Network Time Protocol Commands

ntp

Syntax

[no] ntp

Context

config>system>time

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

Commands in this context configure Network Time Protocol (NTP) and its operation. This protocol defines a method to accurately distribute and maintain time for network elements. Furthermore this capability allows for the synchronization of clocks between the various network elements.

The no form of this command stops the execution of NTP and remove its configuration.

authentication-check

Syntax

[no] authentication-check

Context

config>system>time>ntp

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command skips the rejection of NTP PDUs that do not match the authentication key ID, type or key requirements. The default behavior when authentication is configured is to reject all NTP protocol PDUs that have a mismatch in either the authentication key ID, type or key.

When authentication-check is enabled, NTP PDUs are authenticated on receipt. However, mismatches cause a counter to be increased, one counter for type and one for key ID, one for type, value mismatches. These counters are visible in a show command.

The no form of this command allows authentication mismatches to be accepted; the counters however are maintained.

Default

authentication-checks

authentication-key

Syntax

authentication-key key-id {key key} [hash | hash2] type {des | message-digest}

no authentication-key key-id

Context

config>system>time>ntp

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command sets the authentication key ID, type and key used to authenticate NTP PDUs sent to or received by other network elements participating in the NTP protocol. For authentication to work, the authentication key ID, type and key value must match.

The no form of this command removes the authentication key.

Parameters

key-id

Specifies the authentication key ID that is used by the node when transmitting or receiving Network Time Protocol packets.

Entering the authentication-key command with a key ID value that matches an existing configuration key results in overriding the existing entry.

Recipients of the NTP packets must have the same authentication key ID, type, and key value to use the data transmitted by this node.

Values

1 to 255

key key

Specifies the authentication key associated with the configured key ID, the value configured in this parameter is the actual value used by other network elements to authenticate the NTP packet.

The key can be any combination of ASCII characters up to maximum 32 characters for message-digest (MD5) or maximum 8 characters for des (length limits are not encrypted). If spaces are used in the string, enclose the entire string in quotation marks (‟.”).

hash

Specifies that the key is entered in an encrypted form. If the hash or hash2 parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in an encrypted form in the configuration file with the hash or hash2 parameter specified.

hash2

Specifies that the key is entered in a more complex encrypted form that involves more variables than the key value alone; that is, the hash2 encrypted variable cannot be copied and pasted. If the hash or hash2 parameter is not used, the key is assumed to be in a non-encrypted, clear text form. For security, all keys are stored in encrypted form in the configuration file with the hash or hash2 parameter specified.

type

Specifies if DES or message-digest authentication is used.

Values

des — Specifies that DES authentication is used for this key

message-digest — Specifies that MD5 authentication in accordance with RFC 2104 is used for this key

broadcast

Syntax

broadcast [router router-name] {interface ip-int-name} [key-id key-id] [version version] [ttl ttl]

no broadcast [router router-name] {interface ip-int-name}

Context

config>system>time>ntp

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

This command configures the node to transmit NTP packets on a specific interface. Broadcast and multicast messages can easily be spoofed, therefore, authentication is strongly recommended.

The no form of this command removes the address from the configuration.

Parameters

router-name

Specifies the router name used to transmit NTP packets. Base is the default and the only router name supported currently.

Values

Base

Default

Base

ip-int-name

Specifies the local interface on which to transmit NTP broadcast packets, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

key-id key-id

Specifies the configured authentication key and authentication type used by this node to receive and transmit NTP packets to and from an NTP server and peers. If an NTP packet is received by this node both authentication key and authentication type must be valid otherwise the packet is rejected and an event/trap generated.

Values

1 to 255

version version

Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode in which case all versions are accepted.

Values

2 to 4

Default

4

ttl ttl

Specifies the IP Time To Live (TTL) value.

Values

1 to 255

broadcastclient

Syntax

broadcastclient [router router-name] {interface ip-int-name} [authenticate]

no broadcastclient [router router-name] {interface ip-int-name}

Context

config>system>time>ntp

Platforms

7210 SAS-D, 7210 SAS-Dxp

Description

When configuring NTP, the node can be configured to receive broadcast packets on a specific subnet. Broadcast and multicast messages can easily be spoofed, therefore, authentication is strongly recommended. If broadcast is not configured then received NTP broadcast traffic is ignored. Use the show command to view the state of the configuration.

The no form of this command removes the address from the configuration.

Parameters

router-name

Specifies the router name used to receive NTP packets.

Values

Base

Default

Base

ip-int-name

Specifies the local interface on which to receive NTP broadcast packets, up to 32 characters. If the string contains special characters (#, $, spaces, and so on), the entire string must be enclosed within double quotes.

authenticate

Specifies whether to require authentication of NTP PDUs. When enabled, NTP PDUs are authenticated upon receipt.

ntp-server

Syntax

ntp-server [authenticate]

no ntp-server

Context

config>system>time>ntp

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command configures the node to assume the role of an NTP server. Unless the server command is used, this node functions as an NTP client only and does not distribute the time to downstream network elements.

Default

no ntp-server

Parameters

authenticate

Specifies authentication as a requirement. If authentication is required, the authentication key ID received in a message must have been configured in the authentication-key command, and the key ID type and value must also match.

peer

Syntax

peer ip-address [key-id key-id] [version version] [prefer]

no peer ip-address

Context

config>system>time>ntp

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command configures symmetric active mode for the configured peer. Although any system can be configured to peer with any other NTP node it is recommended to configure authentication and to configure known time servers as their peers.

The no form of this command removes the configured peer.

Parameters

ip-address

Specifies the IP address of the peer that requires a peering relationship to be set up. This is a required parameter.

key-id key-id

Specifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP peer. If an NTP packet is received by this node, the authentication key ID, type, and key value must be valid, otherwise the packet is rejected and an event/trap generated. Successful authentication requires that both peers must have configured the same authentication key ID, type, and key value.

Values

1 to 255

version version

Specifies the NTP version number that is generated by this node. This parameter does not need to be configured when in client mode in which case all three nodes are accepted.

Values

2 to 4

Default

4

prefer

Specifies the preferred peer. One remote system can be configured as the preferred peer when a second peer is configured as preferred, then the new entry overrides the old entry.

server

Syntax

server {ip address | ptp} [key-id key-id] [version version] [prefer]

no server ip address

Context

config>system>time>ntp

Platforms

Supported on all 7210 SAS platforms as described in this document

Description

This command is used when the node operates in client mode with the ntp server specified in the address field of this command.

Up to five NTP servers can be configured.

If the internal PTP process is to be used as a source of time for System Time and OAM time, it must be specified as a server for NTP. If PTP is specified, the prefer parameter must also be specified. After PTP has established a UTC traceable time from an external grandmaster, it is always the source for time into NTP, even if PTP goes into time holdover.

Note:

Use of the internal PTP time source for NTP promotes the internal NTP server to stratum 1 level. This may impact the NTP network topology.

The no form of this command removes the server with the specified address from the configuration.

Parameters

ip-address

Specifies the IP address of a node that acts as an NTP server to this network element. This is a required parameter.

Values

a.b.c.d

ptp

Keyword to configure the internal PTP process as a time server into the NTP process. The prefer keyword is mandatory with this server option. The ptp keyword is supported only on the 7210 SAS-D ETR, 7210 SAS-Dxp 12p ETR, 7210 SAS-K 2F1C2T, 7210 SAS-K 2F6C4T, and 7210 SAS-K 3SFP+ 8C.

key-id key-id

Specifies the configured authentication key and authentication type used by this node to transmit NTP packets to an NTP server. If an NTP packet is received by this node, the authentication key ID, type, and key value must be valid, otherwise the packet is rejected and an event/trap generated. This is an optional parameter.

Values

1 to 255

version version

Specifies the NTP version number that is expected by this node..

Values

2 to 4

Default

4

prefer

Specifies the preferred peer. When configuring more than one peer, one remote system can be configured as the preferred peer. When a second peer is configured as preferred, then the new entry overrides the old entry.