No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

S2720, S5700, and S6720 V200R013C00

This document describes the configurations of Device Management, including device status query, hardware management, Stack, SVF, cloud-based management, PoE, monitoring interface, OPS, energy-saving management, information center, fault management, NTP, synchronous ethernet, PTP.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the NTP Broadcast Mode with NTP Authentication Enabled

Example for Configuring the NTP Broadcast Mode with NTP Authentication Enabled

Networking Requirements

In Figure 12-13, SwitchA, SwitchB, and SwitchC are located within the same LAN. SwitchA synchronizes its clock with GPS through radio.

To ensure accounting accuracy, clock synchronization is required from SwitchB and SwitchC to SwitchA

Figure 12-13  Configuring the NTP broadcast mode with NTP authentication enabled

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure SwitchA as the master clock server, use its local clock as the NTP master clock, and set the clock stratum to 3.

  2. Configure SwitchA as the NTP broadcast server that sends broadcast packets through VLANIF 10 (the corresponding physical interface is GE0/0/1).

  3. Configure SwitchB and SwitchC as NTP broadcast clients.

  4. Enable NTP authentication to ensure NTP clock synchronization security.

Procedure

  1. Configure IP addresses for SwitchA, SwitchB, and SwitchC.

    # Configure an IP address for SwitchA. The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.

    <HUAWEI> system-view
    [HUAWEI] sysname SwitchA
    [SwitchA] vlan 10 
    [SwitchA-vlan10] quit
    [SwitchA] interface vlanif 10
    [SwitchA-Vlanif10] ip address 10.0.0.1 24
    [SwitchA-Vlanif10] quit
    [SwitchA] interface gigabitethernet 0/0/1
    [SwitchA-GigabitEthernet0/0/1] port link-type hybrid
    [SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
    [SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
    [SwitchA-GigabitEthernet0/0/1] quit
    

  2. Configure Layer 2 forwarding on the Switch.

    <HUAWEI> system-view
    [HUAWEI] sysname Switch
    [Switch] vlan 10
    [Switch-vlan10] quit
    [Switch] interface gigabitethernet 0/0/1
    [Switch-GigabitEthernet0/0/1] port link-type hybrid
    [Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
    [Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
    [Switch-GigabitEthernet0/0/1] quit
    [Switch] interface gigabitethernet 0/0/2
    [Switch-GigabitEthernet0/0/2] port link-type hybrid
    [Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 10
    [Switch-GigabitEthernet0/0/2] port hybrid pvid vlan 10
    [Switch-GigabitEthernet0/0/2] quit
    [Switch] interface gigabitethernet 0/0/3
    [Switch-GigabitEthernet0/0/3] port link-type hybrid
    [Switch-GigabitEthernet0/0/3] port hybrid untagged vlan 10
    [Switch-GigabitEthernet0/0/3] port hybrid pvid vlan 10
    [Switch-GigabitEthernet0/0/3] quit

  3. Configure the NTP broadcast server and enable NTP authentication.

    # Configure the local clock of SwitchA as the NTP master clock, and set the clock stratum to 3.

    [SwitchA] ntp-service refclock-master 3

    # Enable NTP authentication.

    [SwitchA] ntp-service authentication enable
    [SwitchA] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
    [SwitchA] ntp-service reliable authentication-keyid 16

    # Configure SwitchA as the NTP broadcast server that sends NTP broadcast packets from VLANIF 10, and specify key 16 for encryption.

    [SwitchA] interface vlanif 10
    [SwitchA-Vlanif10] ntp-service broadcast-server authentication-keyid 16
    [SwitchA-Vlanif10] quit

    # Enable the NTP server function on SwitchA.

    [SwitchA] undo ntp-service server disable

  4. Configure SwitchB as an NTP broadcast client, which is on the same network segment as the NTP server.

    # Enable NTP authentication.

    [SwitchB] ntp-service authentication enable
    [SwitchB] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
    [SwitchB] ntp-service reliable authentication-keyid 16
    

    # Configure SwitchB as an NTP broadcast client that listens to NTP broadcast packets on VLANIF 10.

    [SwitchB] interface vlanif 10
    [SwitchB-Vlanif10] ntp-service broadcast-client
    [SwitchB-Vlanif10] quit

  5. Configure SwitchC as an NTP broadcast client, which is on the same network segment as the NTP server.

    # Enable NTP authentication.

    [SwitchC] ntp-service authentication enable
    [SwitchC] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
    [SwitchC] ntp-service reliable authentication-keyid 16
    

    # Configure SwitchC as an NTP broadcast client that listens to NTP broadcast packets on VLANIF 10.

    [SwitchC] interface vlanif 10
    [SwitchC-Vlanif10] ntp-service broadcast-client
    [SwitchC-Vlanif10] quit

  6. Verify the configuration.

    After the configuration is complete, SwitchB and SwitchC can synchronize their clocks to the clock of SwitchA.

    # Check the NTP status of SwitchC. The clock status is synchronized, indicating that the clock synchronization is complete. The clock stratum is 4, which is one stratum lower than that of the NTP server SwitchA.

    [SwitchC] display ntp-service status
     clock status: synchronized
     clock stratum: 4
     reference clock ID: 10.0.0.1
     nominal frequency: 60.0002 Hz
     actual frequency: 60.0002 Hz
     clock precision: 2^18
     clock offset: 0.0000 ms
     root delay: 0.00 ms
     root dispersion: 0.42 ms
     peer dispersion: 0.00 ms
     reference time: 12:17:21.773 UTC Mar 7 2012(C7B7F851.C5EAF25B)
     synchronization state: clock synchronized  

Configuration Files

  • SwitchA configuration file

    #
    sysname SwitchA
    #
    vlan batch 10
    #
    ntp-service ipv6 server disable 
    ntp-service authentication enable
    ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#uLLi;!VFkMLO;SAD#:~GS=:/UzP~}1lS2'KT2,.T%^%# 
    ntp-service reliable authentication-keyid 16
    ntp-service refclock-master 3
    #
    interface Vlanif10
     ip address 10.0.0.1 255.255.255.0
     ntp-service broadcast-server authentication-keyid 16 
    #
    interface GigabitEthernet0/0/1
     port link-type hybrid
     port hybrid pvid vlan 10
     port hybrid untagged vlan 10
    #
    return
  • SwitchB configuration file

    #
    sysname SwitchB
    #
    vlan batch 10
    #
    ntp-service server disable
    ntp-service ipv6 server disable 
    ntp-service authentication enable
    ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#cVg6'G;i2*@[$uB@!^}:g$V6+~Hc}V,]M"Y/voeF%^%# 
    ntp-service reliable authentication-keyid 16
    #
    interface Vlanif10
     ip address 10.0.0.2 255.255.255.0
     ntp-service broadcast-client 
    #
    interface GigabitEthernet0/0/1
     port link-type hybrid
     port hybrid pvid vlan 10
     port hybrid untagged vlan 10
    #
    return
  • SwitchC configuration file

    #
    sysname SwitchC
    #
    vlan batch 10
    #
    ntp-service server disable
    ntp-service ipv6 server disable 
    ntp-service authentication enable
    ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#vLLi;!VFkMLO;SAD#:~GS=:/UzP~}1lS2'KT3,.T%^%#
    ntp-service reliable authentication-keyid 16
    #
    interface Vlanif10
     ip address 10.0.0.3 255.255.255.0
     ntp-service broadcast-client 
    #
    interface Vlanif20
     ip address 10.1.1.2 255.255.255.0
    #
    interface GigabitEthernet0/0/1
     port link-type hybrid
     port hybrid pvid vlan 10
     port hybrid untagged vlan 10
    #
    return
  • Switch configuration file

    #
    sysname Switch
    #
    vlan batch 10
    #
    interface GigabitEthernet0/0/1
     port link-type hybrid
     port hybrid pvid vlan 10
     port hybrid untagged vlan 10
    #
    interface GigabitEthernet0/0/2
     port link-type hybrid
     port hybrid pvid vlan 10
     port hybrid untagged vlan 10
    #
    interface GigabitEthernet0/0/3
     port link-type hybrid
     port hybrid pvid vlan 10
     port hybrid untagged vlan 10
    #
    return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100065674

Views: 48703

Downloads: 426

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next