< Home

Example for Configuring the NTP Broadcast Mode with NTP Authentication Enabled

Networking Requirements

In Figure 1, SwitchA, SwitchB, and SwitchC are located within the same LAN. SwitchA synchronizes its clock with GPS through radio.

To ensure accounting accuracy, clock synchronization is required from SwitchB and SwitchC to SwitchA

Figure 1 Configuring the NTP broadcast mode with NTP authentication enabled

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure SwitchA as the master clock server, use its local clock as the NTP master clock, and set the clock stratum to 3.

  2. Configure SwitchA as the NTP broadcast server that sends broadcast packets through VLANIF 10 (the corresponding physical interface is GE0/0/1).

  3. Configure SwitchB and SwitchC as NTP broadcast clients.

  4. Enable NTP authentication to ensure NTP clock synchronization security.

Procedure

  1. Configure IP addresses for SwitchA, SwitchB, and SwitchC.

    # Configure an IP address for SwitchA. The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here. For details, see the configuration files.

    <HUAWEI> system-view
[HUAWEI] sysname SwitchA
[SwitchA] vlan 10 
[SwitchA-vlan10] quit
[SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ip address 10.0.0.1 24
[SwitchA-Vlanif10] quit
[SwitchA] interface gigabitethernet 0/0/1
[SwitchA-GigabitEthernet0/0/1] port link-type hybrid
[SwitchA-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[SwitchA-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[SwitchA-GigabitEthernet0/0/1] quit

  2. Configure Layer 2 forwarding on the Switch. 

    <HUAWEI> system-view
[HUAWEI] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet 0/0/1
[Switch-GigabitEthernet0/0/1] port link-type hybrid
[Switch-GigabitEthernet0/0/1] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/1] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/1] quit
[Switch] interface gigabitethernet 0/0/2
[Switch-GigabitEthernet0/0/2] port link-type hybrid
[Switch-GigabitEthernet0/0/2] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/2] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/2] quit
[Switch] interface gigabitethernet 0/0/3
[Switch-GigabitEthernet0/0/3] port link-type hybrid
[Switch-GigabitEthernet0/0/3] port hybrid untagged vlan 10
[Switch-GigabitEthernet0/0/3] port hybrid pvid vlan 10
[Switch-GigabitEthernet0/0/3] quit

  3. Configure the NTP broadcast server and enable NTP authentication.

    # Configure the local clock of SwitchA as the NTP master clock, and set the clock stratum to 3.

    [SwitchA] ntp-service refclock-master 3

    # Enable NTP authentication.

    [SwitchA] ntp-service authentication enable
[SwitchA] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
[SwitchA] ntp-service reliable authentication-keyid 16

    # Configure SwitchA as the NTP broadcast server that sends NTP broadcast packets from VLANIF 10, and specify key 16 for encryption.

    [SwitchA] interface vlanif 10
[SwitchA-Vlanif10] ntp-service broadcast-server authentication-keyid 16
[SwitchA-Vlanif10] quit

    # Enable the NTP server function on SwitchA.

    [SwitchA] undo ntp-service server disable

  4. Configure SwitchB as an NTP broadcast client, which is on the same network segment as the NTP server.

    # Enable NTP authentication.

    [SwitchB] ntp-service authentication enable
[SwitchB] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
[SwitchB] ntp-service reliable authentication-keyid 16

    # Configure SwitchB as an NTP broadcast client that listens to NTP broadcast packets on VLANIF 10. 

    [SwitchB] interface vlanif 10
[SwitchB-Vlanif10] ntp-service broadcast-client
[SwitchB-Vlanif10] quit

  5. Configure SwitchC as an NTP broadcast client, which is on the same network segment as the NTP server.

    # Enable NTP authentication.

    [SwitchC] ntp-service authentication enable
[SwitchC] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher Hello123
[SwitchC] ntp-service reliable authentication-keyid 16

    # Configure SwitchC as an NTP broadcast client that listens to NTP broadcast packets on VLANIF 10. 

    [SwitchC] interface vlanif 10
[SwitchC-Vlanif10] ntp-service broadcast-client
[SwitchC-Vlanif10] quit

  6. Verify the configuration.

    After the configuration is complete, SwitchB and SwitchC can synchronize their clocks to the clock of SwitchA.

    # Check the NTP status of SwitchC. The clock status is synchronized, indicating that the clock synchronization is complete. The clock stratum is 4, which is one stratum lower than that of the NTP server SwitchA.

    [SwitchC] display ntp-service status
 clock status: synchronized
 clock stratum: 4
 reference clock ID: 10.0.0.1
 nominal frequency: 60.0002 Hz
 actual frequency: 60.0002 Hz
 clock precision: 2^18
 clock offset: 0.0000 ms
 root delay: 0.00 ms
 root dispersion: 0.42 ms
 peer dispersion: 0.00 ms
 reference time: 12:17:21.773 UTC Mar 7 2012(C7B7F851.C5EAF25B)
 synchronization state: clock synchronized

Configuration Files

  • SwitchA configuration file

    #
sysname SwitchA
#
vlan batch 10
#
ntp-service ipv6 server disable 
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#uLLi;!VFkMLO;SAD#:~GS=:/UzP~}1lS2'KT2,.T%^%# 
ntp-service reliable authentication-keyid 16
ntp-service refclock-master 3
#
interface Vlanif10
 ip address 10.0.0.1 255.255.255.0
 ntp-service broadcast-server authentication-keyid 16 
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return

  • SwitchB configuration file

    #
sysname SwitchB
#
vlan batch 10
#
ntp-service server disable
ntp-service ipv6 server disable 
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#cVg6'G;i2*@[$uB@!^}:g$V6+~Hc}V,]M"Y/voeF%^%# 
ntp-service reliable authentication-keyid 16
#
interface Vlanif10
 ip address 10.0.0.2 255.255.255.0
 ntp-service broadcast-client 
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return

  • SwitchC configuration file

    #
sysname SwitchC
#
vlan batch 10
#
ntp-service server disable
ntp-service ipv6 server disable 
ntp-service authentication enable
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %^%#vLLi;!VFkMLO;SAD#:~GS=:/UzP~}1lS2'KT3,.T%^%#
ntp-service reliable authentication-keyid 16
#
interface Vlanif10
 ip address 10.0.0.3 255.255.255.0
 ntp-service broadcast-client 
#
interface Vlanif20
 ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return

  • Switch configuration file

    #
sysname Switch
#
vlan batch 10
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/2
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
interface GigabitEthernet0/0/3
 port link-type hybrid
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
#
return
Parent Topic: Configuration Examples for NTP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >