verbose: Displays detailed information about all IPv6 NTP associations. If you do not specify this keyword, the command displays only brief information about the IPv6 NTP associations.

Examples

# Display brief information about all IPv6 NTP associations.

<Sysname> display ntp-service ipv6 sessions

Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

Source: [125]3000::32

Reference: 127.127.1.0 Clock stratum: 2

Reachabilities: 1 Poll interval: 64

Last receive time: 6 Offset: -0.0

Roundtrip delay: 0.0 Dispersion: 0.0

Total sessions : 1

Table 1 Command output

Field	Description
[12345]	· 1—Clock source selected by the system (the current reference source). · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a command.
Source	IPv6 address of the NTP server. If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully.
Reference	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server.
Clock stratum	Clock stratum level. The stratum level determines the clock precision. The value is in the range of 0 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized.
Reachabilities	Reachability count of the NTP server. 0 indicates that the NTP server is unreachable.
Poll interval	Polling interval in seconds. It is the maximum interval between successive NTP messages.
Last receive time	Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes (m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-).
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
Roundtrip delay	Roundtrip delay from the local device to the clock source, in milliseconds.
Dispersion	Maximum error of the system clock relative to the reference source.
Total sessions	Total number of associations.

‌

# Display detailed information about all IPv6 NTP associations.

<Sysname> display ntp-service ipv6 sessions verbose

Clock source: 1::1

Session ID: 36144

Clock stratum: 16

Clock status: configured, insane, valid, unsynced

Reference clock ID: INIT

VPN instance: Not specified

Local mode: sym_active, local poll interval: 6

Peer mode: unspec, peer poll interval: 10

Offset: 0.0000ms, roundtrip delay: 0.0000ms, dispersion: 15937ms

Root roundtrip delay: 0.0000ms, root dispersion: 0.0000ms

Reachabilities:0, sync distance: 15.938

Precision: 2^10, version: 4, source interface: Not specified

Reftime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Orgtime: d17cbb21.0f318106 Tue, May 17 2011 9:15:13.059

Rcvtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Xmttime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Roundtrip delay samples: 0.000 0.000 0.000 0.000 0.000 0.000 0.000 0.000

Offset samples: 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

Filter order: 0 1 2 3 4 5 6 7

Total sessions: 1

Table 2 Command output

Field	Description
Clock source	IPv6 address of the clock source. If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully.
Clock stratum	Clock stratum level. The stratum level determines the clock precision. The value is in the range of 0 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized.
Clock status	Status of the clock source corresponding to this association: · configured—The association was created at the CLI. · dynamic—The association is established dynamically. · master—The clock source is the primary NTP server of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and its clock will be used as the reference clock. · insane—The clock source has not passed authentication, or it has passed authentication but its clock will not be used as the reference clock. · valid—The clock source is valid, which means the clock source meets the following requirements: ¡ It has been authenticated and synchronized. ¡ Its stratum level is valid. ¡ Its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid.
Reference clock ID	· If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. · If the reference clock is the clock of another device on the network, this field displays the MD5 digest value of the first 32 bits of the IPv6 address. The MD5 digest value is in dotted decimal format. If this field displays INIT, the local device has not established a connection with the NTP server.
VPN instance	VPN instance of the NTP server. If the NTP server is in a public network, this field displays Not specified.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
local poll interval	Polling interval for the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds.
peer mode	Operation mode of the peer device: · unspec—The mode is unspecified. · sym_active—Active mode. · sym_passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
peer poll interval	Polling interval for the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the polling interval of the local device is 26, or 64 seconds.
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
roundtrip delay	Roundtrip delay from the local device to the clock source, in milliseconds.
dispersion	Maximum error of the system clock relative to the reference clock.
Root roundtrip delay	Roundtrip delay from the local device to the primary NTP server, in milliseconds.
root dispersion	Maximum error of the system clock relative to the primary NTP server, in milliseconds.
Reachabilities	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
sync distance	Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values.
Precision	Accuracy of the system clock.
version	NTP version in the range of 1 to 4.
source interface	Source interface. If the source interface is not specified, this field displays Not specified.
Reftime	Reference timestamp in the NTP message.
Orgtime	Originate timestamp in the NTP message.
Rcvtime	Receive timestamp in the NTP message.
Xmttime	Transmit timestamp in the NTP message.
Filter order	Dispersion information.
Reference clock status	Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as the reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally.
Total sessions	Total number of associations.

‌

display ntp-service sessions

Use display ntp-service sessions to display information about all IPv4 NTP associations.

Syntax

display ntp-service sessions [ verbose ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

verbose: Displays detailed information about all IPv4 NTP associations. If you do not specify this keyword, the command displays only brief information about the NTP associations.

Usage guidelines

When a device is operating in NTP broadcast or multicast server mode, the display ntp-service sessions command does not display the IPv4 NTP association information corresponding to the broadcast or multicast server. However, the associations are counted in the total number of associations.

Examples

# Display brief information about all IPv4 NTP associations.

<Sysname> display ntp-service sessions

source reference stra reach poll now offset delay disper

********************************************************************************

[12345]LOCAL(0) LOCL 0 1 64 - 0.0000 0.0000 7937.9

[5]0.0.0.0 INIT 16 0 64 - 0.0000 0.0000 0.0000

Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.

Total sessions: 1

Table 3 Command output

Field	Description
source	· When the reference clock is the local clock, the field displays LOCAL (number). It indicates that the IP address of the local clock is 127.127.1.number, where number represents the NTP process number in the range of 0 to 3. · When the reference clock is the clock of another device, the field displays the IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
reference	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the stra field: ¡ When the value of the stra field is 0 or 1, this field displays LOCL. ¡ When the stra field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
stra	Clock stratum level. The stratum level determines the clock precision. The value is in the range of 0 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized.
reach	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
poll	Polling interval in seconds. It is the maximum interval between successive NTP messages.
now	Length of time from when the last NTP message was received or when the local clock was last updated to the current time. Time is in seconds by default. · If the time length is greater than 2048 seconds, it is displayed in minutes (m). · If the time length is greater than 300 minutes, it is displayed in hours (h). · If the time length is greater than 96 hours, it is displayed in days (d). · If the time length is greater than 999 days, it is displayed in years (y). If the time when the most recent NTP message was received or when the local clock was updated most recently is behind the current time, this field displays a hyphen (-).
offset	Offset of the system clock relative to the reference clock, in milliseconds.
delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
disper	Maximum error of the system clock relative to the reference source, in milliseconds.
[12345]	· 1—Clock source selected by the system (the current reference source). · 2—The stratum level of the clock source is less than or equal to 15. · 3—The clock source has survived the clock selection algorithm. · 4—The clock source is a candidate clock source. · 5—The clock source was created by a configuration command.
Total sessions	Total number of associations.

‌

# Display detailed information about all IPv4 NTP associations.

<Sysname> display ntp-service sessions verbose

Clock source: 192.168.1.40

Session ID: 35888

Clock stratum: 2

Clock status: configured, master, sane, valid

Reference clock ID: 127.127.1.0

VPN instance: Not specified

Local mode: client, local poll interval: 6

Peer mode: server, peer poll interval: 6

Offset: 0.2862ms, roundtrip delay: 3.2653ms, dispersion: 4.5166ms

Root roundtrip delay: 0.0000ms, root dispersion: 10.910ms

Reachabilities:31, sync distance: 0.0194

Precision: 2^10, version: 3, source interface: Not specified

Reftime: d17cbba5.1473de1e Tue, May 17 2011 9:17:25.079

Orgtime: 00000000.00000000 Thu, Feb 7 2036 6:28:16.000

Rcvtime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Xmttime: d17cbbc0.b1959a30 Tue, May 17 2011 9:17:52.693

Roundtrip delay samples: 0.007 0.010 0.006 0.011 0.010 0.005 0.007 0.003

Offset samples: 5629.55 3913.76 5247.27 6526.92 31.99 148.72 38.27 0.29

Filter order: 7 5 2 6 0 4 1 3

Total sessions: 1

Table 4 Command output

Field	Description
Clock source	IP address of the NTP server. If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Clock stratum	Clock stratum level. The stratum level determines the clock precision. The value is in the range of 0 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized.
Clock status	Status of the clock source corresponding to this association: · configured—The association was created by a configuration command. · dynamic—The association is established dynamically. · master—The clock source is the primary NTP server of the current system. · selected—The clock source has survived the clock selection algorithm. · candidate—The clock source is the candidate reference source. · sane—The clock source has passed authentication and its clock will be used as the reference clock. · insane—The clock source has not passed authentication, or it has passed authentication but its clock will not be used as the reference clock. · valid—The clock source is valid, which means the clock source meets the following requirements: ¡ It has been authenticated and synchronized. ¡ Its stratum level is valid. ¡ Its root delay and root dispersion values are within their ranges. · invalid—The clock source is invalid. · unsynced—The clock source has not been synchronized or the value of the stratum level is invalid.
Reference clock ID	Reference clock ID of the NTP server: · If the reference clock is the local clock, the value of this field is related to the value of the Clock stratum field: ¡ When the value of the Clock stratum field is 0 or 1, this field displays LOCL. ¡ When the Clock stratum field has another value, this field displays the IP address of the local clock. · If the reference clock is the clock of another device on the network, this field displays the IP address of the device. If the device supports IPv6, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the device. If this field displays INIT, the local device has not established a connection with the NTP server.
VPN instance	VPN instance to which the NTP server belongs. If the NTP server is in a public network, the field displays Not specified.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
local poll interval	Polling interval of the local device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds.
Peer mode	Operation mode of the peer device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
peer poll interval	Polling interval of the peer device, in seconds. The value displayed is a power of 2. For example, if the displayed value is 6, the poll interval of the local device is 26, or 64 seconds.
Offset	Offset of the system clock relative to the reference clock, in milliseconds.
roundtrip delay	Roundtrip delay from the local device to the NTP server, in milliseconds.
dispersion	Maximum error of the system clock relative to the reference clock.
Root roundtrip delay	Roundtrip delay from the local device to the primary NTP server, in milliseconds.
root dispersion	Maximum error of the system clock relative to the primary reference clock, in milliseconds.
Reachabilities	Reachability count of the clock source. 0 indicates that the clock source is unreachable.
sync distance	Synchronization distance relative to the upper-level clock, in seconds, and calculated from dispersion and roundtrip delay values.
Precision	Accuracy of the system clock.
version	NTP version in the range of 1 to 4.
source interface	Source interface. If the source interface is not specified, this field is Not specified.
Reftime	Reference timestamp in the NTP message.
Orgtime	Originate timestamp in the NTP message.
Rcvtime	Receive timestamp in the NTP message.
Xmttime	Transmit timestamp in the NTP message.
Filter order	Sample information order.
Reference clock status	Status of the local clock. The field is displayed only when you use the ntp-service refclock-master command to set the local clock as the reference clock. When the reach field of the local clock is 255, the field is displayed as working normally. Otherwise, the field is displayed as working abnormally.
Total sessions	Total number of associations.

‌

display ntp-service status

Use display ntp-service status to display NTP service status.

Syntax

display ntp-service status

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display NTP service status after time synchronization.

<Sysname> display ntp-service status

Clock status: synchronized

Clock stratum: 2

System peer: LOCAL(0)

Local mode: client

Reference clock ID: 127.127.1.0

Leap indicator: 00

Clock jitter: 0.000977 s

Stability: 0.000 pps

Clock precision: 2^-18

Root delay: 0.00000 ms

Root dispersion: 3.96367 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

System poll interval: 256 s

# Display the NTP service status when time is not synchronized.

<Sysname> display ntp-service status

Clock status: unsynchronized

Clock stratum: 16

Reference clock ID: none

Clock jitter: 0.000000 s

Stability: 0.000 pps

Clock precision: 2^-18

Clock precision:

Root delay: 0.00000 ms

Root dispersion: 0.00002 ms

Reference time: d0c5fc32.92c70b1e Wed, Dec 29 2010 18:28:02.573

System poll interval: 8 s

Table 5 Command output

Field	Description
Clock status	Status of the system clock: · synchronized—The system clock has been synchronized. · unsynchronized—The system clock has not been synchronized.
Clock stratum	Stratum level of the system clock.
System peer	IP address of the selected NTP server.
Local mode	Operation mode of the local device: · unspec—The mode is unspecified. · active—Active mode. · passive—Passive mode. · client—Client mode. · server—Server mode. · broadcast—Broadcast or multicast server mode. · bclient—Broadcast or multicast client mode.
Reference clock ID	For an IPv4 NTP server: The field represents the IP address of the remote server when the local device is synchronized to a remote NTP server. The field represents the local clock when the local device uses the local clock as the reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the IP address of the local clock. For an IPv6 NTP server: The field represents the MD5 digest of the first 32 bits of the IPv6 address of the remote server when the local device is synchronized to a remote IPv6 NTP server. The field represents the local clock when the local device uses the local clock as the reference source. · When the local clock has a stratum level of 1, this field displays LOCL. · When the local clock has any other stratum, this field displays the MD5 digest of the first 32 bits of the IPv6 address of the local clock.
Leap indicator	Alarming status: · 00—Normal. · 01—Leap second, indicates that the last minute in a day has 61 seconds. · 10—Leap second, indicates that the last minute in a day has 59 seconds. · 11—Time is not synchronized.
Clock jitter	Difference between the system clock and reference clock, in seconds.
Stability	Clock frequency stability. A lower value represents better stability.
Clock precision	Accuracy of the system clock.
Root delay	Roundtrip delay from the local device to the primary NTP server, in milliseconds.
Root dispersion	Maximum error of the system clock relative to the primary NTP server, in milliseconds.
Reference time	Reference timestamp.
System poll interval	System polling interval in seconds.

‌

display ntp-service trace

Use display ntp-service trace to display brief information about each NTP server from the local device back to the primary NTP server.

Syntax

display ntp-service trace [ source interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Parameters

source interface-type interface-number: Specifies the source interface for sending NTP packets to trace each NTP server from the local device back to the primary NTP server. The source IP address of the NTP packets is the IPv4 address/IPv6 address of the specified source interface. If the IP address of an NTP server is a link-local address, the link-local address of the outgoing interface of NTP packets is used as the source IP address of the NTP packets. If you do not specify this option, the interface that sends the tracing NTP packets acts as the source interface.

Usage guidelines

To trace back to the primary NTP server from the source interface, make sure the source interface and the NTP servers from the local device to the primary NTP server are reachable to each other.

The ntp-service noquery enable command is mutually exclusive with the display ntp-service trace command. To use the display ntp-service trace command, you must configure the device to allow control queries.

Examples

# Display brief information about each NTP server from the local device back to the primary NTP server.

<Sysname> display ntp-service trace

Server 127.0.0.1

Stratum 3, jitter 0.000, synch distance 0.0000.

Server 3000::32

Stratum 2 , jitter 790.00, synch distance 0.0000.

RefID 127.127.1.0

The output shows that server 127.0.0.1 is synchronized to server 3000::32, and server 3000::32 is synchronized to the local clock.

Table 6 Command output

Field	Description
Server	IP address of the NTP server.
Stratum	Stratum level of the NTP server.
jitter	Root mean square (RMS) value of the clock offset relative to the upper-level clock, in milliseconds.
synch distance	Synchronization distance relative to the upper-level NTP server, in seconds, calculated from dispersion and roundtrip delay values.
RefID	Identifier of the primary NTP server. When the stratum level of the primary reference clock is 0, it is displayed as LOCL. Otherwise, it is displayed as the IP address of the primary reference clock.

‌

Related commands

ntp-service ipv6 source

ntp-service ipv6 unicast-server

ntp-service ipv6 unicast-peer

ntp-service noquery enable

ntp-service source

ntp-service unicast-server

ntp-service unicast-peer

ntp-service acl

Use ntp-service acl to configure the right for peer devices to access the IPv4 NTP services on the local device.

Use undo ntp-service to remove the configured IPv4 NTP service access right.

Syntax

ntp-service { peer | query | server | synchronization } acl ipv4-acl-number

undo ntp-service { peer | query | server | synchronization } [ acl ipv4-acl-number ]

Default

The right for the peer devices to access the IPv4 NTP services on the local device is peer.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) from a peer device and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries from a peer device, but does not allow the local device to synchronize itself to a peer device.

synchronization: Allows only time requests from a peer device.

acl ipv4-acl-number: Specifies an IPv4 ACL by its number. The peer devices that match the IPv4 ACL have the access right specified in the command. The ipv4-acl-number argument represents an IPv4 basic ACL number in the range of 2000 to 2999 or an IPv4 advanced ACL number in the range of 3000 to 3999.

Usage guidelines

When the device receives an IPv4 NTP request, it matches the request against the access rights in order from the least restrictive to the most restrictive: peer, server, synchronization, and query.

If no right is matched, the peer device does not have access to the NTP service on the local device, and the device cannot synchronize time with the peer device.

If the specified ACL does not exist, or the specified ACL does not contain any rule, any device can access the NTP service on the device.

If a VPN instance is specified in an ACL rule, the rule applies only to the packets of the VPN instance. If no VPN instance is specified in an ACL rule, the rule applies only to the packets on the public network.

The ntp-service acl command provides minimal security for a system running NTP. A more secure method is NTP authentication.

If both the ntp-service noquery enable command or its undo form and the ntp-service acl command are configured, the ntp-service noquery enable command or its undo form determines whether control queries are allowed.

Examples

# Configure the peer devices on subnet 10.10.0.0/16 to have full access to the local device.

<Sysname> system-view

[Sysname] acl basic 2001

[Sysname-acl-ipv4-basic-2001] rule permit source 10.10.0.0 0.0.255.255

[Sysname-acl-ipv4-basic-2001] quit

[Sysname] ntp-service peer acl 2001

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service noquery enable

ntp-service reliable authentication-keyid

ntp-service authentication enable

Use ntp-service authentication enable to enable NTP authentication.

Use undo ntp-service authentication enable to disable NTP authentication.

Syntax

ntp-service authentication enable

undo ntp-service authentication enable

Default

NTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Enable NTP authentication in networks that require time synchronization security to make sure NTP clients are synchronized only to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable NTP authentication.

<Sysname> system-view

[Sysname] ntp-service authentication enable

Related commands

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service authentication-keyid

Use ntp-service authentication-keyid to set an NTP authentication key.

Use undo ntp-service authentication-keyid to remove an NTP authentication key.

Syntax

ntp-service authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

undo ntp-service authentication-keyid keyid

Default

No NTP authentication key exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

keyid: Specifies an authentication key ID in the range of 1 to 4294967295.

authentication-mode: Specifies an authentication algorithm.

· hmac-sha-1: Specifies the HMAC-SHA-1 algorithm.

· hmac-sha-256: Specifies the HMAC-SHA-256 algorithm.

· hmac-sha-384: Specifies the HMAC-SHA-384 algorithm.

· hmac-sha-512: Specifies the HMAC-SHA-512 algorithm.

· md5: Specifies the MD5 algorithm.

cipher: Specifies an authentication key in encrypted form.

simple: Specifies an authentication key in plaintext form. For security purposes, the authentication key specified in plaintext form will be stored in encrypted form.

string: Specifies a case-sensitive authentication key. Its plaintext form is a string of 1 to 32 characters. Its encrypted form is a string of 1 to 73 characters.

acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

Usage guidelines

In a network where there is a high security demand, the NTP authentication feature must be enabled for a system running NTP. This feature enhances the network security by using client-server key authentication, which prohibits a client from synchronizing to a device that has failed the authentication.

The key ID in the message from the peer device identifies the key used for authentication. The acl ipv4-acl-number or acl ipv6-acl-number option is used to identify the peer device that can use the key ID.

· The device uses the acl ipv4-acl-number or acl ipv6-acl-number option to identify whether the peer device can use the key ID only when an NTP session to the peer device is to be established or has already existed.

· If the specified ACL does not exist, or the specified ACL does not contain any rule, any device can use the key ID for authentication.

· If a VPN instance is specified in an ACL rule, the rule applies only to the packets of the VPN instance. If no VPN instance is specified in an ACL rule, the rule applies only to the packets on the public network.

To ensure a successful NTP authentication, configure the same key ID, authentication algorithm, and key on the time server and client.

After you specify an NTP authentication key, use the ntp-service reliable authentication-keyid command to configure the key as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.

The security strength of the five algorithms, in descending order, is HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-256, HMAC-SHA-1, and MD5.

You can set a maximum of 128 authentication keys by executing the command.

Examples

# Set a plaintext MD5 authentication key, with the key ID of 10 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

ntp-service authentication enable

ntp-service reliable authentication-keyid

ntp-service broadcast-client

Use ntp-service broadcast-client to configure the device to operate in NTP broadcast client mode and use the current interface to receive NTP broadcast packets.

Use undo ntp-service broadcast-client to remove the configuration.

Syntax

ntp-service broadcast-client

undo ntp-service broadcast-client

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

After you configure the command, the device listens to NTP messages sent by the NTP broadcast server and is synchronized based on the received NTP messages.

If you have configured the device to operate in broadcast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast client mode and receive NTP broadcast messages on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-client

Related commands

ntp-service broadcast-server

Use ntp-service broadcast-server to configure the device to operate in NTP broadcast server mode and use the current interface to send NTP broadcast packets.

Use undo ntp-service broadcast-server to remove the configuration.

Syntax

ntp-service broadcast-server [ authentication-keyid keyid | version number ] *

undo ntp-service broadcast-server

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

authentication-keyid keyid: Specifies the key ID to be used for sending broadcast messages to broadcast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize broadcast clients enabled with NTP authentication.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4, and the default is 4.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the broadcast address 255.255.255.255.

If you have configured the device to operate in broadcast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in broadcast server mode and send NTP broadcast messages on VLAN-interface 1, using key 4 for encryption. Set the NTP version to 4.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service broadcast-server authentication-keyid 4 version 4

Related commands

ntp-service broadcast-client

ntp-service dscp

Use ntp-service dscp to set a DSCP value for IPv4 NTP packets.

Use undo ntp-service dscp to restore the default.

Syntax

ntp-service dscp dscp-value

undo ntp-service dscp

Default

The DSCP value for IPv4 NTP packets is 48.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value: Sets a DSCP value in the range of 0 to 63 for IPv4 NTP packets.

Usage guidelines

The DSCP value is included in the ToS field of an IPv4 packet to identify the packet priority.

Examples

# Set the DSCP value for IPv4 NTP packets to 30.

<Sysname> system-view

[Sysname] ntp-service dscp 30

ntp-service enable

Use ntp-service enable to enable the NTP service.

Use undo ntp-service enable to disable the NTP service.

Syntax

ntp-service enable

undo ntp-service enable

Default

The NTP service is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the NTP service.

<Sysname> system-view

[Sysname] ntp-service enable

ntp-service inbound enable

Use ntp-service inbound enable to enable an interface to receive NTP messages.

Use undo ntp-service inbound enable to disable an interface from receiving NTP messages.

Syntax

ntp-service inbound enable

undo ntp-service inbound enable

Default

An interface receives NTP messages.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Execute the undo ntp-service inbound enable command on an interface in the following cases:

· You do not want the interface to synchronize the peer device in the corresponding subnet.

· You do not want the device to be synchronized by the peer device in the subnet corresponding to the interface.

Examples

# Disable VLAN-interface 1 from receiving NTP messages.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] undo ntp-service inbound enable

ntp-service ipv6 acl

Use ntp-service ipv6 acl to configure the right for the peer devices to access the IPv6 NTP services of the local device.

Use undo ntp-service ipv6 to remove the configured IPv6 NTP service access right.

Syntax

ntp-service ipv6 { peer | query | server | synchronization } acl ipv6-acl-number

undo ntp-service ipv6 { peer | query | server | synchronization } [ acl ipv6-acl-number ]

Default

The right for the peer devices to access the IPv6 NTP services on the local device is peer.

Views

System view

Predefined user roes

network-admin

mdc-admin

Parameters

peer: Allows time requests and NTP control queries (such as alarms, authentication status, and time server information) and allows the local device to synchronize itself to a peer device.

query: Allows only NTP control queries from a peer device to the local device.

server: Allows time requests and NTP control queries, but does not allow the local device to synchronize itself to a peer device.

synchronization: Allows only time requests from a system whose address passes the access list criteria.

ipv6-acl-number: Specifies an IPv6 ACL by its number. The peer devices that match the IPv6 ACL have the access right specified in the command. The ipv6-acl-number argument represents a basic IPv6 ACL number in the range of 2000 to 2999 or an advanced IPv6 ACL number in the range of 3000 to 3999.

Usage guidelines

When the device receives an IPv6 NTP request, it matches the request against the access rights in order from the least restrictive to the most restrictive: peer, server, synchronization, and query.

If no right is matched, the peer device does not have access to the NTP service on the local device, and the device cannot synchronize time with the peer device.

If the specified ACL does not exist, or the specified ACL does not contain any rule, any device can access the IPv6 NTP service on the device.

The ntp-service ipv6 acl command provides a minimum security method. NTP authentication is more secure.

If both the ntp-service noquery enable command or its undo form and the ntp-service ipv6 acl command are configured, the ntp-service noquery enable command or its undo form determines whether control queries are allowed.

Examples

# Configure the peer devices on subnet 2001::1 to have full access to the local device.

<Sysname> system-view

[Sysname] acl ipv6 basic 2001

[Sysname-acl-ipv6-basic-2001] rule permit source 2001::1 64

[Sysname-acl-ipv6-basic-2001] quit

[Sysname] ntp-service ipv6 peer acl 2001

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service noquery enable

ntp-service reliable authentication-keyid

ntp-service ipv6 dscp

Use ntp-service ipv6 dscp to set a DSCP value for IPv6 NTP packets.

Use undo ntp-service ipv6 dscp to restore the default.

Syntax

ntp-service ipv6 dscp dscp-value

undo ntp-service ipv6 dscp

Default

The DSCP value for IPv6 NTP packets is 56.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

dscp-value: Specifies a DSCP value in the range of 0 to 63 for IPv6 NTP packets.

Usage guidelines

The DSCP value is included in the Traffic Class field of an IPv6 packet to identify the packet priority.

Examples

# Set the DSCP value for IPv6 NTP packets to 30.

<Sysname> system-view

[Sysname] ntp-service ipv6 dscp 30

ntp-service ipv6 inbound enable

Use ntp-service ipv6 inbound enable to enable an interface to receive IPv6 NTP messages.

Use undo ntp-service ipv6 inbound enable to disable an interface from receiving IPv6 NTP messages.

Syntax

ntp-service ipv6 inbound enable

undo ntp-service ipv6 inbound enable

Default

An interface receives IPv6 NTP messages.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

Execute the undo ntp-service ipv6 inbound enable command on an interface in the following cases:

· You do not want the interface to synchronize the peer devices in the corresponding subnet.

· You do not want the device to be synchronized by the peer devices in the subnet corresponding to the interface.

Examples

# Disable VLAN-interface 1 from receiving IPv6 NTP messages.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] undo ntp-service ipv6 inbound enable

ntp-service ipv6 multicast-client

Use ntp-service ipv6 multicast-client to configure the device to operate in IPv6 NTP multicast client mode and use the current interface to receive IPv6 NTP multicast packets.

Use undo ntp-service ipv6 multicast-client to remove the configuration.

Syntax

ntp-service ipv6 multicast-client ipv6-address

undo ntp-service ipv6 multicast-client ipv6-address

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv6-address: Specifies an IPv6 multicast address. An IPv6 broadcast client and an IPv6 broadcast server must be configured with the same multicast address.

Usage guidelines

After you configure the command, the device listens to IPv6 NTP messages using the specified multicast address as the destination address. It is synchronized based on the received IPv6 NTP messages.

If you have configured the device to operate in IPv6 multicast client mode on an interface by using the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in IPv6 multicast client mode and receive IPv6 NTP multicast messages with the destination FF21::1 on VLAN-interface 1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service ipv6 multicast-client ff21::1

Related commands

ntp-service ipv6 multicast-server

Use ntp-service ipv6 multicast-server to configure the device to operate in IPv6 NTP multicast server mode and use the current interface to send IPv6 NTP multicast packets.

Use undo ntp-service ipv6 multicast-server to remove the configuration.

Syntax

ntp-service ipv6 multicast-server ipv6-address [ authentication-keyid keyid | ttl ttl-number ] *

undo ntp-service ipv6 multicast-server ipv6-address

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ipv6-address: Specifies an IPv6 multicast address. An IPv6 multicast client and server must be configured with the same multicast address.

authentication-keyid keyid: Specifies the key ID to be used for sending multicast messages to multicast clients. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device cannot synchronize clients enabled with NTP authentication.

ttl ttl-number: Specifies the TTL of NTP multicast messages. The value range for the ttl-number argument is 1 to 255, and the default is 16.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the specified IPv6 multicast address.

If you have configured the device to operate in IPv6 multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in IPv6 multicast server mode and send IPv6 NTP multicast messages on VLAN-interface 1 to the multicast address FF21::1, using key 4 for encryption.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service ipv6 multicast-server ff21::1 authentication-keyid 4

Related commands

ntp-service ipv6 multicast-client

ntp-service ipv6 source

Use ntp-service ipv6 source to specify a source interface for IPv6 NTP messages.

Use undo ntp-service ipv6 source to restore the default.

Syntax

ntp-service ipv6 source interface-type interface-number

undo ntp-service ipv6 source

Default

No source interface is specified for IPv6 NTP messages. The device automatically selects the source IP address for IPv6 NTP messages. For more information, see RFC 3484.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

If you specify a source interface for IPv6 NTP messages, the device uses the IPv6 address of the source interface as the source address to send IPv6 NTP messages. Consequently, the destination address of the IPv6 NTP response messages is the address of the source interface.

When the device responds to an IPv6 NTP request, the source IPv6 address of the NTP response is always the IPv6 address of the interface that has received the IPv6 NTP request.

If you do not want the IPv6 address of an interface on the local device to become the destination address for response messages, use the command to specify another interface as the source interface for IPv6 NTP messages.

The source interface for IPv6 NTP messages can also be specified in the following ways:

· In NTP client/server mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-server command, the specified interface acts as the source interface for IPv6 NTP messages.

· In NTP symmetric active/passive mode, if you have specified the source interface for IPv6 NTP messages in the ntp-service ipv6 unicast-peer command, the specified interface acts as the source interface for IPv6 NTP messages.

· In NTP multicast mode, if you have configured the ntp-service ipv6 multicast-server command on an interface, the interface acts as the source interface for NTP multicast messages.

If the specified source interface is down, the device does not send IPv6 NTP messages.

Examples

# Specify the source interface of IPv6 NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service ipv6 source vlan-interface 1

ntp-service ipv6 unicast-peer

Use ntp-service ipv6 unicast-peer to specify an IPv6 symmetric-passive peer for the device.

Use undo ntp-service ipv6 unicast-peer to remove the IPv6 symmetric-passive peer specified for the device.

Syntax

ntp-service ipv6 unicast-peer { peer-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | maxpoll maxpoll-interval | minpoll minpoll-interval | priority | source interface-type interface-number ] *

undo ntp-service ipv6 unicast-peer { peer-name | ipv6-address } [ vpn-instance vpn-instance-name ]

Default

No IPv6 symmetric-passive peer is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies a symmetric-passive peer by its IPv6 address. It must be a unicast address, rather than a multicast address.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the symmetric-passive peer belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the symmetric-passive peer is on the public network, do not specify this option.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the peer. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and the peer do not authenticate each other.

maxpoll maxpoll-interval: Specifies the maximum polling interval. The value range for the maxpoll-interval argument is 4 to 17, to which base 2 is raised to get the interval in seconds. The maximum polling interval is in the range of 24 to 217 (16 to 131072) seconds. The default value for the maxpoll-interval argument is 6 and the default maximum polling interval is 26 (64) seconds.

minpoll minpoll-interval: Specifies the minimum polling interval. The value range for the minpoll-interval argument is 4 to 17, to which base 2 is raised to get the interval in seconds. The minimum polling interval is in the range of 24 to 217 (16 to 131072) seconds. The default value for the minpoll-interval argument is 6 and the default minimum polling interval is 26 (64) seconds.

priority: Specifies the peer specified by ipv6-address or peer-name as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified passive peer address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device is the IPv6 address of the specified source interface. If the specified passive peer address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.

Usage guidelines

When you specify an IPv6 passive peer for the device, the device and its IPv6 passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.

To synchronize the PE to a PE or CE in a VPN instance, provide the vpn-instance vpn-instance-name option in the command.

If you include the vpn-instance vpn-instance-name option in the undo ntp-service ipv6 unicast-peer command, the command removes the symmetric-passive peer in the specified VPN instance. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the symmetric-passive peer on the public network.

If the specified IPv6 address of the passive peer is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN instance for the passive peer.

After you specify an IPv6 symmetric-passive peer for a device, the device polls and synchronizes its time with the peer device at the minimum polling interval. If the time discrepancy between the two remains in the acceptable range, the system gradually increases the polling interval until the maximum polling interval is reached. If the time discrepancy exceeds the acceptable range repeatedly, the polling interval decreases gradually.

The polling interval configuration takes effect when the next polling starts.

Examples

# Specify the device with the IPv6 address of 2001::1 as the symmetric-passive peer of the device, and specify the source interface for IPv6 NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service ipv6 unicast-peer 2001::1 source vlan-interface 1

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service ipv6 unicast-server

Use ntp-service ipv6 unicast-server to specify an IPv6 NTP server for the device.

Use undo ntp-service ipv6 unicast-server to remove an IPv6 NTP server specified for the device.

Syntax

ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | maxpoll maxpoll-interval | minpoll minpoll-interval | priority | source interface-type interface-number ] *

undo ntp-service ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ]

Default

No IPv6 NTP server is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies an NTP server by its IPv6 address. It must be a unicast address, rather than a multicast address.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.

authentication-keyid keyid: Specifies the key ID to be used for sending NTP messages to the NTP server. The value range for the keyid argument is 1 to 4294967295. If you do not specify this option, the local device and NTP server do not authenticate each other.

priority: Specifies this NTP server as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for IPv6 NTP messages. If the specified IPv6 NTP server address is not a link local address, the source IPv6 address for IPv6 NTP messages sent by the local device to the NTP server is the IPv6 address of the specified source interface. If the specified IPv6 NTP server address is a link local address, the IPv6 NTP messages are sent from the specified source interface, and the source address of the messages is the link local address of the interface. The interface-type interface-number argument represents the interface type and number. If you do not specify an interface, the device automatically selects the source IPv6 address of IPv6 NTP messages. For more information, see RFC 3484.

Usage guidelines

When you specify an IPv6 NTP server for the device, the device is synchronized to the IPv6 NTP server, but the IPv6 NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN instance, specify the vpn-instance vpn-instance-name option in the command.

If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server in the specified VPN. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server on the public network.

If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN instance for the NTP server.

After you specify an IPv6 NTP server for a device, the device polls and synchronizes its time with the server at the minimum polling interval. If the time discrepancy between the two remains in the acceptable range, the system gradually increases the polling interval until the maximum polling interval is reached. If the time discrepancy exceeds the acceptable range repeatedly, the polling interval decreases gradually.

The polling interval configuration takes effect when the next polling starts.

Examples

# Specify the IPv6 NTP server 2001::1 for the device.

<Sysname> system-view

[Sysname] ntp-service ipv6 unicast-server 2001::1

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service max-dynamic-sessions

Use ntp-service max-dynamic-sessions to set the maximum number of dynamic NTP sessions.

Use undo ntp-service max-dynamic-sessions to restore the default.

Syntax

ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

Default

The maximum number of dynamic NTP sessions is 100.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

number: Sets the maximum number of dynamic NTP associations, in the range of 0 to 100.

Usage guidelines

A device can have a maximum of 128 concurrent associations, including static associations and dynamic associations. A static association refers to an association that a user has manually created by using an NTP command. A dynamic association is a temporary association created by the system during operation.

This command limits the number of dynamic NTP associations and prevents dynamic NTP associations from occupying too many system resources.

Examples

# Set the maximum number of dynamic NTP associations to 50.

<Sysname> system-view

[Sysname] ntp-service max-dynamic-sessions 50

Related commands

display ntp-service sessions

ntp-service multicast-client

Use ntp-service multicast-client to configure the device to operate in NTP multicast client mode and use the current interface to receive NTP multicast packets.

Use undo ntp-service multicast-client to remove the configuration.

Syntax

ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies a multicast IP address. The default value is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.

Usage guidelines

After you configure the command, the device listens to NTP messages using the specified multicast address as the destination address.

If you have configured the device to operate in multicast client mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast client mode and receive NTP multicast messages on VLAN-interface 1, and set the multicast address to 224.0.1.1.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-client 224.0.1.1

Related commands

ntp-service multicast-server

Use ntp-service multicast-server to configure the device to operate in NTP multicast server mode and use the current interface to send NTP multicast packets.

Use undo ntp-service multicast-server to remove the configuration.

Syntax

ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid | ttl ttl-number | version number ] *

undo ntp-service multicast-server [ ip-address ]

Default

The device does not operate in any NTP association mode.

Views

Interface view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: Specifies a multicast IP address. The default value is 224.0.1.1. A multicast server and client must be configured with the same multicast IP address.

ttl ttl-number: Specifies the TTL of NTP multicast messages. The value range for the ttl-number argument is 1 to 255. The default value is 16.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

After you configure the command, the device periodically sends NTP messages to the specified multicast address.

If you have configured the device to operate in multicast server mode on an interface with the command, do not add the interface to any aggregate group. To add the interface to an aggregate group, remove the configuration of the command.

Examples

# Configure the device to operate in multicast server mode and send NTP multicast messages on VLAN-interface 1 to the multicast address 224.0.1.1, using key 4 for encryption. Set the NTP version to 4.

<Sysname> system-view

[Sysname] interface vlan-interface 1

[Sysname-Vlan-interface1] ntp-service multicast-server 224.0.1.1 version 4 authentication-keyid 4

Related commands

ntp-service multicast-client

ntp-service noquery enable

Use ntp-service noquery enable to disallow control queries for the local device.

Use undo ntp-service noquery enable to allow control queries for the local device.

Syntax

ntp-service noquery enable

undo ntp-service noquery enable

Default

Control queries for the local device are allowed.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

By default, the device allows peer devices to use NTP mode 6 (MODE_CONTROL) and mode 7 (MODE_PRIVATE) messages to query the local NTP status such as alarm, authentication, and time server information. After this command is configured, the device will not accept NTP mode 6 or mode 7 messages. In an unsecure network environment, you can configure this command to avoid security risks.

The ntp-service noquery enable command and its undo form are used only to configure the device to disallow or allow control queries and do not disable or enable clock synchronization. If the ntp-service noquery enable command or its undo form and the ntp-service acl or ntp-service ipv6 acl command are both configured, the ntp-service noquery enable command or its undo form determines whether control queries are allowed.

This command is mutually exclusive with the display ntp-service trace command. To use the display ntp-service trace command, you must configure the device to allow control queries.

Examples

# Disallow control queries for the local device.

<Sysname> system-view

[Sysname] ntp-service noquery enable

Related commands

display ntp-service trace

ntp-service acl

ntp-service ipv6 acl

ntp-service refclock-master

Use ntp-service refclock-master to configure the local clock as the reference source.

Use undo ntp-service refclock-master to remove the configuration.

Syntax

ntp-service refclock-master [ ip-address ] [ stratum ]

undo ntp-service refclock-master [ ip-address ]

Default

The device does not use its local clock as the reference clock.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

ip-address: IP address of the local clock, 127.127.1.u, where u is the NTP process ID in the range of 0 to 3. The default value is 127.127.1.0.

stratum: Stratum level of the local clock, in the range of 1 to 15. The default value is 8. A lower stratum level represents higher clock accuracy.

Usage guidelines

Typically an NTP server that gets its time from an authoritative time source, such as an atomic clock has stratum 1 and operates as the primary time server to provide time synchronization for other devices in the network. The accuracy of each server is the stratum, with the topmost level (primary servers) assigned as one and each level downwards (secondary servers) in the hierarchy assigned as one greater than the preceding level.

If the devices in a network cannot synchronize to an authoritative time source, you can perform the following tasks:

· Select a device that has a relatively accurate clock from the network.

· Use the local clock of the device as the reference clock to synchronize other devices in the network.

Use the command with caution to avoid time errors. As a best practice, set the local clock time to a correct value before you execute the command.

Examples

# Specify the local clock as the reference source, with stratum level 2.

<Sysname> system-view

[Sysname] ntp-service refclock-master 2

ntp-service reliable authentication-keyid

Use ntp-service reliable authentication-keyid to specify an authentication key as a trusted key.

Use undo ntp-service reliable authentication-keyid to remove the configuration.

Syntax

ntp-service reliable authentication-keyid keyid

undo ntp-service reliable authentication-keyid keyid

Default

No trusted key is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295.

Usage guidelines

When NTP authentication is enabled, a client can be synchronized only to a server that can provide a trusted authentication key.

Before you use the command, make sure NTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo ntp-service reliable authentication-keyid command.

You can set a maximum of 128 keys by executing the command.

Examples

# Enable NTP authentication, specify the MD5 algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] ntp-service authentication enable

[Sysname] ntp-service authentication-keyid 37 authentication-mode md5 simple BetterKey

# Specify this key as a trusted key.

[Sysname] ntp-service reliable authentication-keyid 37

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service source

Use ntp-service source to specify a source IPv4 address for NTP messages.

Use undo ntp-service source to restore the default.

Syntax

ntp-service source { interface-type interface-number | ipv4-address }

undo ntp-service source

Default

No source IPv4 address is specified for NTP messages. The device performs the following operations:

· Searches the routing table for the outbound interface of NTP messages.

· Uses the primary IPv4 address of the outbound interface as the source IPv4 address for NTP messages.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number. If you specify a source interface for NTP messages, the device uses the primary IPv4 address of the specified source interface as the source address to send NTP messages. The receiving device uses this address as the destination address of the NTP response message.

Ipv4-address: Specifies the source IPv4 address for NTP messages.

Usage guidelines

When the device responds to an NTP request, the source IP address of the NTP response is always the IP address of the interface that has received the NTP request.

If you have specified the source interface for NTP messages in the ntp-service unicast-server or ntp-service unicast-peer command, the IPv4 address of the specified interface is used as the source IPv4 address for NTP messages.

If you have configured the ntp-service broadcast-server or ntp-service multicast-server command in an interface view, the IPv4 address of the interface is used as the source IPv4 address for broadcast or multicast NTP messages.

If the specified source interface is down, the device does not send NTP messages.

Examples

# Specify the IP address of VLAN-interface 1 as the source IPv4 address for NTP messages.

<Sysname> system-view

[Sysname] ntp-service source vlan-interface 1

ntp-service time-offset-threshold

Use ntp-service time-offset-threshold to set the NTP time-offset thresholds for log and trap outputs.

Use undo ntp-service time-offset-threshold to restore the default.

Syntax

ntp-service time-offset-threshold { log log-threshold | trap trap-threshold } *

undo ntp-service time-offset-threshold

Default

No NTP time-offset thresholds are set for log and trap outputs.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

log log-threshold: Specifies the NTP time-offset threshold for log output. The value range for the log-threshold argument is 128 to 60000, in milliseconds.

trap trap-threshold: Specifies the NTP time-offset threshold for trap output. The value range for the trap-threshold argument is 128 to 60000, in milliseconds.

Usage guidelines

By default, the system synchronizes the NTP client's time to the server and outputs a log and a trap when the time offset exceeds 128 ms for multiple times.

After you set the thresholds, the system synchronizes the client's time to the server when the time offset exceeds 128 ms for multiple times, but outputs logs and traps only when the time offset exceeds the specified thresholds, respectively.

Examples

# Set the NTP time-offset thresholds for log and trap outputs to 500 ms and 600 ms, respectively.

<Sysname> system-view

[Sysname] ntp-service time-offset-threshold log 500 trap 600

ntp-service unicast-peer

Use ntp-service unicast-peer to specify a symmetric-passive peer for the device.

Use undo ntp-service unicast-peer to remove the symmetric-passive peer specified for the device.

Syntax

ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | maxpoll maxpoll-interval | minpoll minpoll-interval | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-peer { peer-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No symmetric-passive peer is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

peer-name: Specifies a symmetric-passive peer by its host name, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies a symmetric-passive peer by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

priority: Specifies the peer specified by ip-address or peer-name as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to its peer, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number. If you do not specify this option, the device searches the routing table for the outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

When you specify a passive peer for the device, the device and its passive peer can be synchronized to each other. If their clocks are in synchronized state, the clock with a high stratum level is synchronized to the clock with a lower stratum level.

To synchronize the PE to a PE or CE in a VPN instance, provide vpn-instance vpn-instance-name in your command.

If you include vpn-instance vpn-instance-name in the undo ntp-service unicast-peer command, the command removes the symmetric-passive peer in the specified VPN instance. If you do not include vpn-instance vpn-instance-name in the command, the command removes the symmetric-passive peer on the public network.

After you specify a symmetric-passive peer for a device, the device polls and synchronizes its time with the peer device at the minimum polling interval. If the time discrepancy between the two remains in the acceptable range, the system gradually increases the polling interval until the maximum polling interval is reached. If the time discrepancy exceeds the acceptable range repeatedly, the polling interval decreases gradually.

The polling interval configuration takes effect when the next polling starts.

Examples

# Specify the device with the IP address of 10.1.1.1 as the symmetric-passive peer of the device, and configure the device to run NTP version 4. Specify the source interface of NTP messages as VLAN-interface 1.

<Sysname> system-view

[Sysname] ntp-service unicast-peer 10.1.1.1 version 4 source-interface vlan-interface 1

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

ntp-service unicast-server

Use ntp-service unicast-server to specify an NTP server for the device.

Use undo ntp-service unicast-server to remove an NTP server specified for the device.

Syntax

ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | maxpoll maxpoll-interval | minpoll minpoll-interval | priority | source interface-type interface-number | version number ] *

undo ntp-service unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No NTP server is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

priority: Specifies this NTP server as the first choice under the same condition.

source interface-type interface-number: Specifies the source interface for NTP messages. For an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number. If you do not specify this option, the device searches the routing table for the outgoing interface and uses the primary IP address of the outgoing interface as the source IP address of the NTP messages.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN instance, provide vpn-instance vpn-instance-name in your command.

If you include the vpn-instance vpn-instance-name option in the undo ntp-service unicast-server command, the command removes the NTP server in the specified VPN instance. If you do not include the vpn-instance vpn-instance-name option in the command, the command removes the NTP server on the public network.

After you specify an NTP server for a device, the device polls and synchronizes its time with the server at the minimum polling interval. If the time discrepancy between the two remains in the acceptable range, the system gradually increases the polling interval until the maximum polling interval is reached. If the time discrepancy exceeds the acceptable range repeatedly, the polling interval decreases gradually.

The polling interval configuration takes effect when the next polling starts.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] ntp-service unicast-server 10.1.1.1 version 4

Related commands

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service reliable authentication-keyid

SNTP commands

display sntp ipv6 sessions

Use display sntp ipv6 sessions to display information about all IPv6 SNTP associations.

Syntax

display sntp ipv6 sessions

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display information about all IPv6 SNTP associations.

<Sysname> display sntp ipv6 sessions

SNTP server: 2001::1

Stratum: 16

Version: 4

Last receive time: No packet was received.

SNTP server: 2001::100

Stratum: 3

Version: 4

Last receive time: Fri, Oct 21 2011 11:28:28.058 (Synced)

Table 7 Command output

Field	Description
SNTP server	SNTP server (NTP server). If this field displays ::, the IPv6 address of the NTP server has not been resolved successfully.
Stratum	Clock stratum level. The stratum level determines the clock precision. The value is in the range of 0 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized.
Version	SNTP version.
Last receive time	Time when the last message was received: · Synced—The local clock is synchronized to the NTP server. · No packet was received—The device has not received any SNTP session information from the server.

‌

display sntp sessions

Use display sntp sessions to display information about all IPv4 SNTP associations.

Syntax

display sntp sessions

Views

Any view

Predefined user roles

network-admin

network-operator

mdc-admin

mdc-operator

Examples

# Display information about all IPv4 SNTP associations.

<Sysname> display sntp sessions

SNTP server Stratum Version Last receive time

1.0.1.11 2 4 Tue, May 17 2011 9:11:20.833 (Synced)

Table 8 Command output

Field	Description
SNTP server	SNTP server (NTP server). If this field displays 0.0.0.0, the IP address of the NTP server has not been resolved successfully.
Stratum	Clock stratum level. The stratum level determines the clock precision. The value is in the range of 0 to 16. A lower stratum level represents higher clock accuracy. A stratum 16 clock is not synchronized.
Version	SNTP version.
Last receive time	Time when the last message was received. Synced means the local clock is synchronized to the NTP server.

‌

sntp authentication enable

Use sntp authentication enable to enable SNTP authentication.

Use undo sntp authentication enable to disable SNTP authentication.

Syntax

sntp authentication enable

undo sntp authentication enable

Default

SNTP authentication is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Usage guidelines

You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers.

To authenticate an NTP server, set an authentication key and specify it as a trusted key.

Examples

# Enable SNTP authentication.

<Sysname> system-view

[Sysname] sntp authentication enable

Related commands

sntp authentication-keyid

sntp reliable authentication-keyid

sntp authentication-keyid

Use sntp authentication-keyid to set an SNTP authentication key.

Use undo sntp authentication-keyid to remove an SNTP authentication key.

Syntax

sntp authentication-keyid keyid authentication-mode { hmac-sha-1 | hmac-sha-256 | hmac-sha-384 | hmac-sha-512 | md5 } { cipher | simple } string [ acl ipv4-acl-number | ipv6 acl ipv6-acl-number ] *

undo sntp authentication-keyid keyid

Default

No SNTP authentication key exists.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

keyid: Specifies an authentication key ID in the range of 1 to 4294967295.

authentication-mode: Specifies an authentication algorithm.

· hmac-sha-1: Specifies the HMAC-SHA-1 algorithm.

· hmac-sha-256: Specifies the HMAC-SHA-256 algorithm.

· hmac-sha-384: Specifies the HMAC-SHA-384 algorithm.

· hmac-sha-512: Specifies the HMAC-SHA-512 algorithm.

· md5: Specifies the MD5 algorithm.

cipher: Specifies an authentication key in encrypted form.

simple: Specifies an authentication key in plaintext form. For security purposes, the authentication key specified in plaintext form will be stored in encrypted form.

string: Specifies a case-sensitive authentication key. Its plaintext form is a string of 1 to 32 characters. Its encrypted form is a string of 1 to 73 characters.

acl ipv4-acl-number: Specifies an IPv4 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

ipv6 acl ipv6-acl-number: Specifies an IPv6 basic ACL by its number in the range of 2000 to 2999. Only the devices permitted by the ACL can use the key ID for authentication.

Usage guidelines

You need to enable SNTP authentication in networks that require time synchronization security to make sure SNTP clients are synchronized only to authenticated NTP servers.

· The device uses the acl ipv4-acl-number or acl ipv6-acl-number option to identify whether the peer device can use the key ID only when an SNTP session to the peer device is to be established or has already existed.

· If the specified ACL does not exist, or the specified ACL does not contain any rule, any device can use the key ID for authentication.

To ensure a successful authentication, configure the same key ID, authentication algorithm, and key on the time server and client.

After you configure an SNTP authentication key, use the sntp reliable authentication-keyid command to set it as a trusted key. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.

The security strength of the five algorithms, in descending order, is HMAC-SHA-512, HMAC-SHA-384, HMAC-SHA-256, HMAC-SHA-1, and MD5.

You can set a maximum of 128 authentication keys by executing the command.

Examples

# Set an MD5 authentication key, with the key ID of 10 and key value of BetterKey. Input the key in plain text.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname] sntp authentication-keyid 10 authentication-mode md5 simple BetterKey

Related commands

sntp authentication enable

sntp reliable authentication-keyid

sntp enable

Use sntp enable to enable the SNTP service.

Use undo sntp enable to disable the SNTP service.

Syntax

sntp enable

undo sntp enable

Default

The SNTP service is disabled.

Views

System view

Predefined user roles

network-admin

mdc-admin

Examples

# Enable the SNTP service.

<Sysname> system-view

[Sysname] sntp enable

sntp ipv6 unicast-server

Use sntp ipv6 unicast-server to specify an IPv6 NTP server for the device.

Use undo sntp ipv6 unicast-server to remove the IPv6 NTP server specified for the device.

Syntax

sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number ] *

undo sntp ipv6 unicast-server { server-name | ipv6-address } [ vpn-instance vpn-instance-name ]

Default

No IPv6 NTP server is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ipv6-address: Specifies an NTP server by its IPv6 address.

vpn-instance vpn-instance-name: Specifies MPLS L3VPN instance to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.

Usage guidelines

When you specify an IPv6 NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN instance, provide the vpn-instance vpn-instance-name option in your command.

If the specified IPv6 address of the NTP server is a link local address, you must specify the source interface for NTP messages and cannot specify a VPN instance for the NTP server.

Examples

# Specify the IPv6 NTP server 2001::1 for the device.

<Sysname> system-view

[Sysname] sntp ipv6 unicast-server 2001::1

Related commands

sntp authentication enable

sntp authentication-keyid

sntp reliable authentication-keyid

Use sntp reliable authentication-keyid to specify a trusted key.

Use undo sntp reliable authentication-keyid to remove the trusted key.

Syntax

sntp reliable authentication-keyid keyid

undo sntp reliable authentication-keyid keyid

Default

No trusted key is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

keyid: Specifies an authentication key by its ID in the range of 1 to 4294967295.

Usage guidelines

If SNTP is enabled, the SNTP client is synchronized only to an NTP server that provides a trusted key.

Before you use the command, make sure SNTP authentication is enabled and an authentication key is configured. The key automatically changes to untrusted after you delete the key. In this case, you do not need to execute the undo sntp-service reliable authentication-keyid command.

Examples

# Enable NTP authentication, and specify the MD5 encryption algorithm, with the key ID of 37 and key value of BetterKey.

<Sysname> system-view

[Sysname] sntp authentication enable

[Sysname] sntp authentication-keyid 37 authentication-mode md5 simple BetterKey

# Specify this key as a trusted key.

[Sysname] sntp reliable authentication-keyid 37

Related commands

sntp authentication-keyid

sntp authentication enable

sntp time-offset-threshold

Use sntp time-offset-threshold to specify the SNTP time-offset thresholds for log and trap outputs.

Use undo sntp time-offset-threshold to restore the default.

Syntax

sntp time-offset-threshold { log log-threshold | trap trap-threshold } *

undo sntp time-offset-threshold

Default

No SNTP time-offset thresholds are set for log and trap outputs.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

log log-threshold: Specifies the SNTP time-offset threshold for log output. The value range for the log-threshold argument is 128 to 60000, in milliseconds.

trap trap-threshold: Specifies the SNTP time-offset threshold for trap output. The value range for the trap-threshold argument is 128 to 60000, in milliseconds.

Usage guidelines

By default, the system synchronizes the SNTP client's time to the server and outputs a log and a trap when the time offset exceeds 128 ms for multiple times.

Examples

# Set the SNTP time-offset thresholds for log and trap outputs to 500 ms and 600 ms, respectively.

<Sysname> system-view

[Sysname] sntp time-offset-threshold log 500 trap 600

sntp unicast-server

Use sntp unicast-server to specify an NTP server for the device.

Use undo sntp unicast-server to remove an NTP server specified for the device.

Syntax

sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ] [ authentication-keyid keyid | source interface-type interface-number | version number ] *

undo sntp unicast-server { server-name | ip-address } [ vpn-instance vpn-instance-name ]

Default

No NTP server is specified.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

server-name: Specifies an NTP server by its host name, a case-insensitive string of 1 to 253 characters.

ip-address: Specifies an NTP server by its IP address. It must be a unicast address, rather than a broadcast address, a multicast address, or the IP address of the local clock.

vpn-instance vpn-instance-name: Specifies the MPLS L3VPN instance VPN to which the NTP server belongs. The vpn-instance-name argument is a case-sensitive string of 1 to 31 characters. If the NTP server is on the public network, do not specify this option.

source interface-type interface-number: Specifies the source interface for NTP messages. In an NTP message the local device sends to the NTP server, the source IP address is the primary IP address of this interface. The interface-type interface-number argument represents the interface type and number.

version number: Specifies the NTP version. The value range for the number argument is 1 to 4. The default value is 4.

Usage guidelines

When you specify an NTP server for the device, the device is synchronized to the NTP server, but the NTP server is not synchronized to the device.

To synchronize the PE to a PE or CE in a VPN instance, provide vpn-instance vpn-instance-name in your command.

Examples

# Specify NTP server 10.1.1.1 for the device, and configure the device to run NTP version 4.

<Sysname> system-view

[Sysname] sntp unicast-server 10.1.1.1 version 4

Related commands

sntp authentication enable

sntp authentication-keyid

sntp reliable authentication-keyid

13-Network Management and Monitoring Command Reference

display ntp-service ipv6 sessions

display ntp-service trace

ntp-service authentication enable

ntp-service authentication-keyid

ntp-service broadcast-server

ntp-service max-dynamic-sessions

ntp-service multicast-server

ntp-service reliable authentication-keyid

ntp-service time-offset-threshold

ntp-service unicast-peer

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Policy & Program

Global Learning

Partner Sales Resources

Service Business

Company Information

News & Events

Contact Us