No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Configuration Guide - Device Management

CloudEngine 12800 and 12800E V200R005C10

This document describes the configurations of Device Management, including device status query, hardware management, Information Center Configuration, NTP, Synchronous Ethernet Configuration, Fault Management Configuration, Energy-Saving Management Configuration, Performance Management Configuration, Maintenance Assistant Configuration, and OPS Configuration.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring Authenticated NTP Broadcast Mode

Example for Configuring Authenticated NTP Broadcast Mode

Networking Requirements

As shown in Figure 4-13, SwitchF, SwitchC, and SwitchD are on a local area network (LAN). SwitchA directly connects to SwitchF. SwitchC has synchronized its clock to an authoritative clock, the Global Positioning System (GPS).

To provide charging services, all switches (except SwitchA) in Figure 4-13 are required to synchronize their clocks to a standard clock. SwitchA is outside the charging range, and does not need to synchronize its clock to the standard clock.

Figure 4-13 Networking diagram for configuring authenticated NTP broadcast mode

Configuration Roadmap

You can configure the NTP protocol to synchronize time, and use the authenticated NTP broadcast mode to meet the user's requirement. The configuration roadmap is as follows:

  1. Configure SwitchC as the primary time server, use the local clock as the NTP primary clock, and set the clock stratum to 3.

  2. Configure SwitchC as the NTP broadcast server that sends broadcast packets from interface VLANIF10 (the corresponding physical interface is 10GE1/0/1).

  3. Configure SwitchA, SwitchD and SwitchF as NTP broadcast clients. SwitchA uses VLANIF20 (the corresponding physical interface is 10GE1/0/1) to listen to the broadcast packets. SwitchD uses VLANIF10 (the corresponding physical interface is 10GE1/0/1) to listen to the broadcast packets. SwitchF uses interface VLANIF10 (the corresponding physical interface is 10GE2/0/1) to listen to the broadcast packets.

  4. To strengthen the network security, the NTP authentication function is enabled.

Procedure

  1. Configure an IP address for each interface according to Figure 4-13, and configure reachable routes between the switches.

    # Configure an IP address for the interface and configure a routing protocol on SwitchA.

    <HUAWEI> system-view
    [~HUAWEI] sysname SwitchA
    [*HUAWEI] commit
    [~SwitchA] vlan 20
    [*SwitchA-vlan20] quit
    [*SwitchA] interface 10ge 1/0/1
    [*SwitchA-10GE1/0/1] port link-type trunk
    [*SwitchA-10GE1/0/1] port trunk pvid vlan 20 
    [*SwitchA-10GE1/0/1] port trunk allow-pass vlan 20
    [*SwitchA-10GE1/0/1] quit
    [*SwitchA] interface vlanif 20
    [*SwitchA-vlanif20] ip address 10.1.1.1 24
    [*SwitchA-vlanif20] quit
    [*SwitchA] ospf 1
    [*SwitchA-ospf-1] area 0
    [*SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
    [*SwitchA-ospf-1-area-0.0.0.0] quit
    [*SwitchA-ospf-1] quit
    [*SwitchA] commit

    For details about the configurations of SwitchC, SwitchD, and SwitchF, see "Configuration Files".

  2. Configure the NTP broadcast server, and enable the authentication.

    # Configure the local clock of SwitchC as the NTP primary clock, and set the clock stratum to 3.
    <SwitchC> system-view
    [~SwitchC] ntp refclock-master 3
    # Enable NTP authentication.
    [*SwitchC] ntp authentication enable
    [*SwitchC] ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher Hello@123456
    [*SwitchC] ntp trusted authentication-keyid 42
    # Configure SwitchC as the NTP broadcast server that sends NTP broadcast packets from VLANIF10, and specify the key with the ID 42 for encryption.
    [*SwitchC] interface vlanif 10
    [*SwitchC-Vlanif10] ntp broadcast-server authentication-keyid 42
    [*SwitchC-Vlanif10] quit
    [*SwitchC] commit

    # Enable the NTP server on SwitchC.

    [*SwitchC] undo ntp server disable
    [*SwitchC] commit

  3. Configure the NTP broadcast client SwitchD on a network segment the same as that of the NTP server.

    # Enable NTP authentication.
    <SwitchD> system-view
    [~SwitchD] ntp authentication enable
    [*SwitchD] ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher Hello@123456
    [*SwitchD] ntp trusted authentication-keyid 42
    # Configure SwitchD as the NTP broadcast client that listens to the NTP broadcast packets from interface VLANIF10.
    [*SwitchD] interface vlanif 10
    [*SwitchD-Vlanif10] ntp broadcast-client
    [*SwitchD-Vlanif10] quit
    [*SwitchD] commit

    After the configuration is complete, SwitchD synchronizes its clock to that of SwitchC. For details about the configuration of SwitchF, which is similar to that of SwitchD, see the corresponding configuration file.

  4. Configure the NTP broadcast client SwitchA on a network segment different from that of the server.

    # Enable NTP authentication.
    [~SwitchA] ntp authentication enable
    [*SwitchA] ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher Hello@123456
    [*SwitchA] ntp trusted authentication-keyid 42
    # Configure SwitchA as the NTP broadcast client that listens to the NTP broadcast packets from interface VLANIF20.
    [*SwitchA] interface vlanif 20
    [*SwitchA-Vlanif20] ntp broadcast-client
    [*SwitchA-Vlanif20] quit
    [*SwitchA] commit

  5. Verify the configuration.

    After the preceding configuration is complete, SwitchD and SwitchF can synchronize its clock to that of SwitchC, but SwitchA cannot synchronize its clock to that of SwitchC.

    This is because SwitchA is on a network segment different from that of SwitchC, but SwitchD and SwitchF are on a network segment the same as that of SwitchC.

    # Check the NTP status of SwitchD, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of SwitchC.

    [~SwitchD] display ntp status
     clock status: synchronized
     clock stratum: 4
     reference clock ID: 10.1.2.3
     nominal frequency: 100.0000 Hz                                                 
     actual frequency: 100.0000 Hz                                                  
     clock precision: 2^17                                                          
     clock offset: 0.7305 ms                                                        
     root delay: 5.32 ms                                                            
     root dispersion: 34.86 ms                                                      
     peer dispersion: 24.28 ms                                                      
     reference time: 15:32:43.134 UTC Sep 11 2013(D5DB0B9B.2271BCDB)                
     synchronization state: clock synchronized    

    # Check the NTP status of SwitchF, and you can find that the clock status is "synchronized", indicating that the synchronization is complete. The stratum of the clock is 4, which is one stratum lower than that of the clock of SwitchC.

    [~SwitchF] display ntp status
     clock status: synchronized
     clock stratum: 4
     reference clock ID: 10.1.2.3
     nominal frequency: 100.0000 Hz                                                 
     actual frequency: 100.0000 Hz                                                  
     clock precision: 2^17                                                          
     clock offset: 0.7192 ms                                                        
     root delay: 5.32 ms                                                            
     root dispersion: 35.82 ms                                                      
     peer dispersion: 24.28 ms                                                      
     reference time: 15:32:43.134 UTC Sep 11 2013(D5DB0B9B.2271BCDB)                
     synchronization state: clock synchronized    

Configuration Files

  • Configuration file of SwitchA

    #
    sysname SwitchA
    #
    ntp server disable
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42
    ntp authentication enable
    #
    vlan batch 20
    #
    interface Vlanif20
     ip address 10.1.1.1 255.255.255.0
     ntp broadcast-client
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 20
     port trunk allow-pass vlan 20
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
    #
    return
  • Configuration file of SwitchC

    #
    sysname SwitchC
    #
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42
    ntp refclock-master 3
    ntp authentication enable
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.2.3 255.255.255.0
     ntp broadcast-server authentication-keyid 42
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 10
     port trunk allow-pass vlan 10
    #
    ospf 1
     area 0.0.0.0
      network 10.1.2.0 0.0.0.255
    #
    return
  • Configuration file of SwitchD

    #
    sysname SwitchD
    #
    ntp server disable
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42
    ntp authentication enable
    #
    vlan batch 10
    #
    interface Vlanif10
     ip address 10.1.2.4 255.255.255.0
     ntp broadcast-client
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 10
     port trunk allow-pass vlan 10
    #
    return
  • Configuration file of SwitchF

    #
    sysname SwitchF
    #
    ntp server disable
    ntp ipv6 server disable
    ntp authentication-keyid 42 authentication-mode hmac-sha256 cipher %^%#fhKx(LFg)~2:d23J_(t~RNcW9g#Bv7}a[7(%$HG-%^%# 
    ntp trusted authentication-keyid 42
    ntp authentication enable
    #
    vlan batch 10 20
    #
    interface Vlanif10
     ip address 10.1.2.2 255.255.255.0
     ntp broadcast-client
    #
    interface Vlanif20
     ip address 10.1.1.2 255.255.255.0
    #
    interface 10GE1/0/1
     port link-type trunk
     port trunk pvid vlan 20
     port trunk allow-pass vlan 20
    #
    interface 10GE2/0/1
     port link-type trunk
     port trunk pvid vlan 10
     port trunk allow-pass vlan 10
    #
    ospf 1
     area 0.0.0.0
      network 10.1.1.0 0.0.0.255
      network 10.1.2.0 0.0.0.255
    #
    return
Translation
Download
Updated: 2019-04-20

Document ID: EDOC1100074722

Views: 17967

Downloads: 20

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next