No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Device Management, including device status query, hardware management, Information Center Configuration, NTP, Synchronous Ethernet Configuration, Fault Management Configuration, Energy-Saving Management Configuration, Performance Management Configuration, Maintenance Assistant Configuration, and OPS Configuration.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Authenticated NTP Unicast Client/Server Mode

Example for Configuring Authenticated NTP Unicast Client/Server Mode

Networking Requirements

As shown in Figure 4-11, SwitchB, SwitchC, and SwitchD are on a local area network (LAN), and are connected to SwitchA through a network. SwitchA has synchronized its clock to an authoritative clock, the Global Positioning System (GPS).

As is required by the user, the three devices SwitchB, SwitchC, and SwitchD on the LAN must synchronize their clocks to the clock of SwitchA to ensure a precise charging service.

Figure 4-11 Networking diagram for configuring NTP unicast client/server mode

Configuration Roadmap

You can configure the authenticated unicast client/server mode to meet the user's requirement for clock synchronization on the LAN. The configuration roadmap is as follows:

  1. Configure SwitchA as the primary time server.

  2. The NTP unicast client/server mode is used to synchronize the clocks of SwitchA and SwitchB. SwitchA functions as the server, and SwitchB functions as the client.

  3. The NTP unicast client/server mode is used to synchronize the clocks of SwitchB, SwitchC, and SwitchD. SwitchB functions as the server, while SwitchC and SwitchD function as the clients.

  4. SwitchA and SwitchB are connected through the network, which is not secure, so that the NTP authentication function is enabled.

NOTE:

When configuring NTP authentication in the unicast client/server mode, enable the NTP authentication on the client, and specify the NTP server address and the authentication key sent to the server. Otherwise, the NTP authentication is not performed, and the NTP client and server are directly synchronized.

Procedure

  1. According to Figure 4-11, configure IP addresses, and configure reachable routes between any two of SwitchA, SwitchB, SwitchC, and SwitchD.

    # Configure an IP address on SwitchA. For details about the configurations of SwitchB, SwitchC, and SwitchD, see "Configuration Files".

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan 100
    [*SwitchA-vlan100] quit
    [*SwitchA] interface vlanif 100
    [*SwitchA-Vlanif100] ip address 10.1.1.1 24
    [*SwitchA-Vlanif100] quit
    [*SwitchA] interface 10ge 1/0/1
    [*SwitchA-10GE1/0/1] port link-type trunk
    [*SwitchA-10GE1/0/1] port trunk pvid vlan 100
    [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 100
    [*SwitchA-10GE1/0/1] quit
    [*SwitchA] ospf 1
    [*SwitchA-ospf-1] area 0
    [*SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
    [*SwitchA-ospf-1-area-0.0.0.0] quit
    [*SwitchA-ospf-1] quit
    

  2. Configure an NTP primary clock, enable the NTP authentication function, and enable the NTP server on SwitchA.

    # Specify the local clock of SwitchA as the primary clock, and set the clock stratum to 2.

    [*SwitchA] ntp refclock-master 2

    # Enable the NTP authentication function, configure the authentication key, and specify the key as reliable.

    [*SwitchA] ntp authentication enable
    [*SwitchA] ntp authentication-keyid 42 authentication-mode hmac-sha256 Hello@123456
    [*SwitchA] ntp trusted authentication-keyid 42
    [*SwitchA] commit

    # Enable the NTP server.

    [*SwitchA] undo ntp server disable
    [*SwitchA] commit

  3. Enable the NTP authentication function and NTP server on SwitchB.

    # Enable the NTP authentication function on SwitchB, configure the authentication key, and specify the key as reliable.

    <SwitchB> system-view
    [~SwitchB] ntp authentication enable
    [*SwitchB] ntp authentication-keyid 42 authentication-mode hmac-sha256 Hello@123456
    [*SwitchB] ntp trusted authentication-keyid 42
    

    # Specify SwitchA as the NTP server of SwitchB, and use the configured authentication key.

    [*SwitchB] ntp unicast-server 10.1.1.1 authentication-keyid 42
    [*SwitchB] commit

    # Enable the NTP server.

    [*SwitchB] undo ntp server disable
    [*SwitchB] commit

  4. Specify on SwitchC that SwitchB functions as the NTP server of SwitchC.

    <SwitchC> system-view
    [~SwitchC] ntp authentication enable
    [*SwitchC] ntp authentication-keyid 42 authentication-mode hmac-sha256 Hello@123456
    [*SwitchC] ntp trusted authentication-keyid 42
    [*SwitchC] ntp unicast-server 10.1.3.1 authentication-keyid 42
    [*SwitchC] commit

  5. Specify on SwitchD that SwitchB functions as the NTP server of SwitchD.

    <SwitchD> system-view
    [~SwitchD] ntp authentication enable
    [*SwitchD] ntp authentication-keyid 42 authentication-mode hmac-sha256 Hello@123456
    [*SwitchD] ntp trusted authentication-keyid 42
    [*SwitchD] ntp unicast-server 10.1.3.1 authentication-keyid 42
    [*SwitchD] commit

  6. Verify the configuration.

    # Check the NTP status of SwitchA.

    [~SwitchA] display ntp status
     clock status: synchronized
     clock stratum: 2
     reference clock ID: LOCAL(0)                                                   
     nominal frequency: 100.0000 Hz                                                 
     actual frequency: 100.0000 Hz                                                  
     clock precision: 2^18                                                          
     clock offset: 0.0000 ms                                                        
     root delay: 0.00 ms                                                            
     root dispersion: 11.18 ms                                                      
     peer dispersion: 10.00 ms                                                      
     reference time: 14:40:00.707 UTC Sep 11 2013(D5DAFF40.B538476F)                
     synchronization state: clock synchronized     

    SwitchB can synchronize its clock with the clock of SwitchA.

    # Check the NTP status of SwitchB, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 3, which is one stratum lower than that of the clock of the server SwitchA.

    [~SwitchB] display ntp status
     clock status: synchronized
     clock stratum: 3
     reference clock ID: 10.1.1.1
     nominal frequency: 100.0000 Hz                                                 
     actual frequency: 100.0000 Hz                                                  
     clock precision: 2^18                                                          
     clock offset: 0.0601 ms                                                        
     root delay: 2.24 ms                                                            
     root dispersion: 21.11 ms                                                      
     peer dispersion: 10.93 ms                                                      
     reference time: 14:41:01.127 UTC Sep 11 2013(D5DAFE15.20B955F7)                
     synchronization state: clock synchronized  

    SwitchC can synchronize its clock with the clock of SwitchB.

    # Check the NTP status of SwitchC, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of the server SwitchB.

    [~SwitchC] display ntp status
     clock status: synchronized
     clock stratum: 4
     reference clock ID: 10.1.3.1
     nominal frequency: 100.0000 Hz                                                 
     actual frequency: 100.0000 Hz                                                  
     clock precision: 2^18                                                          
     clock offset: 0.0601 ms                                                        
     root delay: 2.24 ms                                                            
     root dispersion: 21.11 ms                                                      
     peer dispersion: 10.93 ms                                                      
     reference time: 14:41:40.127 UTC Sep 11 2013(D5DAFE15.20B955F7)                
     synchronization state: clock synchronized  

    # Check the NTP status of SwitchD, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of the server SwitchB.

    [~SwitchD] display ntp status
     clock status: synchronized
     clock stratum: 4
     reference clock ID: 10.1.3.1
     nominal frequency: 100.0000 Hz  
     actual frequency: 100.0000 Hz             
     clock precision: 2^18
     clock offset: 3.8128 ms
     root delay: 31.26 ms
     root dispersion: 74.20 ms
     peer dispersion: 34.30 ms
     reference time: 14:41:24.761 UTC Sep 11 2013(D5DB00C0.C2DB7281)  
     synchronization state: clock synchronized    

Configuration Files

  • Configuration file of SwitchA

    #
    sysname SwitchA
    #
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42  
    ntp refclock-master 2
    ntp authentication enable
    #
    vlan batch 100
    #
    interface Vlanif100
     ip address 10.1.1.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 100
     port trunk allow-pass vlan 100
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
    #
    return
  • Configuration file of SwitchB

    #
    sysname SwitchB
    #
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42
    ntp unicast-server 10.1.1.1 authentication-keyid 42
    ntp authentication enable
    #
    vlan batch 110 to 111
    #
    interface Vlanif110
     ip address 10.1.2.1 255.255.255.0
    #
    interface Vlanif111
     ip address 10.1.3.1 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 110
     port trunk allow-pass vlan 110
    #
    interface 10GE2/0/1
     port link-type trunk
     port trunk pvid vlan 111
     port trunk allow-pass vlan 111
    #
    ospf 1
     area 0.0.0.0
      network 10.1.2.0 0.0.0.255
      network 10.1.3.0 0.0.0.255
    #
    return
  • Configuration file of SwitchC

    #
    sysname SwitchC
    #
    ntp server disable
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42
    ntp unicast-server 10.1.3.1 authentication-keyid 42
    ntp authentication enable
    #
    vlan batch 111
    #
    interface Vlanif111
     ip address 10.1.3.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 111
     port trunk allow-pass vlan 111
    #
    return
  • Configuration file of SwitchD

    #
    sysname SwitchD
    #
    ntp server disable
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42
    ntp unicast-server 10.1.3.1 authentication-keyid 42
    ntp authentication enable
    #
    vlan batch 111
    #
    interface Vlanif111
     ip address 10.1.3.3 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 111
     port trunk allow-pass vlan 111
    #
    return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074722

Views: 11161

Downloads: 10

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next