symmetric passive peer is restricted from processing the time request, so that the synchronization range of the symmetric passive peer is controlled.

Symmetric passive peer

NTP multicast mode

The client is restricted from synchronizing to the server to prevent an unreliable multicast NTP server from synchronizing the client.

NTP multicast client

NTP broadcast mode

The client is restricted from being synchronized to a server, so that the client will not be synchronized to an unreliable broadcast NTP server on the network.

NTP broadcast client

NTP manycast client mode

The client is restricted from being synchronized to a server.

NTP manycast client

NTP manycast server mode

The server is restricted from processing the clock synchronization request sent by the client.

NTP manycast server

The ntp access command ensures the security to the minimal extent. A safer method is to perform identity authentication. See the ntp authentication enable command for relevant configuration.

Precautions

Check the configuration of the ACL rule before configuring the NTP access control authority in the ACL. When the ACL rule is permit, the peer device with the source IP address specified in this rule can access the NTP service on the local device. The access right of the peer device is configured using the ntp access command. When the ACL rule is deny, the peer device with the source IP address specified in this rule cannot access the NTP service on the local device.

Example

# Enable the peer matching ACL 2000 to perform time request, query control and time synchronization on the local device.

<HUAWEI> system-view
[~HUAWEI] ntp access peer 2000

# Enable the server matching ACL 2002 to perform time request and query control on the local device.

<HUAWEI> system-view
[~HUAWEI] ntp access server 2002

ntp authentication enable

Function

The ntp authentication enable command enables identity authentication for NTP.

The undo ntp authentication enable command disables the identity authentication.

By default, identity authentication is disabled.

Format

ntp authentication enable

undo ntp authentication enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

On networks requiring high security, authentication must be enabled for NTP. The NTP client authenticates NTP servers using a password and synchronizes time with only the authenticated server. This improves network security.

Example

# Enable identity authentication for NTP.

<HUAWEI> system-view
[~HUAWEI] ntp authentication enable

ntp authentication-keyid

Function

The ntp authentication-keyid command sets NTP authentication key.

The undo ntp authentication-keyid command removes NTP authentication key.

By default, no authentication key is set.

Format

ntp authentication-keyid key-id authentication-mode { md5 | hmac-sha256 } [ cipher ] password

undo ntp authentication-keyid key-id

Parameters

Parameter Description Value
key-id Indicates the key number. Key ID is an integer and ranges from 1 to 4294967295.
authentication-mode md5 Indicates MD5 authentication mode. -
authentication-mode hmac-sha256 Indicates HMAC-SHA256 authentication mode. -
cipher

Indicates that the configured password is displayed in cipher text.

-
password

Specifies the authentication password in plain text or in cipher text.

The value is a string of case-sensitive characters without spaces. The string length range is:
  • 1 to 255 characters in plain text.
  • 20 to 432 characters in cipher text.

When quotation marks are used around the string, spaces are allowed in the string.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

On a network that requires high security, the NTP authentication must be enabled. You can configure password authentication between client and server, which guarantee the client only to synchronize with server successfully authenticated, and improve network security. If the NTP authentication function is enabled, a reliable key should be configured at the same time. Keys configured on the client and the server must be identical.

NOTE:

In NTP symmetric peer mode, the symmetric active peer functions as a client and the symmetric passive peer functions as a server.

Follow-up Procedure

You can configure multiple keys for each device. After the NTP authentication key is configured, you need to set the key to reliable using the ntp trusted authentication-keyid command. If you do not set the key to reliable, the NTP key does not take effect.

Precautions

For security purposes, you are advised to use the HMAC-SHA256 algorithm, which is more secure, for NTP authentication.

You can configure a maximum of 1024 keys for each device.

If the NTP authentication key is a reliable key, it automatically becomes unreliable when you delete the key. You do not need to run the undo ntp trusted authentication-keyid command.

Example

# Set the HMAC-SHA256 identity authentication key. Set the key ID number to 10 and the key to Betterkey.

<HUAWEI> system-view
[~HUAWEI] ntp authentication-keyid 10 authentication-mode hmac-sha256 BetterKey

# Set authentication text to xyz123 in HMAC-SHA256 authentication with cipher option.

<HUAWEI> system-view
[~HUAWEI] ntp authentication-keyid 10 authentication-mode hmac-sha256 cipher xyz123 

ntp broadcast-client

Function

The ntp broadcast-client command configures the device to work in NTP broadcast client mode.

The undo ntp broadcast-client command removes the device from the NTP broadcast client mode.

By default, the device is not configured in the NTP broadcast client mode.

Format

ntp broadcast-client

undo ntp broadcast-client

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

On a synchronization subnet, when the IP address of a server or a symmetric peer is not determined, or when the clocks on a large number of devices need to be synchronized on the network, you can implement clock synchronization by configuring the broadcast mode.

On a specified interface on the broadcast client, run the ntp broadcast-client command to configure an interface on the local device to receive NTP broadcast packets. When the local device automatically runs in the broadcast client mode, the device can receive the synchronization packets sent by a broadcast server. For the configuration of the broadcast server, see the ntp broadcast-server command.

When the configuration is complete, you can run the display ntp sessions command to obtain information about sessions between the broadcast server and the local device.

Example

# Enable VLANIF100 to receive NTP broadcast messages.

<HUAWEI> system-view
[~HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ntp broadcast-client

# Enable 10GE1/0/1 to receive NTP broadcast messages.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] ntp broadcast-client
Related Topics

ntp broadcast-server

Function

The ntp broadcast-server command configures the local device to work in NTP broadcast server mode.

The undo ntp broadcast-server command removes the device from the NTP broadcast server mode.

By default, the broadcast server mode is not configured.

Format

ntp broadcast-server [ version number | authentication-keyid key-id | port port-number ] *

undo ntp broadcast-server

Parameters

Parameter Description Value
version number Indicates the NTP version number.

If this parameter is not specified, the version number is a default value.

The value is an integer that ranges from 1 to 4. The default value is 3.
authentication-keyid key-id Indicates the authentication key number used to transmit a message to broadcast clients.

If this parameter is not specified, authentication is not performed.

Key ID is an integer and ranges from 1 to 4294967295 when the NTP version number is from 1 to 3. When the NTP version number is 4, the key ID is integer that ranges from 1 to 65535.
port port-number Specifies the port number to transmit NTP broadcast message. The value is 123 or an integer ranging from 1025 to 65535. The default value is 123.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

On a synchronization subnet, when the IP address of a server or a symmetric peer is not determined, or when the clocks on a large number of devices need to be synchronized on the network, you can implement clock synchronization by configuring the broadcast mode.

On a specified interface on the broadcast server, run the ntp broadcast-server command to configure an interface on the local device to send NTP broadcast packets. When the local device automatically runs in the broadcast server mode, the device can send synchronization packets to a broadcast client. For the configuration of the broadcast client, see the ntp broadcast-client command.

When the configuration is complete, you can run the display ntp sessions command to obtain information about sessions between the broadcast server and the client.

Example

# Enable VLANIF100 to send NTP broadcast packets, with the NTP version as 2 and the key number as 4.

<HUAWEI> system-view
[~HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ntp broadcast-server version 2 authentication-keyid 4

# Enable 10GE1/0/1 to send NTP broadcast packets, with the NTP version as 3 and the key number as 100.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] ntp broadcast-server version 3 authentication-keyid 100
Related Topics

ntp disable

Function

The ntp disable command disables IPv4 NTP services.

The undo ntp disable command enables IPv4 NTP services.

The ntp ipv6 disable command disables IPv6 NTP services.

The undo ntp ipv6 disable command enables IPv6 NTP services.

By default, NTP services are enabled.

Format

ntp [ ipv6 ] disable

undo ntp [ ipv6 ] disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

To disable NTP services, run the ntp disable command in the system view.

This command applies to the following scenarios:
  • The device clock does not need to be synchronized with the clock of the external server or peer.

  • The device does not need to provide any reference clock source for an external client.

NOTE:
NTP service disabling will not delete the existing configurations.

Example

# Disable IPv4 NTP services.

<HUAWEI> system-view
[~HUAWEI] ntp disable

# Disable IPv6 NTP service.

<HUAWEI> system-view
[~HUAWEI] ntp ipv6 disable

ntp discard

Function

The ntp discard command sets the minimum inter-packet interval and the average inter-packet interval of NTP.

The undo ntp discard command cancels the minimum inter-packet interval and the average inter-packet interval of NTP.

By default, the minimum inter-packet interval is set to the first power of 2 in seconds, namely, 2 seconds, and the average inter-packet interval is set to the fifth power of 2 in seconds, namely, 32 seconds.

Format

ntp discard { min-interval min-interval-val | avg-interval avg-interval-val } *

undo ntp discard

Parameters

Parameter Description Value
min-interval min-interval-val

Specifies the minimum inter-packet interval of NTP.

The actual value of the minimum inter-packet interval of NTP is the value obtained by raising 2 to the power of min-interval-val, expressed in seconds.

The value of min-interval-val is an integer that ranges from 1 to 8.
avg-interval avg-interval-val

Specifies the average inter-packet interval of NTP.

The actual value of the average inter-packet interval of NTP is the value obtained by raising 2 to the power of avg-interval-val, expressed in seconds.

The value of avg-interval-val is an integer that ranges from 1 to 8.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The minimum inter-packet interval and the average inter-packet interval of NTP are set using the ntp discard command. To generate kiss code RATE, we need to set the minimum inter-packet interval and the average inter-packet interval of NTP.

Example

# Set both the minimum inter-packet interval and the average inter-packet interval of NTP to the fourth power of 2, expressed in seconds, namely, 16 seconds.

<HUAWEI> system-view
[~HUAWEI] ntp discard min-interval 4 avg-interval 4

ntp kod-enable

Function

The ntp kod-enable command enables the KOD function.

The undo ntp kod-enable command disables the KOD functions.

By default, the KOD function is disabled.

Format

ntp kod-enable

undo ntp kod-enable

Parameters

None

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The Kiss-o'-Death (KOD) is a brand new access control technology put forward by NTPv4, and the KOD is mainly used for a server to provide information, such as a status report and access control, for a client. After the KOD function is enabled on the server, the server sends the kiss code DENY or RATE to the client according to the operating status of the system.

When the kiss code is generated in a specific situation, run the ntp kod-enable command.

Follow-up Procedure

After the KOD function is enabled on the server, you can run the ntp access limited command to enable control on the rate of incoming NTP packets. When the rate of incoming NTP packets reaches the upper threshold, the server sends the kiss code.

Example

# Enable the KOD function.
<HUAWEI> system-view
[~HUAWEI] ntp kod-enable

ntp manycast-client

Function

The ntp manycast-client command configures the NTP manycast client mode.

The undo ntp manycast-client command cancels the NTP manycast client mode.

By default, the NTP manycast client mode is disabled.

Format

ntp manycast-client [ ip-address | ipv6 [ ipv6-address ] ] [ authentication-keyid key-id | ttl ttl-number | port port-number ] *

undo ntp manycast-client [ ip-address | ipv6 [ ipv6-address ] ]

Parameters

Parameter Description Value
ip-address

Specifies a manycast IPv4 address, which is a class D address.

The default IPv4 address is 224.0.1.1.
ipv6 [ ipv6-address ]

Specifies a manycast IPv6 address.

The default IPv6 address is FF0E::0101.
authentication-keyid key-id

Specifies the ID of the authentication key used for sending packets to a manycast server.

The value is an integer that ranges from 1 to 65535.
ttl ttl-number

Specifies the TTL value of a manycast packet.

The value is an integer ranges from 1 to 255.
port port-number Specifies the port number to transmit NTP manycast message. The value is 123 or an integer ranging from 1025 to 65535. The default value is 123.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

The local device runs in the manycast client mode, and periodically sends manycast packets to manycast servers. After the local device receives the reply packet sent by a manycast server, the local device establishes dynamic C/S association with the server.

NOTE:
In the configuration of the manycast client, if the server address is not specified, 224.0.1.1 or FF0E::0101 is adopted as the server address by default.

Example

# Configure VLANIF100 to receive NTP manycast packets.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] quit
[*HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ntp manycast-client

# Configure interface 10GE1/0/1 to receive NTP manycast packets. Assign the manycast address FF0E::111 to the manycast IPv6 packets.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1]  ntp manycast-client ipv6 FF0E::111
Related Topics

ntp manycast-server

Function

The ntp manycast-server command configures the NTP manycast server mode.

The undo ntp manycast-server command cancels the NTP manycast server mode.

By default, the NTP manycast server mode is not configured.

Format

ntp manycast-server [ ip-address | ipv6 [ ipv6-address ] ]

undo ntp manycast-server [ ip-address | ipv6 [ ipv6-address ] ]

Parameters

Parameter Description Value
ip-address

Specifies a manycast IPv4 address, which is a class D address.

The default IPv4 address is 224.0.1.1.
ipv6 [ ipv6-address ]

Specifies a manycast IPv6 address.

The default IPv6 address is FF0E::0101.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The manycast server responds to the manycast packets sent by the client. After the manycast client receives the reply packet, the manycast client establishes temporary association with the server and enters C/S mode.

Precautions

If the manycast IP address is not specified when the undo ntp manycast-server command is run, the local device searches for the default IP address. In IPv4 networks, the default IP address of the manycast server is 224.0.1.1. In IPv6 networks, the default IP address of the manycast server is FF0E::0101. If the local device finds the default IP address, the undo ntp manycast-server command takes effect; otherwise, the undo ntp manycast-server does not take effect.

Example

# Configure VLANIF100 as an interface of the server. The interface is used for responding to the manycast client request from a manycast address.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] quit
[*HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ntp manycast-server 

# Configure 10GE1/0/1 as an interface of the server. The interface is used for responding to the manycast client request from a manycast address.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] ntp multicast-client 224.0.1.1
Related Topics

ntp max-distance

Function

The ntp max-distance command configures the maximum NTP synchronization distance.

The undo ntp max-distance command restores the default value.

By default, the maximum NTP synchronization distance is 1.

Format

ntp max-distance max-distance-value

undo ntp max-distance

Parameters

Parameter Description Value
max-distance-value Indicates the maximum distance threshold value. The value is an integer that ranges from 1 to 16, in seconds. The default value is 1.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The ntp max-distance command is used at the client side. At the client side, NTP will calculate synchronization distance for each server and compare it with synchronization distance threshold value. If the synchronization distance exceeds synchronization distance threshold value, the client will not consider that server for clock synchronization. This command is used in the calculation of synchronization distance threshold value.

Example

# Set the maximum NTP synchronization distance to 16s.

<HUAWEI> system-view
[~HUAWEI] ntp max-distance 16

ntp max-dynamic-sessions

Function

The ntp max-dynamic-sessions command sets the maximum dynamic NTP sessions that can be set up.

The undo ntp max-dynamic-sessions command restores the maximum dynamic NTP sessions to the default value.

By default, up to 100 NTP dynamic sessions are allowed to be set up.

Format

ntp max-dynamic-sessions number

undo ntp max-dynamic-sessions

Parameters

Parameter Description Value
number

Indicates the number of dynamic sessions allowed to be set up.

The number of dynamic NTP sessions is an integer that ranges from 0 to 100.The default value is 100.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

A maximum of 128 sessions can be established on the same device running the NTP service in the same period, including static and dynamic sessions. In both unicast server/client mode and symmetric peer mode, command lines are used to establish static sessions. The dynamic sessions are established in broadcast mode or multicast mode.

Excessive dynamic sessions directly affect the establishment of static sessions. A user can limit the number of local dynamic sessions to solve this problem.

Precautions

When the number of local dynamic sessions on the device is limited,
  • NTP dynamic sessions established are not affected. That is, when the number of the dynamic sessions exceeds the limit, the dynamic sessions established are not deleted, but a new dynamic session cannot be established.
  • The limit on the number of local dynamic sessions allowed should be configured on the client because the server does not record the number of the established NTP sessions.

Example

# Set the maximum NTP dynamic sessions allowed to be set up to 50.

<HUAWEI> system-view
[~HUAWEI] ntp max-dynamic-sessions 50

ntp multicast-client

Function

The ntp multicast-client command configures the local device to work in NTP multicast client mode.

The undo ntp multicast-client command cancels the NTP multicast client mode.

By default, the NTP multicast client mode is not configured.

Format

ntp multicast-client [ ip-address | ipv6 [ ipv6-address ] ]

undo ntp multicast-client [ ip-address | ipv6 [ ipv6-address ] ]

Parameters

Parameter Description Value
ip-address Indicates the multicast IP address. The default IP address is 224.0.1.1.
ipv6 [ ipv6-address ]

Indicates the multicast IPv6 address.

The default IPv6 address is FF0E::0101.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To perform clock synchronization in multicast mode, you can use the ntp multicast-client command to specify the current interface on the local device to receive NTP multicast packets. The local device runs in the multicast client mode.

If the valid multicast server is configured, the local device gets synchronized with the multicast server. The local device time is updated with the time of the server.

Follow-up Procedure

When the configuration is complete, run the display ntp sessions command to obtain session information about the multicast server and the local device.

NOTE:

You can configure more than one multicast client with different multicast IP address on the same interface. When multiple multicast clients are configured, the device selects the optimal clock source by selecting a preferred clock.

You can configure a maximum of 1024 multicast clients on the local device, but a maximum of 128 multicast clients can work simultaneously.

Example

# Configure VLANIF100 to receive NTP multicast packets. The multicast address of the multicast packets is 224.0.1.2.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] quit
[*HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ntp multicast-client 224.0.1.2

# Configure 10GE1/0/1 to receive NTP multicast packets. The multicast address of the multicast packets is 224.0.1.1.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] ntp multicast-client 224.0.1.1

ntp multicast-server

Function

The ntp multicast-server command specifies an interface on the local device to send NTP multicast packets. The local device runs in the multicast server mode.

The undo ntp multicast-server command cancels the NTP multicast server mode.

By default, the multicast server mode is not configured.

Format

ntp multicast-server [ ip-address ] [ version number | authentication-keyid key-id | ttl ttl-number | port port-number ] *

ntp multicast-server [ ipv6 [ ipv6-address ] ] [ authentication-keyid key-id | ttl ttl-number | port port-number ] *

undo ntp multicast-server [ ip-address | ipv6 [ ipv6-address ] ]

Parameters

Parameter Description Value
ip-address Indicates the multicast IP address. The default address is 224.0.1.1.
version number

Indicates the NTP version number.

If this parameter is not specified, the version number is a default value.

The value is an integer that ranges from 1 to 4. The default value is 3.

ipv6 [ ipv6-address ]

Indicates the multicast IPv6 address.

The default IPv6 address is FF0E::0101.
authentication-keyid key-id

Indicates the authentication key ID used when sending messages to the multicast clients.

If this parameter is not specified, authentication is not performed.

The key ID is an integer that ranges from 1 to 4294967295 when the NTP version number is from 1 to 3. When the NTP version number is 4, the key ID is integer that ranges from 1 to 65535. When the remote server address is an IPv6 address, the key ID is an integer that ranges from 1 to 65535.

ttl ttl-number

Indicates the life span of the multicast packet.

If this parameter is not specified, the life span of the multicast packet is a default value.

The ttl number is an integer that ranges from 1 to 255. The default value is 16.
port port-number Specifies the port number to transmit NTP multicast message. The value is 123 or an integer ranging from 1025 to 65535. The default value is 123.

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To perform clock synchronization in the multicast mode, run the ntp multicast-server command to specify the current interface on the local device to send NTP multicast packets. The local device runs in the multicast server mode, and functions as the multicast server to periodically send multicast packets to the multicast client.

Follow-up Procedure

When the configuration is complete, run the display ntp sessions command to obtain session information about the multicast server and the local device.

NOTE:

You can configure a maximum of 128 multicast servers on the local device.

Example

# Configure VLANIF100 to send NTP multicast packets. The multicast IPv4 address is 224.0.1.1, the authentication key ID is 4 and the NTP version number is 3.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] quit
[*HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ntp multicast-server 224.0.1.1 authentication-keyid 4 version 3

# Configure 10GE1/0/1 to send NTP multicast packets. The multicast IPv4 address is 224.0.1.2, the authentication number is 100 and the NTP version number is 3.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] ntp multicast-server 224.0.1.2 authentication-keyid 100 version 3

ntp port

Function

The ntp port command changes the number of the port that sends NTP packets.

The undo ntp port command restores the default port number.

By default, port 123 sends NTP packets.

Format

ntp port port-value

undo ntp port

Parameters

Parameter Description Value
port-value Specifies the number of the port that sends NTP packets. The value is 123 or an integer ranging from 1025 to 65535.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

To improve security of network packets, run the ntp port command to configure the number of the port that sends NTP packets. Therefore, the user firewall filters packets based on the port number.

Example

# Set the number of the port that sends NTP packets to 5000.

<HUAWEI> system-view
[~HUAWEI] ntp port 5000

ntp receive disable

Function

The ntp receive disable command disables an interface from receiving NTP packets.

The undo ntp receive disable command enables an interface to receive NTP packets.

By default, an interface is enabled to receive NTP packets.

Format

ntp [ ipv6 ] receive disable

undo ntp [ ipv6 ] receive disable

Parameters

None

Views

Interface view

Default Level

2: Configuration level

Usage Guidelines

The ntp receive disable command provides a method for access control.

You can disable the interface connected to external devices from receiving NTP packets in either of the following situations:
  • An unreliable clock server exists on the interface. By default, all the interfaces can receive NTP packets after NTP is enabled on the device. However, an unreliable clock source makes NTP clock data inaccurate.
  • The NTP clock data is modified when the interface is attacked maliciously.

Example

# Disable VLANIF100 from receiving NTP packets.

<HUAWEI> system-view
[~HUAWEI] vlan 100
[*HUAWEI-vlan100] quit
[*HUAWEI] interface vlanif 100
[*HUAWEI-Vlanif100] ntp receive disable

# Disable 10GE1/0/1 from receiving NTP packets.

<HUAWEI> system-view
[~HUAWEI] interface 10ge 1/0/1
[~HUAWEI-10GE1/0/1] undo portswitch
[*HUAWEI-10GE1/0/1] ntp receive disable

ntp refclock-master

Function

The ntp refclock-master command sets the local clock to be the NTP primary clock that provides the synchronizing time for other devices.

The undo ntp refclock-master command cancels the configuration of the NTP primary clock.

By default, no NTP primary clock is specified.

Format

ntp refclock-master [ ip-address ] [ stratum ]

undo ntp refclock-master [ ip-address ]

Parameters

Parameter Description Value
ip-address

Specifies the IP address of the local reference clock.

When no IP address is assigned, the local clock whose IP address is 127.127.1.0 is set as the default NTP primary clock.

The value of ip-address is 127.127.1.u, and u ranges from 0 to 3, which represents the number of the selected local clock.

stratum

Specifies the stratum of the NTP primary clock.

If this parameter is not specified, the stratum is a default value.

The value of the stratum is an integer that ranges from 1 to 15. The default value is 8. Timer is accurate if the stratum value is small.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

The local clock is the clock of the device itself. Run the ntp refclock-master command to set the local clock as the NTP primary clock that provides the synchronization time for other devices.

In NTP, the time synchronization in an NTP synchronization subnet is performed from a smaller level to a larger level, that is, from the 1st level to the 15th level. An authoritative clock is used as a reference time source for the synchronization subnet, and is located at the top of the synchronization subnet. The authoritative clock is stratum0. The current authoritative clock is mostly a Radio Clock or the Global Positioning System. The time of the authoritative clock is synchronized through the broadcast UTC time code other than NTP.

Precautions

A device on the network can perform clock synchronization in the following manners.
  • Synchronizing with the local clock: The local clock is used as the reference clock.
  • Synchronizing with another device on the network: This device is used as an NTP clock server to provide a reference clock for the local end.

If both manners are configured, the device selects an optimal clock source through selecting a preferred clock. That is, clocks determined in the two manners are compared to determine which clock is a lower stratum. The clock of a lower stratum is the preferred clock source.

Example

# Set the local clock to be the NTP primary clock, the stratum of which set to 3.

<HUAWEI> system-view
[~HUAWEI] ntp refclock-master 3

ntp source-interface

Function

The ntp source-interface command specifies the local source interface for sending and receiving NTP packets.

The undo ntp source-interface command cancels the current setting.

By default, the local source interface is not specified for sending and receiving NTP packets. The local source interface is automatically determined based on the route.

Format

ntp [ ipv6 ] source-interface interface-type interface-number [ vpn-instance vpn-instance-name ]

undo ntp [ ipv6 ] source-interface [ vpn-instance vpn-instance-name ]

Parameters

Parameter Description Value
ipv6 Indicates that the network type of the local source interface is IPv6. -
interface-type interface-number Indicates the local interface for sending and receiving the NTP packets. -
vpn-instance vpn-instance-name Indicates the name of the VPN instance. The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

Configure the local source interface for sending/receiving NTP packets, so that the IP address of another interface on the device cannot be used as the destination address of a reply packet, which is convenient for a user to subsequently deploy a flow control policy. If the interface is not specified, the source IP address of the NTP packets is selected according to the route.

If you have specified vpn-instance when configuring a source IP address with this command, the source IP address can be used only by the NTP client mapping the specified VPN instance instead of other VPN instances or NTP clients that do not have VPN instances specified.

Precautions

For broadcast and multicast modes, NTP service is implemented on the specified interface, and this interface is the source interface. Therefore, the ntp source-interface command is invalid for broadcast and multicast modes.

Example

# Specify VLANIF100 as the source interface to send all the NTP packets.

<HUAWEI> system-view
[~HUAWEI] ntp source-interface vlanif 100

ntp server disable

Function

The ntp server disable command disables NTP server functionality.

The undo ntp server disable command enables NTP server functionality.

By default, NTP server is enabled.

Format

ntp [ ipv6 ] server disable

undo ntp [ ipv6 ] server disable

Parameters

Parameter Description Value
ipv6 Indicates the NTP IPv6 server. -

Views

System view

Default Level

2: Configuration level

Usage Guidelines

For the security purpose, NTP server functionality can be disabled when the device does not need to act as a server.

Example

# Disable IPv4 NTP server function.

<HUAWEI> system-view
[~HUAWEI] ntp server disable

# Disable IPv6 NTP server function.

<HUAWEI> system-view
[~HUAWEI] ntp ipv6 server disable

ntp sync-interval

Function

The ntp sync-interval command sets the interval at which the clock of the client is synchronized.

The undo ntp sync-interval command restores the default value.

By default, the interval at which the clock of the client is synchronized is 600 seconds.

Format

ntp sync-interval interval

undo ntp sync-interval

Parameters

Parameter Description Value
interval Sets the interval for clock synchronization. The value is an integer that ranges from 180 to 600, in seconds.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the clock of the server changes, the clock of the client is required to be synchronized with the clock of the server. If the clock of the server is unstable, you can run the ntp sync-interval command on the client to reduce the interval.

Precautions

The NTP poll interval must be an integer power of 2; therefore, the interval for the client synchronization is configured as a value closest to the integer power of 2. For example, if the interval configured by the user is 180 seconds, the client is synchronized at any time after 128 seconds.

Example

# Set the interval at which the clock of the client is synchronized to 180 seconds.

<HUAWEI> system-view
[~HUAWEI] ntp sync-interval 180

ntp trusted authentication-keyid

Function

The ntp trusted authentication-keyid command specifies the authentication key to be reliable.

The undo ntp trusted authentication-keyid command cancels the current setting.

By default, no authentication key is specified to be reliable.

Format

ntp trusted authentication-keyid key-id

undo ntp trusted authentication-keyid key-id

Parameters

Parameter Description Value
key-id Indicates the key number.

Key ID is an integer and ranges from 1 to 4294967295 when the NTP version number is from 1 to 3. When the NTP version number is 4, the key ID is integer that ranges from 1 to 65535.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

If the identity authentication is enabled, this command is used to specify that one or more keys are reliable. That is, the client can only be synchronized with the server that provides the reliable key. The client cannot be synchronized with the server that provides unreliable keys.

Example

# Enable the identity authentication in NTP and adopt the HMAC-SHA256 encryption mode with key number as 37 and the key as BetterKey. Specify the key to be reliable.

<HUAWEI> system-view
[~HUAWEI] ntp authentication enable
[*HUAWEI] ntp authentication-keyid 37 authentication-mode hmac-sha256 cipher BetterKey
[*HUAWEI] ntp trusted authentication-keyid 37

ntp unicast-peer

Function

The ntp unicast-peer command configures NTP peer mode.

The undo ntp unicast-peer command cancels the NTP peer mode.

By default, the NTP peer mode is not configured.

Format

ntp unicast-peer ip-address [ version number | authentication-keyid key-id | maxpoll max-number | minpoll min-number | preempt | source-interface interface-type interface-number | vpn-instance vpn-instance-name | preferred | port port-number ] *

ntp unicast-peer ipv6 ipv6-address [ authentication-keyid key-id | maxpoll max-number | minpoll min-number | preempt | source-interface interface-type interface-number | vpn-instance vpn-instance-name | preferred | port port-number ] *

undo ntp unicast-peer { ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]

Parameters

Parameter Description Value
ip-address Indicates the IPv4 address of the remote peer. The parameter ip-address is a host address and cannot be the broadcast address, the multicast address or the IP address of a reference clock.
ipv6 ipv6-address

Indicates the IPv6 address of the remote server.

The value of ipv6-address is a unicast address, and cannot be the IPv6 address of the reference clock.
version number Indicates the NTP version number. If this parameter is not specified, the default version number is used. The version number is an integer that ranges from 1 to 4. By default, it is 3.
authentication-keyid key-id Indicates the authentication key ID used when transmitting messages to the remote peer. If this parameter is not specified, authentication is not performed.

The key ID is an integer that ranges from 1 to 4294967295 when the NTP version number is from 1 to 3. When the NTP version number is 4, the key ID is integer that ranges from 1 to 65535. When the remote server address is an IPv6 address, the key ID is an integer that ranges from 1 to 65535.

maxpoll max-number Indicates the maximum NTP poll interval. The value is an integer that ranges from 10 to 17.
minpoll min-number Indicates the minimum NTP poll interval. The value is an integer that ranges from 3 to 6.
preempt Indicates that the symmetric peer is in preemption mode. If any error, for example, an authentication failure, is detected on the association, the symmetric peer in preemption mode is marked as unavailable for selection. However, when no other symmetric peers are available for selection, this symmetric peer is marked as available. -
source-interface interface-type interface-number Indicates the source interface from which the symmetric active end sends NTP packets to the symmetric passive end. The source IP address of the NTP packets is the IP address of this interface. -
vpn-instance vpn-instance-name Specifies the VPN instance name. The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
preferred Indicates the remote peer as the preferred one. By default, the remote peer is not preferred. -
port port-number Specifies the port number to transmit NTP unicast message. The value is 123 or an integer ranging from 1025 to 65535. The default value is 123.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the clock of a device on the network needs to be synchronized in symmetric peer mode, you can run the ntp unicast-peer command to configure a remote node as the symmetric peer of the device. The local device runs in symmetric active peer mode. In this mode, the device and the remote peer can synchronize clock with each other.

Precautions

A maximum of 128 peers can be configured for the local device. The optimal symmetric peer is selected as the synchronization source.

When a PE is synchronized to another PE or CE in a VPN, the parameter vpn-instance vpn-instance-name needs to be specified.

When the undo ntp unicast-peer command is run, if the parameter vpn-instance vpn-instance-name is specified, cancel the specified NTP symmetric passive peer in the VPN. If the parameter vpn-instance vpn-instance-name is not specified, cancel the specified NTP symmetric passive peer in the public network.

Example

# Configure the peer 10.10.1.1 to provide the synchronizing time for the local device. The local device can also provide synchronizing time for the peer. The version number is 3. The IP address of the NTP packets is the address of VLANIF100.

<HUAWEI> system-view
[~HUAWEI] ntp unicast-peer 10.10.1.1 version 3 source-interface vlanif 100

ntp unicast-server

Function

The ntp unicast-server command configures the NTP server mode.

The undo ntp unicast-server command cancels the NTP server mode.

By default, the NTP server mode is not configured.

Format

ntp unicast-server ip-address [ version number | authentication-keyid key-id | burst | iburst | maxpoll max-number | minpoll min-number | preempt | source-interface interface-type interface-number | vpn-instance vpn-instance-name | preferred | port port-number ] *

ntp unicast-server ipv6 ipv6-address [ authentication-keyid key-id | burst | iburst | maxpoll max-number | minpoll min-number | preempt | source-interface interface-type interface-number | vpn-instance vpn-instance-name | preferred | port port-number ] *

undo ntp unicast-server { ip-address | ipv6 ipv6-address } [ vpn-instance vpn-instance-name ]

Parameters

Parameter Description Value
ip-address Indicates the IPv4 address of the remote server. The value of ip-address must be an IP address of a host, but cannot be a broadcast address, multicast address, or reference clock's IP address.
ipv6 ipv6-address

Indicates the IPv6 address of the remote server.

The value of ipv6-address must be an IP address of a host, but cannot be a multicast address, loopback address, or IP address of a reference clock.
version number Indicates the NTP version number. If this parameter is not specified, the default version number is used. The version number is an integer that ranges from 1 to 4. By default, the version number is 3.
authentication-keyid key-id Indicates the authentication key ID used when messages are transmitted to the remote server. If this parameter is not specified, authentication is not performed.

The key ID is an integer that ranges from 1 to 4294967295 when the NTP version number is from 1 to 3. When the NTP version number is 4, the key ID is integer that ranges from 1 to 65535. When the remote server address is an IPv6 address, the key ID is an integer that ranges from 1 to 65535.

burst

Indicates that a burst of packets is sent within a fixed poll period. When the poll interval is long, this method helps measure the time jitter.

-

iburst

Indicates that the device sends a burst of packets when receiving a response of an unreachable server. This parameter can be used to accelerate synchronization.

-

maxpoll max-number

Indicates the maximum NTP poll interval.

The value is an integer that ranges from 10 to 17.

minpoll min-number

Indicates the minimum NTP poll interval.

The value is an integer that ranges from 3 to 6.

preempt

Indicates that the server is in preemption mode. If any error, for example, an authentication failure, is detected on the association, the server marked as "preempt" is marked as unavailable for selection. However, the server is marked as available for selection when no other servers are available for selection on the network and no error occurs on the association of the server.

-

source-interface interface-type interface-number Indicates the source interface from which the unicast client sends NTP packets to the unicast server. The source IP address of the NTP packets is the IP address of this interface. After the interface is specified, it is used to send and receive NTP unicast packets.

-

vpn-instance vpn-instance-name

Specifies the VPN instance name.

The value is a string of 1 to 31 case-sensitive characters except spaces. When double quotation marks are used to include the string, spaces are allowed in the string. The value _public_ is reserved and cannot be used as the VPN instance name.
preferred Indicates the remote server as the preferred one. By default, the remote server is not preferred. -
port port-number Specifies the port number to transmit NTP unicast message. The value is 123 or an integer ranging from 1025 to 65535. The default value is 123.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

When the clock of a device on the network needs to be synchronized in unicast server/client mode, the command can be run, and the remote server specified by ip-address or ipv6-address is used as the local clock server. The local device runs in client mode. In this mode, the local client can be synchronized to the remote server, but the remote server cannot be synchronized to the local client.

Precautions

A maximum of 128 servers can be configured for the local device. The optimal symmetric peer is selected as the synchronization source.

When a PE is synchronized to another PE or CE in a VPN, the parameter vpn-instance vpn-instance-name needs to be specified.

When the undo ntp unicast-server command is run, if the parameter vpn-instance vpn-instance-name is specified, cancel the specified NTP server in the VPN. If the parameter vpn-instance vpn-instance-name is not specified, cancel the specified NTP server in the public network.

Example

# Configure the server 10.10.1.1 to provide the synchronizing time for the local device.

<HUAWEI> system-view
[~HUAWEI] ntp unicast-server 10.10.1.1

reset ntp statistics packet

Function

The reset ntp statistics packet command clears statistics on NTP packets.

Format

reset ntp statistics packet [ ipv6 | [ ipv6 ] interface { interface-type interface-number | all } | peer [ [ ip-address [ vpn-instance vpn-instance-name ] ] | ipv6 [ ipv6-address [ vpn-instance vpn-instance-name ] ] ] ]

Parameters

Parameter Description Value
ipv6 Clears the statistics about global IPv6 NTP packets. -
interface interface-type interface-number Clears statistics on NTP packets on a specified interface. -
interface all Clears statistics on broadcast packets and multicast packets on all interfaces. -
peer Clears statistics related to NTP peers. -
ip-address Specifies the IP address of an NTP peer. -
vpn-instance vpn-instance-name Specifies the VPN instance bound to an NTP peer. The VPN instance must already exist.
ipv6 Clears the packet statistics on IPv6 peers. -
ipv6-address Clears the NTP packet statistics on the specified IPv6 peer. -

Views

User view

Default Level

3: Management level

Usage Guidelines

When debugging NTP, you can use this command to clear the statistics on NTP.

The statistics on NTP cannot be recovered after being cleared. Confirm before you delete the statistics.

Example

# Clear statistics on NTP packets.

<HUAWEI> reset ntp statistics packet 

# Clear statistics on NTP peers.

<HUAWEI> reset ntp statistics packet peer 
Translation
Download
Updated: 2019-03-21

Document ID: EDOC1000166501

Views: 43097

Downloads: 328

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next