No relevant resource is found in the selected language.
Enterprise
Worldwide
Search
Support Documentation
S2720, S5700, and S6700 V200R019C10 Configuration Guide - Device Management

This document describes the configurations of Device Management, including device status query, hardware management, Stack, SVF, cloud-based management, PoE, monitoring interface, OPS, energy-saving management, information center, fault management, NTP, synchronous ethernet, PTP.

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring the NTP Broadcast Mode with NTP Authentication Enabled

Example for Configuring the NTP Broadcast Mode with NTP Authentication Enabled

Networking Requirements

In Figure 12-13, SwitchA, SwitchB, and SwitchC are located within the same LAN. SwitchA synchronizes its clock with GPS through radio.

To ensure accounting accuracy, clock synchronization is required from SwitchB and SwitchC to SwitchA

Figure 12-13 Configuring the NTP broadcast mode with NTP authentication enabled

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure SwitchA as the master clock server, use its local clock as the NTP master clock, and set the clock stratum to 3.

  2. Configure SwitchA as the NTP broadcast server that sends broadcast packets through VLANIF 10 (the corresponding physical interface is GE0/0/1).

  3. Configure SwitchB and SwitchC as NTP broadcast clients.

  4. Enable NTP authentication to ensure NTP clock synchronization security.

Procedure

  1. Configure IP addresses for SwitchA, SwitchB, and SwitchC.

    # Configure an IP address for SwitchA. The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.

    <HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10 
[SwitchA-vlan10] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.0.0.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit

  2. Configure Layer 2 forwarding on the Switch. 

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/2] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type hybrid
[Switch-GigabitEthernet0/0/3] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/3] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/3] quit

  3. Configure the NTP broadcast server and enable NTP authentication.

    # Configure the local clock of SwitchA as the NTP master clock, and set the clock stratum to 3.

    [SwitchA] ntp-service refclock-master 3

    # Enable NTP authentication.

    [SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
[SwitchA] ntp-service reliable authentication-keyid 16

    # Configure SwitchA as the NTP broadcast server that sends NTP broadcast packets from VLANIF 10, and specify key 16 for encryption.

    [SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ntp-service broadcast-server authentication-keyid 16
[SwitchA-Vlanif10] quit

    # Enable the NTP server function on SwitchA.

    [SwitchA] undo ntp-service server disable

  4. Configure SwitchB as an NTP broadcast client, which is on the same network segment as the NTP server.

    # Enable NTP authentication.

    [SwitchB] ntp-service authentication enable
[SwitchB] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
[SwitchB] ntp-service reliable authentication-keyid 16

    # Configure SwitchB as an NTP broadcast client that listens to NTP broadcast packets on VLANIF 10.

    [SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ntp-service broadcast-client
[SwitchB-Vlanif10] quit

  5. Configure SwitchC as an NTP broadcast client, which is on the same network segment as the NTP server.

    # Enable NTP authentication.

    [SwitchC] ntp-service authentication enable
[SwitchC] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
[SwitchC] ntp-service reliable authentication-keyid 16

    # Configure SwitchC as an NTP broadcast client that listens to NTP broadcast packets on VLANIF 10.

    [SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ntp-service broadcast-client
[SwitchC-Vlanif10] quit

  6. Verify the configuration.

    After the configuration is complete, SwitchB and SwitchC can synchronize their clocks to the clock of SwitchA.

    # Check the NTP status of SwitchC. The clock status is synchronized, indicating that the clock synchronization is complete. The clock stratum is 4, which is one stratum lower than that of the NTP server SwitchA.

    [SwitchC] display ntp-service status
 clock status: synchronized
 clock stratum: 4
 reference clock ID: 10.0.0.1
 nominal frequency: 60.0002 Hz
 actual frequency: 60.0002 Hz
 clock precision: 2^18
 clock offset: 0.0000 ms
 root delay: 0.00 ms
 root dispersion: 0.42 ms
 peer dispersion: 0.00 ms
 reference time: 12:17:21.773 UTC Mar 7 2012(C7B7F851.C5EAF25B)
 synchronization state: clock synchronized

Configuration Files

  • SwitchA configuration file

    #
sysname SwitchA
#
vlan batch 10
#
ntp-service ipv6 server disable 
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#uLLi;!VFkMLO;SAD#:~GS=:/UzP~}1lS2'KT2,.T%^%# 
ntp-service reliable authentication-keyid 16
ntp-service refclock-master 3
#
interface Vlanif10
 ip address 10.0.0.1 255.255.255.0
 ntp-service broadcast-server authentication-keyid 16 
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return

  • SwitchB configuration file

    #
sysname SwitchB
#
vlan batch 10
#
ntp-service server disable
ntp-service ipv6 server disable 
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#cVg6'G;i2*@[$uB@!^}:g$V6+~Hc}V,]M"Y/voeF%^%# 
ntp-service reliable authentication-keyid 16
#
interface Vlanif10
 ip address 10.0.0.2 255.255.255.0
 ntp-service broadcast-client 
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return

  • SwitchC configuration file

    #
sysname SwitchC
#
vlan batch 10
#
ntp-service server disable
ntp-service ipv6 server disable 
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#vLLi;!VFkMLO;SAD#:~GS=:/UzP~}1lS2'KT3,.T%^%#
ntp-service reliable authentication-keyid 16
#
interface Vlanif10
 ip address 10.0.0.3 255.255.255.0
 ntp-service broadcast-client 
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return

  • Switch configuration file

    #
sysname Switch
#
vlan batch 10
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/3
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return
Translation
简体中文
Download
Updated: 2023-03-02

Document ID: EDOC1100127053

Views: 463311

Downloads: 1246

Average rating:
This Document Applies to these Products

Related Version

Related Documents

Digital Signature File

Digital Signature Authentication Mode
Share
Previous Next

Copyright © 2023 Huawei Technologies Co., Ltd. All rights reserved.

You are going to visit :