[no] ntp
config>system>time
Supported on all 7210 SAS platforms as described in this document
Commands in this context configure Network Time Protocol (NTP) and its operation. This protocol defines a method to accurately distribute and maintain time for network elements. Furthermore this capability allows for the synchronization of clocks between the various network elements.
The no form of this command stops the execution of NTP and remove its configuration.
[no] authentication-check
config>system>time>ntp
Supported on all 7210 SAS platforms as described in this document
This command skips the rejection of NTP PDUs that do not match the authentication key ID, type or key requirements. The default behavior when authentication is configured is to reject all NTP protocol PDUs that have a mismatch in either the authentication key ID, type or key.
When authentication-check is enabled, NTP PDUs are authenticated on receipt. However, mismatches cause a counter to be increased, one counter for type and one for key ID, one for type, value mismatches. These counters are visible in a show command.
The no form of this command allows authentication mismatches to be accepted; the counters however are maintained.
authentication-checks
authentication-key key-id {key key} [hash | hash2] type {des | message-digest}
no authentication-key key-id
config>system>time>ntp
Supported on all 7210 SAS platforms as described in this document
This command sets the authentication key ID, type and key used to authenticate NTP PDUs sent to or received by other network elements participating in the NTP protocol. For authentication to work, the authentication key ID, type and key value must match.
The no form of this command removes the authentication key.
Specifies the authentication key ID that is used by the node when transmitting or receiving Network Time Protocol packets.
Entering the authentication-key command with a key ID value that matches an existing configuration key results in overriding the existing entry.
Recipients of the NTP packets must have the same authentication key ID, type, and key value to use the data transmitted by this node.
Specifies the authentication key associated with the configured key ID, the value configured in this parameter is the actual value used by other network elements to authenticate the NTP packet.
The key can be any combination of ASCII characters up to maximum 32 characters for message-digest (MD5) or maximum 8 characters for des (length limits are not encrypted). If spaces are used in the string, enclose the entire string in quotation marks (‟.”).
Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in an encrypted form in the configuration file with the hash or hash2 parameter specified.
Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone; that is, the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.
Specifies if DES or message-digest authentication is used.
broadcast [router router-name] {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]
no broadcast [router router-name] {interface ip-int-name}
config>system>time>ntp
7210 SAS-D, 7210 SAS-Dxp
This command configures the node to transmit NTP packets on a specific interface. Broadcast and multicast messages can easily be spoofed, therefore, authentication is strongly recommended.
The no form of this command removes the address from the configuration.
Specifies the router name used to transmit NTP packets. Base is the default and the only router name supported currently.
Specifies the local interface on which to transmit NTP broadcast packets, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Specifies the configured authentication key and authentication type used by this node to receive and transmit NTP packets to and from an NTP server and peers. If an NTP packet is received by this node both authentication key and authentication type must be valid otherwise the packet is rejected and an event/trap generated.
Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode in which case all versions are accepted.
Specifies the IP Time To Live (TTL) value.
broadcastclient [router router-name] {interface ip-int-name} [authenticate]
no broadcastclient [router router-name] {interface ip-int-name}
config>system>time>ntp
7210 SAS-D, 7210 SAS-Dxp
When configuring NTP, the node can be configured to receive broadcast packets on a specific subnet. Broadcast and multicast messages can easily be spoofed, therefore, authentication is strongly recommended. If broadcast is not configured then received NTP broadcast traffic is ignored. Use the show command to view the state of the configuration.
The no form of this command removes the address from the configuration.
Specifies the router name used to receive NTP packets.
Specifies the local interface on which to receive NTP broadcast packets, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.
Specifies whether to require authentication of NTP PDUs. When enabled, NTP PDUs are authenticated upon receipt.
ntp-server [authenticate]
no ntp-server
config>system>time>ntp
Supported on all 7210 SAS platforms as described in this document
This command configures the node to assume the role of an NTP server. Unless the server command is used, this node functions as an NTP client only and does not distribute the time to downstream network elements.
no ntp-server
Specifies authentication as a requirement. If authentication is required, the authentication key ID received in a message must have been configured in the authentication-key command, and the key ID type and value must also match.
peer ip-address [key-id key-id] [version version] [prefer]
no peer ip-address
config>system>time>ntp
Supported on all 7210 SAS platforms as described in this document
This command configures symmetric active mode for the configured peer. Although any system can be configured to peer with any other NTP node it is recommended to configure authentication and to configure known time servers as their peers.
The no form of this command removes the configured peer.
Specifies the IP address of the peer that requires a peering relationship to be set up. This is a required parameter.
Specifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP peer. If an NTP packet is received by this node, the authentication key ID, type, and key value must be valid, otherwise the packet is rejected and an event/trap generated. Successful authentication requires that both peers must have configured the same authentication key ID, type, and key value.
Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode in which case all three nodes are accepted.
Specifies the preferred peer. One remote system can be configured as the preferred peer when a second peer is configured as preferred, then the new entry overrides the old entry.
server {ip address | ptp} [key-id key-id] [version version] [prefer]
no server ip address
config>system>time>ntp
Supported on all 7210 SAS platforms as described in this document
This command is used when the node operates in client mode with the ntp server specified in the address field of this command.
Up to five NTP servers can be configured.
If the internal PTP process is to be used as a source of time for System Time and OAM time, it must be specified as a server for NTP. If PTP is specified, the prefer parameter must also be specified. After PTP has established a UTC traceable time from an external grandmaster, it is always the source for time into NTP, even if PTP goes into time holdover.
Use of the internal PTP time source for NTP promotes the internal NTP server to stratum 1 level. This may impact the NTP network topology.
The no form of this command removes the server with the specified address from the configuration.
Specifies the IP address of a node that acts as an NTP server to this network element. This is a required parameter.
Keyword to configure the internal PTP process as a time server into the NTP process. The prefer keyword is mandatory with this server option. The ptp keyword is supported only on the 7210 SAS-D ETR, 7210 SAS-Dxp 12p ETR, 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C.
Specifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP server. If an NTP packet is received by this node, the authentication key ID, type, and key value must be valid, otherwise the packet is rejected and an event/trap generated. This is an optional parameter.
Specifies the NTP version number that is expected by this node..
Specifies the preferred peer. When configuring more than one peer, one remote system can be configured as the preferred peer. When a second peer is configured as preferred, then the new entry overrides the old entry.