华为/华三交换机配置NTP时钟同步

数据通信 - 建设篇

---

系列文章回顾

第一章 华为/华三交换机配置自动备份到FTP/SFTP
第二章 华为/华三交换机配置SSH免密登录

下章内容

第四章 华为/华三交换机快速构建三层架构拓扑CLI

---

华为/华三交换机配置NTP时钟同步

背景介绍

为优化建设内网的网管交换机，实现华为交换机和华三交换机的NTP时钟同步，使交换机外发syslog的时钟正确。此例以FortiGate为交换机的NTP时钟服务器，配置交换机的NTP时钟同步。

实施步骤

1. FortiGate防火墙配置本地NTP侦听接口，时钟层级为3
2. 核心层交换机配置NTP侦听的对等体为FortiGate防火墙，并配置本地NTP广播，时钟层级为4
3. 下联的所有交换机侦听NTP广播报文，做NTP时钟同步

防火墙配置本地NTP侦听LAN接口

CLI配置并检查NTP

config system ntp
    set ntpsync enable
    set syncinterval 360
    set server-mode enable
    set interface "Et-trunk"
end

核心交换机配置NTP时钟同步

ntp-service ipv6 disable
ntp-service ipv6 server disable
ntp-service authentication enable
ntp-service sync-interval 180
ntp-service authentication-keyid 1 authentication-mode md5 cipher abcdefg
ntp-service reliable authentication-keyid 1
ntp-service unicast-server 1.1.1.2 source-interface Vlanif200 minpoll 3 preference iburst preempt
int vlan 200
  ntp-service broadcast-server authentication-keyid 1


### 验证NTP时钟同步
dis ntp statistics packet
(略)

<Switch>dis ntp status
 clock status: synchronized 
 clock stratum: 4 
 reference clock ID: 1.1.1.2
 nominal frequency: 100.0000 Hz 
 actual frequency: 100.0000 Hz 
 clock precision: 2^18
 clock offset: -31.0091 ms 
 root delay: 227.05 ms 
 root dispersion: 115.32 ms 
 peer dispersion: 55.53 ms 
 reference time: 00:00:00.598 UTC XXX 00 20XX(E71A2E07.9933B107)
 synchronization state: clock synchronized

<Switch>dis ntp session
 clock source: 255.255.255.255 
 clock stratum: 16 
 clock status: configured, insane, valid, unsynced
 reference clock ID: 0.0.0.0
 reach: 0 
 current poll: 64 
 now: 0 
 offset: 0.0000 ms 
 delay: 0.00 ms 
 disper: 0.00 ms

 clock source: 1.1.1.2
 clock stratum: 3 
 clock status: configured, master, sane, valid
 reference clock ID: x.x.x.x
 reach: 377 
 current poll: 1024 
 now: 766 
 offset: -32.3825 ms 
 delay: 18.57 ms 
 disper: 30.40 ms
 

<Switch>dis ntp trace
 server 127.0.0.1, stratum 4, offset -0.0324 s, synch distance 0.231
 server 1.1.1.2, stratum 3, offset -0.0456 s, synch distance 0.150
 server x.x.x.x, stratum 2, offset -0.0431 s, synch distance 0.085
 x.x.x.x: *Timeout*

下联华为交换机配置NTP时钟同步

# 实验过的部分交换机型号如下
1. FutureMatrix S1730S-S48P4S-A1
2. HUAWEI S5735S-L48T4S-A1
3. HUAWEI S5720-32P-LI-AC
4. HUAWEI S5720-32P-EI-AC

ntp-service ipv6 disable
y
ntp-service sync-interval 180
ntp-service source-interface Vlanif200
undo ntp-service disable
undo ntp-service server disable

ntp-service authentication enable
ntp-service authentication-keyid 1 authentication-mode md5 cipher abcdefg
ntp-service reliable authentication-keyid 1
clock timezone Beijing,Chongqing,Hongkon,Urumqi add 08:00:00
int vlan 200
  ntp-service broadcast-client

下联华三交换机配置NTP时钟同步

# 实验过的部分交换机型号如下
1. H3C S5024PV3-LI-PWR
2. H3C S5024PV3-EI-PWR
3. H3C S5024PV5
4. H3C WX2540H

ntp-service enable
clock protocol ntp
ntp-service authentication enable
ntp-service authentication-keyid 1 authentication-mode md5 simple abcdefg
ntp-service reliable authentication-keyid 1
clock timezone Beijing add 08:00:00
interface vlan 200
  ntp-service broadcast-client

综上步骤完成交换机配置NTP时钟同步。

参考来源

1. 交换机配置NTP