Configuring ntp server/client mode – H3C Technologies H3C S3600 Series Switches User Manual
Page 874
1-7
To protect unused sockets against attacks by malicious users and improve security, H3C S3600 series
Ethernet switches provide the following functions:
z
UDP port 123 is opened only when the NTP feature is enabled.
z
UDP port 123 is closed as the NTP feature is disabled.
These functions are implemented as follows:
z
Execution of one of the ntp-service unicast-server, ntp-service unicast-peer, ntp-service
broadcast-client, ntp-service broadcast-server, ntp-service multicast-client, and ntp-service
multicast-server commands enables the NTP feature and opens UDP port 123 at the same time.
z
Execution of the undo form of one of the above six commands disables all implementation modes
of the NTP feature and closes UDP port 123 at the same time.
Configuring NTP Server/Client Mode
For switches working in the server/client mode, you only need to perform configurations on the clients,
and not on the servers.
Follow these steps to configure an NTP client:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure an NTP
client
ntp-service unicast-server { remote-ip |
server-name } [ authentication-keyid key-id |
priority | source-interface Vlan-interface
vlan-id | version number ]*
Required
By default, the switch is
not configured to work in
the NTP client mode.
z
The remote server specified by remote-ip or server-name serves as the NTP server, and the local
switch serves as the NTP client. The clock of the NTP client will be synchronized by but will not
synchronize that of the NTP server.
z
remote-ip cannot be a broadcast address, a multicast address or the IP address of the local clock.
z
After you specify an interface for sending NTP messages through the source-interface keyword,
the source IP address of the NTP message will be configured as the primary IP address of the
specified interface.
z
A switch can act as a server to synchronize the clock of other switches only after its clock has been
synchronized. If the clock of a server has a stratum level lower than or equal to that of a client’s
clock, the client will not synchronize its clock to the server’s.
z
You can configure multiple servers by repeating the ntp-service unicast-server command. The
client will choose the optimal reference source.