Example for Configuring NTP Authentication in Broadcast Mode

On a LAN, the device with high clock precision functions as the NTP server, and other devices are synchronized to the clock of the NTP server. In the broadcast mode, you do not need to specify a server for the client, and the client listens to packets sent from the broadcast server in real time.

Networking Requirements

On the network shown in Figure 1:

  • Device C and Device D are on the same network segment.

  • Device C functions as an NTP broadcast server, and its clock is a stratum 3 NTP master clock. Broadcast packets are sent from GE 0/1/0.

  • Device D listens to broadcast messages on GE 0/1/0.

  • NTP authentication needs to be enabled on Device C and Device D.

Figure 1 Configuring NTP authentication in broadcast mode

Interface 1 in this example represents GE 0/1/0.

Precautions

Before configuring the key on the client and server sides, ensure that the key already exists.

Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure Device C as an NTP broadcast server.

  2. Configure Device A and Device D as the NTP broadcast clients.

  3. Configure NTP authentication on Device A, Device C, and Device D.

Data Preparation

To complete the configuration, you need the following data:

  • Interface IP addresses of routers

  • Stratum of the NTP master clock

  • Authentication key and its ID

Procedure

  1. Configure an IP address for each router.

    Configure IP addresses based on Figure 1. The detailed procedures are not mentioned here.

  2. Configure an NTP broadcast server and enable NTP authentication on it.

    # Set the local clock on Device C as a stratum 3 NTP master clock.

    <HUAWEI> system-view
[~HUAWEI] sysname DeviceC
[*HUAWEI] commit 
[~DeviceC] ntp-service refclock-master 3

    # Specify a listening interface on Device C.

    [*DeviceC] ntp-service server source-interface gigabitethernet 0/1/0

    # Enable NTP authentication.

    [*DeviceC] ntp-service authentication enable
[*DeviceC] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 Hello123
[*DeviceC] ntp-service reliable authentication-keyid 16

    # Configure Device C to be an NTP broadcast server. Broadcast packets are encrypted by using the authentication key ID 16 and then sent from GE 0/1/0.

    [*DeviceC] interface gigabitethernet 0/1/0
[*DeviceC-GigabitEthernet0/1/0] ntp-service broadcast-server authentication-keyid 16
[*DeviceC-GigabitEthernet0/1/0] commit
[~DeviceC-GigabitEthernet0/1/0] quit

  3. Configure Device D as an NTP broadcast client which is on the same network segment as that of the NTP server.

    # Enable NTP authentication.

    <HUAWEI> system-view
[~HUAWEI] sysname DeviceD
[*HUAWEI] commit 
[~DeviceD] ntp-service authentication enable
[*DeviceD] ntp-service authentication-keyid 16 authentication-mode hmac-sha256 Hello123
[*DeviceD] ntp-service reliable authentication-keyid 16

    # Configure Device D as an NTP broadcast client. Device D listens to the broadcast packets on GE 0/1/0.

    [*DeviceD] interface gigabitethernet 0/1/0
[*DeviceD-GigabitEthernet0/1/0] ntp-service broadcast-client
[*DeviceD-GigabitEthernet0/1/0] commit
[~DeviceD-GigabitEthernet0/1/0] quit

    After the configurations are complete, the clock on Device D is synchronized with the clock on Device C.

  4. Verify the configuration.

    After completing the configurations, check that Device D can synchronize its clock with Device C.

    Check the NTP status on Device D. You can find that the clock status is synchronized. The stratum of the clock on Device D is 4, one stratum lower than that on Device C.

    [~DeviceD] display ntp-service status
 clock status: synchronized
 clock stratum: 4
 reference clock ID: 10.0.1.31
 nominal frequency: 60.0002 Hz
 actual frequency: 60.0002 Hz
 clock precision: 2^18
 clock offset: 0.0000 ms
 root delay: 0.00 ms
 root dispersion: 0.42 ms
 peer dispersion: 0.00 ms
 reference time: 12:17:21.773 UTC Mar 7 2006(C7B7F851.C5EAF25B)
 synchronization state: clock synchronized

Configuration Files

  • Device C configuration file

    #
 sysname DeviceC
#
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %#%#>hD8))_H-XZVut2u3!_0lq3,+Ph=:OE}pX;T2M'9%#%#
ntp-service reliable authentication-keyid 16
ntp-service refclock-master 3
ntp-service authentication enable
ntp-service server source-interface gigabitethernet 0/1/0 
#
interface GigabitEthernet0/1/0
 undo shutdown
 ip address 10.0.1.31 255.255.255.0
 ntp-service broadcast-server authentication-keyid 16
#
return

  • Device D configuration file

    #
 sysname DeviceD
#
ntp-service authentication-keyid 16 authentication-mode hmac-sha256 cipher %#%#m:fVJfk*r&3x"1J`21^K`Y;LH;B+g(t2<ZX^}Q_~%#%#
ntp-service reliable authentication-keyid 16
ntp-service authentication enable
#
interface GigabitEthernet0/1/0
 undo shutdown
 ip address 10.0.1.32 255.255.255.0
 ntp-service broadcast-client
#
Return
Parent Topic: Configuration Examples for NTP
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >