H3C H3C S5600 Series Operating instructions
- Type
- Operating instructions
H3C S5600 Series Ethernet Switches are high-performance, cost-effective, and easy-to-manage switches designed for small and medium-sized businesses. With a variety of models to choose from, the S5600 Series offers a flexible solution for a wide range of networking needs.
These switches provide Layer 2 switching capabilities, including VLANs, trunking, and spanning tree, as well as advanced features such as QoS, ACLs, and IGMP snooping. The S5600 Series also supports IPv4 and IPv6 routing, making it a versatile choice for businesses that are migrating to the next-generation Internet protocol.
H3C S5600 Series Ethernet Switches are high-performance, cost-effective, and easy-to-manage switches designed for small and medium-sized businesses. With a variety of models to choose from, the S5600 Series offers a flexible solution for a wide range of networking needs.
These switches provide Layer 2 switching capabilities, including VLANs, trunking, and spanning tree, as well as advanced features such as QoS, ACLs, and IGMP snooping. The S5600 Series also supports IPv4 and IPv6 routing, making it a versatile choice for businesses that are migrating to the next-generation Internet protocol.
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Table of Contents
i
Table of Contents
Chapter 1 NTP Configuration.......................................................................................................1-1
1.1 Introduction to NTP............................................................................................................1-1
1.1.1 Applications of NTP................................................................................................. 1-1
1.1.2 Working Principle of NTP........................................................................................1-2
1.1.3 NTP Implementation Mode .....................................................................................1-3
1.2 NTP Implementation Mode Configuration .........................................................................1-5
1.2.1 Prerequisites ........................................................................................................... 1-5
1.2.2 Configuring NTP Implementation Modes................................................................1-6
1.3 Access Control Permission Configuration.........................................................................1-8
1.4 NTP Authentication Configuration.....................................................................................1-8
1.4.1 Prerequisites ........................................................................................................... 1-9
1.4.2 Configuring NTP Authentication.............................................................................. 1-9
1.5 Configuration of Optional NTP Parameters.....................................................................1-11
1.6 Displaying and Debugging NTP.......................................................................................1-12
1.7 Configuration Example .................................................................................................... 1-13
1.7.1 NTP Server Mode Configuration........................................................................... 1-13
1.7.2 NTP Peer Mode Configuration.............................................................................. 1-14
1.7.3 NTP Broadcast Mode Configuration.....................................................................1-16
1.7.4 NTP Multicast Mode Configuration.......................................................................1-18
1.7.5 NTP Server Mode with Authentication Configuration............................................1-20
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-1
Chapter 1 NTP Configuration
1.1 Introduction to NTP
Network time protocol (NTP) is a time synchronization protocol defined by RFC1305. It
is used for time synchronization among a set of distributed time servers and clients.
NTP transmits packets through UDP port 123.
NTP is intended for time synchronization of all devices that have clocks in a network, so
that the clocks of all devices can keep consistent. This enables the applications that
require unified time.
A system running NTP not only can be synchronized by other clock sources, but also
can serve as a clock source to synchronize other clocks. Besides, it can synchronize, or
be synchronized by other systems by exchanging NTP packets.
1.1.1 Applications of NTP
NTP is mainly applied to synchronizing the clocks of all the network devices in a
network. For example:
z In network management, the analysis of the log information and debugging
information collected from different devices is meaningful and valid only when
network devices that generate the information adopts the same time.
z The accounting system requires that the clocks of all the network devices be
consistent.
z Some functions, such as restarting all the network devices in a network
simultaneously require that they adopt the same time.
z When multiple systems cooperate to handle a rather complex event, to ensure a
correct execution order, they must adopt the same time.
z To perform incremental backup operations between a backup server and a host,
you must make sure they adopt the same time.
As setting the system time manually in a network with many devices leads to a lot of
workload and cannot ensure the accuracy, it is unfeasible for an administrator to
perform the operation. However, an administrator can synchronize the devices in a
network with required accuracy by performing NTP configuration.
NTP benefits from the following advantages:
z Defining the accuracy of clocks by strata to synchronize the time of all the devices
in a network quickly
z Supporting access control and MD5 authentication
z Sending protocol packets in unicast, multicast or broadcast mode
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-2
Note:
z The accuracy of a clock is determined by its stratum, which ranges from 1 to 16. The
stratum of the reference clock ranges from 1 to 15. The accuracy descends with the
increasing of stratum number. The clocks with the stratum of 16 are in
unsynchronized state and cannot serve as reference clocks.
z The local clock of an S5600 series switch cannot operate as a reference clock. And
an S5600 series switch can serve as a time server only when it is synchronized.
1.1.2 Working Principle of NTP
The working principle of NTP is shown in Figure 1-1.
In Figure 1-1, The Ethernet switch A (LS_A) is connected to the Ethernet switch B
(LS_B) through their Ethernet ports. Both of them have system clocks of their own, and
they need to synchronize the clocks of each other through NTP. For ease of
understanding, suppose that:
z Before the system clocks of LS_A and LS_B are synchronized, the clock of LS_A
is set to 10:00:00am, and the clock of LS_B is set to 11:00:00am.
z LS_B serves as the NTP time server, that is, the clock of LS_A will be
synchronized to that of LS_B.
z It takes one second for a packet sent by one switch to reach the other.
Netw ork
Netw or k
NTP Packet10:00:00am
Netw or k
Netw or k
11:00:01am
10:00:00am 11:00:01am 11:00:02am
10:00:00am
NTP Packet received at 10:00:03
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS
LS
_B
_B
LS
LS
_B
_B
NTP Packet
NTP Packet
Netw or k
Netw or k
NTP Packet10:00:00 am
Netw or k
Netw or k
11:00:01 am
10:00:00 am 11:00:01 am 11:00:02 am
10:00:00 am
NTP Packet received at 10:00:03 am
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS
LS
_B
_B
LS
LS
_B
_B
NTP Packet
NTP Packet
Netw or k
Netw or k
NTP Packet10:00:00am
Netw or k
Netw or k
11:00:01am
10:00:00am 11:00:01am 11:00:02am
10:00:00am
NTP Packet received at 10:00:03
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS
LS
_B
_B
LS
LS
_B
_B
NTP Packet
NTP Packet
Netw ork
Netw ork
NTP Packet 10:00:00 am
Netw or k
Netw or k
11:00:01 am
10:00:00 am 11:00:01 am 11:00:02 am
10:00:00 am
NTP Packet received at 10:00:03 am
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS_B
LS_
B
LS_
LS_B
B
NTP Packet
NTP Packet
Netw or k
Netw or k
NTP Packet10:00:00am
Netw or k
Netw or k
11:00:01am
10:00:00am 11:00:01am 11:00:02am
10:00:00am
NTP Packet received at 10:00:03
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS
LS
_B
_B
LS
LS
_B
_B
NTP Packet
NTP Packet
Netw or k
Netw or k
NTP Packet10:00:00 am
Netw or k
Netw or k
11:00:01 am
10:00:00 am 11:00:01 am 11:00:02 am
10:00:00 am
NTP Packet received at 10:00:03 am
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS
LS
_B
_B
LS
LS
_B
_B
NTP Packet
NTP Packet
Netw or k
Netw or k
NTP Packet10:00:00am
Netw or k
Netw or k
11:00:01am
10:00:00am 11:00:01am 11:00:02am
10:00:00am
NTP Packet received at 10:00:03
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS
LS
_B
_B
LS
LS
_B
_B
NTP Packet
NTP Packet
Netw ork
Netw ork
NTP Packet 10:00:00 am
Netw or k
Netw or k
11:00:01 am
10:00:00 am 11:00:01 am 11:00:02 am
10:00:00 am
NTP Packet received at 10:00:03 am
1.
2.
3.
4.
LS_A
LS_A
LS_A
LS_A
LS_B
LS_
B
LS_
LS_B
B
NTP Packet
NTP Packet
Figure 1-1 Working principle of NTP
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-3
The procedures of synchronizing system clocks are as follows:
z LS_A sends an NTP packet to LS_B, with the timestamp identifying the time when
it is sent (that is, 10:00:00am, noted as T
1
) carried.
z When the packet arrives at LS_B, LS_B inserts its own timestamp, which identifies
11:00:01am (noted as T
2
) into the packet.
z Before this NTP packet leaves LS_B, LS_B inserts its own timestamp once again,
which identifies 11:00:02am (noted as T
3
).
z When receiving the response packet, LS_A inserts a new timestamp, which
identifies 10:00:03am (noted as T
4
), into it.
At this time, LS_A has enough information to calculate the following two parameters:
z The delay for an NTP packet to make a round trip between LS_A and LS_B: delay
= (T
4
-T
1
)-(T
3
-T
2
).
z The time offset of LS_A with regard to LS_B: offset = ((T
2
-T
1
) + (T
3
-T
4
))/2.
LS_A can then set its own clock according to the above information to synchronize its
clock to that of LS_B.
For the detailed information, refer to RFC1305.
1.1.3 NTP Implementation Mode
To accommodate networks of different structures and switches in different network
positions, NTP can operate in multiple modes, as described in the following.
I. Client/Server mode
Netw ork
Client Server
Clock synchronization
request packet
Response packetFilter and select clocks
and synchronize its
ow n clock to that of
the selected server
Netw ork
Client
Work as a server
automatically and
send response
packets
Server
Response packetFilter and select clocks
and synchronize its
ow n clock to that of
the selected server
Netw ork
Client
Work as a server
automatically and
send response
packets
Server
Clock synchronization
request packet
Response packetFilter and select clocks
and synchronize its
ow n clock to that of
the selected server
Netw ork
Client
Work as a server
automatically and
send response
packets
Server
Response packetFilter and select clocks
and synchronize its
ow n clock to that of
the selected server
Work as a server
automatically and
send response
packets
e
Figure 1-2 NTP implementation mode: client/Sever mod
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-4
e peer
II. Peer mode
Active peer Passiv
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
In peer mode, both
sides are synchronized
to the clock with
smaller stratum
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
Active peer Passiv
e peer
Netw or k
Clock synchronization
request packet
Oper
peer m
ates in the passive
ode automatically
Netw or k
Response packet
Synchronize
In peer mode, both
sides are synchronized
to the clock with
smaller stratum
Figure 1-3 NTP implementation mode: peer mode
In peer mode, the active peer sends clock synchronization packets first, and its peer
works as a passive peer automatically.
If both of the peers have reference clocks, the one with smaller stratum is adopted.
III. Broadcast mode
Netw ork
ClientServer
Broadcast clock synchronization
packets periodically
Client/Server mode request
Initiate a clien
request after
first broadcas
t/server mode
receiving the
t packet
Response packet
Obtain the de
client and the
a client in bro
lay betw een the
server and work as
adcast mode
Broadcast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Receive broa
synchronize it
dcast packets and
s local clock
Netw ork
ClientServer
Broadcast clock synchronization
packets periodically
request after
first broadcas
receiving the
t packet
Response packet
Obtain the de
client and the
lay betw een the
server and work as
Broadcast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Receive broa
synchronize it
dcast packets and
s local clock
Netw ork
ClientServer
Broadcast clock synchronization
packets periodically
Client/Server mode request
Initiate a clien
request after
first broadcas
t/server mode
receiving the
t packet
Response packet
Obtain the de
client and the
a client in bro
lay betw een the
server and work as
adcast mode
Broadcast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Receive broa
synchronize it
dcast packets and
s local clock
Netw ork
ClientServer
Broadcast clock synchronization
packets periodically
request after
first broadcas
receiving the
t packet
Response packet
Obtain the de
client and the
lay betw een the
server and work as
Broadcast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Receive broa
synchronize it
dcast packets and
s local clock
e
Figure 1-4 NTP implementation mode: broadcast mod
IV. Multicast mode
Netw ork
ClientServer
Multicast clock synchronization
packets periodically
Client/Server model request
Initiate a cli
request af
first multica
ent/server mode
ter receiving the
st packet
Response packet
Multicast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Obtain the
client and th
as a client i
Receive mu
synchroniz
delay betw een the
e server and work
n multicast mode
lticast packets and
e its local clock
Netw ork
ClientServer
Multicast clock synchronization
packets periodically
Client/Server model request
request af
first multica
ter receiving the
st packet
Response packet
Multicast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Obtain the
client and th
Receive mu
synchroniz
delay betw een the
e server and work
lticast packets and
e its local clock
Netw ork
ClientServer
Multicast clock synchronization
packets periodically
Client/Server model request
Initiate a cli
request af
first multica
ent/server mode
ter receiving the
st packet
Response packet
Multicast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Obtain the
client and th
as a client i
Receive mu
synchroniz
delay betw een the
e server and work
n multicast mode
lticast packets and
e its local clock
Netw ork
ClientServer
Multicast clock synchronization
packets periodically
Client/Server model request
request af
first multica
ter receiving the
st packet
Response packet
Multicast clock synchronization
packets periodically
Work as a server
automatically and
send response
packets
Obtain the
client and th
Receive mu
synchroniz
delay betw een the
e server and work
lticast packets and
e its local clock
e
Figure 1-5 NTP implementation mode: multicast mod
Table 1-1 describes how the above mentioned NTP modes are implemented on an
S5600 series switch.
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-5
Table 1-1 NTP implementation modes on an S5600 series switch
NTP implementation mode Configuration on S5600 switches
Client/Server mode
Configure the S5600 switch to operate in the NTP
server mode. In this case, the remote server
operates as the local time server, and the S5600
switch operates as the client.
Peer mode
Configure the S5600 switch to operate in NTP peer
mode. In this case, the remote server operates as
the peer of the S5600 switch, and the S5600 switch
operates as the active peer.
Broadcast mode
z Configure the S5600 switch to operate in NTP
broadcast server mode. In this case, the S5600
switch broadcast NTP packets through the VLAN
interface configured on the switch.
z Configure the S5600 switch to operate in NTP
broadcast client mode. In this case, the S5600
switch receives broadcast NTP packets through
the VLAN interface configured on the switch.
Multicast mode
z Configure the S5600 to operate in NTP multicast
server mode. In this case, the S5600 switch
sends multicast NTP packets through the VLAN
interface configure on the switch.
z Configure the S5600 switch to operate in NTP
multicast client mode. In this case, the S5600
switch receives multicast NTP packets through
the VLAN interface configure on the switch.
1.2 NTP Implementation Mode Configuration
A switch can operate in the following NTP modes:
z NTP client mode
z NTP server mode
z NTP peer mode
z NTP broadcast server mode
z NTP broadcast client mode
z NTP multicast server mode
z NTP multicast client mode
1.2.1 Prerequisites
When an S5600 switch operates in NTP server mode or NTP peer mode, you need to
perform configuration on the client or the active peer only. When an S5600 switch
operates in NTP broadcast mode or NTP multicast mode, you need to perform
configurations on both the server side and the client side.
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-6
1.2.2 Configuring NTP Implementation Modes
Table 1-2 Configure NTP implementation modes
Operation Command Description
Enter system view
system-view
—
Configure to operate in
the NTP client mode
ntp-service
unicast-server
{ remote-ip |
server-name }
[ authentication-keyid
key-id | priority |
source-interface
interface-type
interface-number |
version number ]*
Optional
By default, no Ethernet
switch operates in the NTP
client mode
Configure to operate in
the NTP peer mode
ntp-service
unicast-peer { remote-ip
| peer-name }
[ authentication-keyid
key-id | priority |
source-interface
interface-type
interface-number |
version number ]*
Optional
By default, no Ethernet
switch operates in the NTP
peer mode
Enter VLAN interface
view
interface Vlan-interface
vlan-id
—
Configure to operate in
the NTP broadcast
client mode
ntp-service
broadcast-client
Optional
By default, no Ethernet
switch operates in the NTP
broadcast client mode
Configure to operate in
the NTP broadcast
server mode
ntp-service
broadcast-server
[ authentication-keyid
key-id | version
number ]*
Optional
By default, no Ethernet
switch operates in the NTP
broadcast server mode
Configure to operate in
the NTP multicast client
mode
ntp-service
multicast-client
[ ip-address ]
Optional
By default, no Ethernet
switch operates in the NTP
multicast client mode
Configure to operate in
the NTP multicast
server mode
ntp-service
multicast-server
[ ip-address ]
[ authentication-keyid
keyid | ttl ttl-number |
version number ]*
Optional
By default, no Ethernet
switch operates in the NTP
multicast server mode
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-7
Note:
To reduce the risk of being attacked by malicious users against opened socket and
enhance switch security, the S5600 series Ethernet switches provide the following
functions, so that a socket is opened only when it is needed:
z Opening UDP port 123 (used for NTP) when NTP is enabled;
z Close UDP port 123 when NTP is disabled.
The preceding functions are implemented as follows:
z When you enable NTP by using the ntp-service unicast-server, ntp-service
unicast-peer, ntp-service broadcast-client, ntp-service broadcast-server,
ntp-service multicast-client, or ntp-service multicast-server command, UDP
port 123 is opened at the same time.
z When you disable NTP from operating in any modes by using the undo forms of the
preceding six commands, UDP port 123 is closed at the same time.
I. NTP client mode
When an S5600 series switch operates in the NTP client mode,
z The remote server identified by the remote-ip argument operates as the NTP time
server. The S5600 series switch operates as the client, whose clock is
synchronized to the NTP server. (In this case, the clock of the NTP server is not
synchronized to the local client.)
z When the remote-ip argument is an IP address of a host, it cannot be a broadcast
or a multicast address, neither can it be the IP address of a reference clock.
II. NTP peer mode
When an S5600 series switch operates in NTP peer mode,
z The remote server identified by the remote-ip argument operates as the peer of
the S5600 series switch, and the S5600 series switch operates as the active peer.
The clock of the S5600 series switch can be synchronized to the remote server or
be used to synchronize the clock of the remote server.
z When the remote-ip argument is an IP address of a host, it cannot be a broadcast
or a multicast address, neither can it be the IP address of a reference clock.
III. NTP broadcast server mode
When an S5600 series switch operates in NTP broadcast server mode, it broadcasts a
clock synchronization packet periodically. The devices which are configured to be in the
NTP broadcast client mode will response this packet and start the clock
synchronization procedure.
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-8
IV. NTP multicast server mode
When an S5600 series switch operates in NTP multicast server mode, it multicasts a
clock synchronization packet periodically. The devices which are configured to be in the
NTP multicast client mode will response this packet and start the clock synchronization
procedure. In this mode, the switch can accommodate up to 1024 multicast clients.
Note:
z The total number of the servers and peers configured for a switch can be up to 128.
z After the configuration, the S5600 series switch does not establish connections with
the peer if it operates in NTP server mode. Whereas if it operates in any of the other
modes, it establishes connections with the peer.
z If an S5600 series switch operates as a passive peer in peer mode, NTP broadcast
client mode, or NTP multicast client mode, the connections it establishes with the
peers are dynamic. If it operates in other modes, the connections it establishes with
the peers are static.
1.3 Access Control Permission Configuration
Access control permission to NTP server is a security measure that is of the minimum
extent. Authentication is more reliable comparing to it.
An access request made to an NTP server is matched from the highest permission to
the lowest, that is, in the order of peer, server, synchronization, and query.
Table 1-3 Configure the access control permission to the local NTP server
Operation Command Description
Enter system view
system-view
—
Configure the
access control
permission to the
local NTP server
ntp-service access { peer |
server | synchronization |
query } acl-number
Optional
By default, the access control
permission to the local NTP
server is peer
1.4 NTP Authentication Configuration
For the networks with higher security requirements, you can specify to perform
authentications when enabling NTP. With the authentications performed on both the
client side and the server side, the client is synchronized only to the server that passes
the authentication. This improves network security.
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-9
1.4.1 Prerequisites
NTP authentication configuration involves:
z Configuring NTP authentication on the client
z Configuring NTP authentication on the server
Note the following when performing NTP authentication configuration:
z If the NTP authentication is not enabled on a client, the client can be synchronized
to a server regardless of the NTP authentication configuration performed on the
server (assuming that the related configurations are performed).
z You need to couple the NTP authentication with a trusted key.
z The configurations performed on the server and the client must be the same.
z A client with NTP authentication enabled is only synchronized to a server that can
provide a trusted key.
1.4.2 Configuring NTP Authentication
I. Configuring NTP authentication on the client
Table 1-4 Configure NTP authentication on the client
Operation Command Description
Enter system view
system-view
—
Enable NTP
authentication
globally
ntp-service authentication
enable
Required
By default, the NTP
authentication is disabled
Configure the NTP
authentication key
ntp-service
authentication-keyid key-id
authentication-model md5
value
Required
By default, the NTP
authentication key is not
configured
Configure the
specified key to be a
trusted key
ntp-service reliable
authentication-keyid key-id
Required
By default, no trusted
authentication key is
configured
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-10
Operation Command Description
NTP client mode:
ntp-service unicast-server
{ remote-ip | server-name }
authentication-keyid key-id
Associate the
specified key with
the corresponding
NTP server
Peer mode:
ntp-service unicast-peer
{ remote-ip | peer-name }
authentication-keyid key-id
z In NTP client mode and
NTP peer mode, you
need to associate the
specified key with the
corresponding NTP
server on the client.
z You can associate the
NTP server with the
authentication key while
configuring the switch to
operate in a specific NTP
mode. You can also
associate them using
this command after
configuring the NTP
mode where the switch
is to operate
Note:
z NTP authentication requires that the authentication keys configured for the server
and the client are the same. Besides, the authentication keys must be trusted keys.
Otherwise, the client cannot be synchronized with the server.
z In NTP server mode and NTP peer mode, you need to associate the specified key
with the corresponding NTP server/active peer on the client/passive peer. In these
two modes, multiple servers/active peers may be configured for a client/passive
peer, and a client/passive choose the server/active peer to synchronize to by the
authentication key.
II. Configuring NTP authentication on the server
Table 1-5 Configure NTP authentication on the server
Operation Command Description
Enter system view
system-view
—
Enable NTP
authentication
ntp-service authentication
enable
Required
By default, NTP
authentication is disabled
Configure NTP
authentication key
ntp-service
authentication-keyid key-id
authentication-model md5
value
Required
By default, NTP
authentication key is not
configured
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-11
Operation Command Description
Configure the
specified key to be
a trusted key
ntp-service reliable
authentication-keyid key-id
Required
By default, an authentication
key is not a trusted key
Enter VLAN
interface view
interface vlan-interface
vlan-id
—
Broadcast server mode:
ntp-service
broadcast-server
authentication-keyid key-id
Associate a
specified key with
the corresponding
NTP server
Multicast server mode:
ntp-service
multicast-server
authentication-keyid key-id
z In NTP broadcast server
mode and NTP multicast
server mode, you need to
associate the specified key
with the corresponding
NTP server on the server
z You can associate an NTP
server with an
authentication key while
configuring a switch to
operate in a specific NTP
mode. You can also
associate them using this
command after configuring
the NTP mode where a
switch is to operate
Note:
The procedures for configuring NTP authentication on the server are the same as that
on the client. Besides, the client and the server must be configured with the same
authentication key.
1.5 Configuration of Optional NTP Parameters
Optional NTP parameters are:
z The local VLAN interface that sends NTP packets
z The number of the dynamic sessions that can be established locally
z Disabling the VLAN interface configured on a switch from receiving NTP packets
Table 1-6 Configure optional NTP parameters
Operation Command Description
Enter system view
system-view
—
Configure the local
interface that
sends NTP
packets
ntp-service
source-interface
interface-type
interface-number
Optional
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-12
Operation Command Description
Configure the
number of the
sessions that can
be established
locally
ntp-service
max-dynamic-sessions
number
Optional
By default, up to 100 dynamic
sessions can be established
locally.
Enter VLAN
interface view
interface Vlan-interface
vlan-id
—
Disable the
interface from
receiving NTP
packets
ntp-service in-interface
disable
Optional
By default, a VLAN interface
receives NTP packets.
Caution:
z The source IP address in an NTP packet is the address of the sending interface
specified by the ntp-service unicast-server command or the ntp-service
unicast-peer command if you provide the address of the sending interface in these
two commands.
z Dynamic connections can only be established when a switch operates in passive
peer mode, NTP broadcast client mode, or NTP multicast client mode. In other
modes, the connections established are static.
1.6 Displaying and Debugging NTP
After the above configuration, you can execute the display command in any view to
display the running status of the NTP configuration, and verify the effect of the
configuration.
Table 1-7 Display and debug NTP
Operation Command Description
Display the status of NTP service
display ntp-service
status
Display the information about the
sessions maintained by NTP
display ntp-service
sessions [ verbose ]
Display the brief information about
the NTP time servers of the
reference clock sources that the
local device traces to
display ntp-service
trace
The display
command can
be executed in
any view
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-13
1.7 Configuration Example
1.7.1 NTP Server Mode Configuration
I. Network requirements
Configure the local clock of H3C1 to be NTP master clock, with the stratum being 2.
Note:
H3C1 is a switch that allows the local clock to be the master clock.
An S5600 series switch operates in client mode, with H3C1 as the time server. H3C1
operates in server mode automatically.
II. Network diagram
H3C 1
1.0.1.11/24
1.0.1.
12/24
S5600H3C 1
1.0.1.11/24
1.0.1.
12/24
S5600
Figure 1-6 Network diagram for the NTP server mode configuration
III. Configuration procedures
The following configurations are for the S5600 switch.
# View the NTP status of the S5600 switch before synchronization.
<S5600> display ntp-service status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 60.0002 Hz
Actual frequency: 60.0002 Hz
Clock precision: 2^18
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 0.00 ms
Peer dispersion: 0.00 ms
Reference time: 00:00:00.000 UTC Jan 1 1900 (00000000.00000000)
# Configure H3C1 to be the time server.
<S5600> system-view
[S5600] ntp-service unicast-server 1.0.1.11
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-14
# After the above configuration, the S5600 switch is synchronized to H3C1. View the
NTP status of the S5600 series switch.
[S5600] display ntp-service status
Clock status: synchronized
Clock stratum: 3
Reference clock ID: 1.0.1.11
Nominal frequency: 60.0002 Hz
Actual frequency: 60.0002 Hz
Clock precision: 2^18
Clock offset: 0.0000 ms
Root delay: 63.39 ms
Root dispersion: 42.68 ms
Peer dispersion: 31.17 ms
Reference time: 07:44:47.154 UTC Apr 25 2006(C7F851EF.279F340D)
The above output information indicates that the S5600 series switch is synchronized to
H3C1, and the stratum of its clock is 3, one stratum higher than H3C1.
# View the information about the NTP sessions of the S5600 series switch. You can see
that the S5600 series switch establishes a connection with H3C1.
[5600] display ntp-service sessions
source reference stra reach poll now offset delay disper
*************************************************************************
[12345] 1.0.1.11 127.127.1.0 2 1 64 4 7.7 15.4 0.1
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
1.7.2 NTP Peer Mode Configuration
I. Network requirements
H3C2 sets the local clock to be the NTP master clock, with the clock stratum being 2.
Configure an S5600 series switch to operate as a client, with H3C2 as the time server.
H3C2 will then operate in the server mode automatically. Meanwhile, H3C3 sets the
S5600 series switch to be its peer.
Note:
This example assumes that:
z H3C2 is a switch that allows its local clock to be the master clock.
z H3C3 is a switch that allows its local clock to be the master clock and the stratum of
its clock is 1.
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-15
II. Network diagram
H3C 2
H3C 3
3.0.
3.0.1.32/24
1.31/24
3.0.1.33/24
S5600
H3C 2
H3C 3
3.0.
3.0.1.32/24
1.31/24
3.0.1.33/24
S5600
Figure 1-7 Network diagram for NTP peer mode configuration
III. Configuration procedures
1) Configure the S5600 series switch.
# Set H3C2 to be the time server.
<S5600> system-view
[S5600] ntp-service unicast-server 3.0.1.31
2) Configure H3C3 (after the S5600 series switch is synchronized to H3C2).
# Enter system view.
<H3C3> system-view
[H3C3]
# After the local synchronization, set the S5600 series switch to be its peer.
[H3C3] ntp-service unicast-peer 3.0.1.32
The S5600 series switch and H3C3 are configured to be peers with regard to each
other. H3C3 operates in the active peer mode, while the S5600 series switch operates
in the passive peer mode. Because the stratum of the local clock of H3C3 is 1, and that
of the S5600 switch is 3, the S5600 series switch is synchronized to H3C3.
View the status of the S5600 switch after the synchronization.
[S5600] display ntp-service status
Clock status: synchronized
Clock stratum: 2
Reference clock ID: 3.0.1.32
Nominal frequency: 60.0002 Hz
Actual frequency: 60.0002 Hz
Clock precision: 2^18
Clock offset: 0.0000 ms
Root delay: 32.24 ms
Root dispersion: 6.54 ms
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-16
Peer dispersion: 10.93 ms
Reference time: 07:55:07.172 UTC Apr 25 2006(C7F8545B.2C41FEA8)
The output information indicates that the S5600 series switch is synchronized to H3C3
and the stratum of its local clock is 2, one stratum higher than H3C3.
# View the information about the NTP sessions of the S5600 series switch and you can
see that a connection is established between the S5600 series switch and H3C3.
[S5600] display ntp-service sessions
source reference stra reach poll now offset delay disper
*************************************************************************
[2]3.0.1.32 LOCL 1 47 64 39 -13.7 32.2 1.4
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
1.7.3 NTP Broadcast Mode Configuration
I. Network requirements
H3C3 sets its local clock to be an NTP master clock, with the stratum being 2. NTP
packets are broadcast through VLAN interface 2.
Configure S5600-1 and S5600-2 to listen broadcast packets through their VLAN
interface 2.
Note:
This example assumes that H3C3 is a switch that supports the local clock being the
master clock.
II. Network diagram
H3C 3
3.0.1.31/24
3.0.1.32/24
erface 2
erface 2
1.0.1.31/24
Vlan-int
Vlan-int
-interface 2
H3C 4
-
-
-interface 2
3.0.1.31/24
3.0.1.32/24
3.0.1.31/24
3.0.1.32/24
-
-
-
-
-
S5600-2
S5600-1
-
-
-
-
S5600-2
S5600-1
Vlan
H3C 3
3.0.1.31/24
3.0.1.32/24
erface 2
erface 2
1.0.1.31/24
Vlan-int
Vlan-int
-interface 2
H3C 4
-
-
-interface 2
3.0.1.31/24
3.0.1.32/24
3.0.1.31/24
3.0.1.32/24
-
-
-
-
-
S5600-2
S5600-1
-
-
-
-
S5600-2
S5600-1
Vlan
Figure 1-8 Network diagram for the NTP broadcast mode configuration
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-17
III. Configuration procedures
1) Configure H3C3.
# Enter system view.
<H3C3> system-view
[H3C3]
# Enter VLAN-interface 2 view.
[H3C3] interface Vlan-interface 2
[H3C3-Vlan-interface2]
# Configure H3C3 to be the broadcast server and send broadcast packets through
VLAN-interface 2.
[H3C3-Vlan-interface2] ntp-service broadcast-server
2) Configure S5600-1.
# Enter system view.
<S5600-1> system-view
[S5600-1]
# Enter VLAN-interface 2 view.
[S5600-1] interface Vlan-interface 2
[S5600-1-Vlan-interface2]
# Configure S5600-1 to be a broadcast client.
[S5600-1-Vlan-interface2] ntp-service broadcast-client
3) Configure S5600-2
# Enter system view.
<S5600-2> system-view
[s5600-2]
# Enter VLAN-interface 2 view.
[S5600-2] interface Vlan-interface 2
[S5600-2-Vlan-interface2]
# Configure S5600-2 to be a broadcast client.
[S5600-2-Vlan-interface2] ntp-service broadcast-client
The above configuration configures S5600-1 and S5600-2 to listen to broadcast
packets through their VLAN interface 2, and H3C3 to send broadcast packets through
VLAN interface 2. Because S5600-2 does not reside in the same network segment with
H3C3, S5600-2 cannot receive broadcast packets sent by H3C3, while S5600-1 is
synchronized to H3C3 after receiving broadcast packets sent by H3C3.
View the status of S5600-1 after the synchronization.
[S5600-1] display ntp-service status
Clock status: synchronized
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-18
Clock stratum: 3
Reference clock ID: 3.0.1.31
Nominal frequency: 60.0002 Hz
Actual frequency: 60.0002 Hz
Clock precision: 2^18
Clock offset: 0.0000 ms
Root delay: 0.00 ms
Root dispersion: 16.38 ms
Peer dispersion: 10.94 ms
Reference time: 08:07:58.899 UTC Apr 25 2006(C7F8575E.E6650614)
The output information indicates that S5600-1 is synchronized to H3C3, with the clock
stratum of 3, one stratum higher than H3C3.
# View the information about the NTP sessions of S5600-1 and you can see that a
connection is established between S5600-1 and H3C3.
[S5600-1] display ntp-service sessions
source reference stra reach poll now offset delay disper
*************************************************************************
[1234] 3.0.1.31 127.127.1.0 2 2 64 32 0.0 0.0 0.8
note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured
1.7.4 NTP Multicast Mode Configuration
I. Network requirements
H3C3 sets the local clock to be NTP master clock, with the clock stratum of 2. It
advertises multicast packets through VLAN interface 2.
Configure S5600-1 and S5600-2 to listen to multicast packets through their VLAN
interface 2.
Note:
This example assumes that H3C3 is a switch that supports the local clock being the
master clock.
Operation Manual – NTP
H3C S5600 Series Ethernet Switches-Release 1510 Chapter 1 NTP Configuration
1-19
II. Network diagram
H3C 3
3.0.1.31/24
3.0.1.32/24
erface 2
erface 2
1.0.1.31/24
Vlan-int
Vlan-int
-interface 2
H3C 4
-
-
-interface 2
3.0.1.31/24
3.0.1.32/24
3.0.1.31/24
3.0.1.32/24
-
-
-
-
-
S5600-2
S5600-1
-
-
-
-
S5600-2
S5600-1
Vlan
H3C 3
3.0.1.31/24
3.0.1.32/24
erface 2
erface 2
1.0.1.31/24
Vlan-int
Vlan-int
-interface 2
H3C 4
-
-
-interface 2
3.0.1.31/24
3.0.1.32/24
3.0.1.31/24
3.0.1.32/24
-
-
-
-
-
S5600-2
S5600-1
-
-
-
-
S5600-2
S5600-1
Vlan
Figure 1-9 Network diagram for NTP multicast mode configuration
III. Configuration procedures
1) Configure H3C3.
# Enter system view.
<H3C3> system-view
[H3C3]
# Enter VLAN-interface 2 view.
[H3C3] interface Vlan-interface 2
# Configure H3C3 to be a multicast server.
[H3C3-Vlan-interface2] ntp-service multicast-server
2) Configure S5600-1.
# Enter system view.
<S5600-1> system-view
[S5600-1]
# Enter VLAN-interface 2 view.
[S5600-1] interface vlan-interface 2
# Configure H3C4 to be a multicast client.
[S5600-1-Vlan-interface2] ntp-service multicast-client
3) Configure S5600-2.
# Enter system view.
<S5600-2> system-view
[S5600-2]
# Enter VLAN-interface 2 view.
[S5600-2] interface Vlan-interface 2
# Configure S5600-2 to be a multicast client.
[S5600-2-Vlan-interface2] ntp-service multicast-client
Page is loading ...
Page is loading ...
Page is loading ...
Page is loading ...
-
1
-
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
H3C H3C S5600 Series Operating instructions
- Type
- Operating instructions
H3C S5600 Series Ethernet Switches are high-performance, cost-effective, and easy-to-manage switches designed for small and medium-sized businesses. With a variety of models to choose from, the S5600 Series offers a flexible solution for a wide range of networking needs.
These switches provide Layer 2 switching capabilities, including VLANs, trunking, and spanning tree, as well as advanced features such as QoS, ACLs, and IGMP snooping. The S5600 Series also supports IPv4 and IPv6 routing, making it a versatile choice for businesses that are migrating to the next-generation Internet protocol.
Ask a question and I''ll find the answer in the document
Finding information in a document is now easier with AI
Related papers
-
H3C S3600 Series Operating instructions
-
-
H3C S5600-26F Installation guide
-
-
H3C R6600 Configuration manual
-
-
-
H3C s5820x series Configuration manual
-
-
Other documents
-
3com 3CR17660-91 Configuration manual
-
FS S3150-8T2FP User guide
-
3com SW4500-26 Configuration manual
-
-
FS S3400-48T4SP User guide
-
3com Switch 7700 Configuration manual
-
Samsung GT-S5600V User manual
-
-
-