Example: Configuring NTP
The Network Time Protocol (NTP) provides the mechanisms to synchronize time and coordinate time distribution in a large, diverse network. NTP uses a returnable-time design in which a distributed subnet of time servers operating in a self-organizing, hierarchical primary-secondary configuration synchronizes local clocks within the subnet and to national time standards by means of wire or radio. The servers also can redistribute reference time using local routing algorithms and time daemons.
This example shows how to configure NTP:
This example uses the following software and hardware components:
Junos OS Release 11.1 or later
A switch connected to a network on which an NTP boot server and NTP server reside
Debugging and troubleshooting are much easier when the timestamps in the log files of all switches are synchronized, because events that span a network can be correlated with synchronous entries in multiple logs. We recommend using the Network Time Protocol (NTP) to synchronize the system clocks of your switch and other network equipment.
In this example, an administrator wants to synchronize the time in a switch to a single time source. We recommend using authentication to make sure that the NTP peer is trusted. The boot-server statement identifies the server from which the initial time of day and date are obtained when the switch boots. The server statement identifies the NTP server used for periodic time synchronization. The authentication-key statement specifies that an HMAC-Message Digest 5 (MD5) scheme is used to hash the key value for authentication, which prevents the switch from synchronizing with an attacker’s host that is posing as the time server.
To configure NTP:
CLI Quick Configuration
To quickly configure NTP, copy the following commands and paste them into the switch’s terminal window:
set ntp boot-server 10.1.4.1
set ntp server 10.1.4.2
set ntp authentication-key 2 type md5 value "$ABC123"
To configure NTP :
- Specify the boot server:
user@switch# set ntp boot-server 10.1.4.1
- Specify the NTP server:
user@switch# set ntp server 10.1.4.2
- Specify the key number, authentication type (MD5), and
key for authentication:
user@switch# set ntp authentication-key 2 type md5 value "$ABC123"
Check the results:
To confirm that the configuration is correct, perform these tasks:
Checking the Time
Check the time that has been set on the switch.
Enter the show system uptime operational mode command to display the time.
user@switch> show system uptime
fpc0: -------------------------------------------------------------------------- Current time: 2009-06-12 12:49:03 PDT System booted: 2009-05-15 06:24:43 PDT (4w0d 06:24 ago) Protocols started: 2009-05-15 06:27:08 PDT (4w0d 06:21 ago) Last configured: 2009-05-27 14:57:03 PDT (2w1d 21:52 ago) by admin1 12:49PM up 28 days, 6:24, 1 user, load averages: 0.05, 0.06, 0.01
The output shows that the current date and time are June 12, 2009 and 12:49:03 PDT. The switch booted 4 weeks, 6 hours, and 24 minutes ago, and its protocols were started approximately 3 minutes before it booted. The switch was last configured by user admin1 on May 27, 2009, and there is currently one user logged in to the switch.
The output also shows that the load average is 0.05 seconds for the last minute, 0.06 seconds for the last 5 minutes, and 0.01 seconds for the last 15 minutes.
Displaying the NTP Peers
Verify that the time has been obtained from an NTP server.
Enter the show ntp associations operational mode command to display the NTP server from switch obtained its time.
user@switch> show ntp associations
remote refid st t when poll reach delay offset jitter ============================================================================== *ntp.net .GPS. 1 u 414 1024 377 3.435 4.002 0.765
The asterisk (*) in front of the NTP server name, or peer, indicates that the time is synchronized and obtained from this server. The delay, offset, and jitter are displayed in milliseconds.
Displaying the NTP Status
View the configuration of the NTP server and the status of the system.
Enter the show ntp status operational mode command to view the status of the NTP.
user@switch> show ntp status
status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg, version="ntpd 4.2.0-a Mon Apr 13 19:09:05 UTC 2009 (1)", processor="powerpc", system="JUNOS9.5R1.8", leap=00, stratum=2, precision=-18, rootdelay=2.805, rootdispersion=42.018, peer=48172, refid=192.168.28.5, reftime=cddd397a.60e6d7bf Fri, Jun 12 2009 13:30:50.378, poll=10, clock=cddd3b1b.ec5a2bb4 Fri, Jun 12 2009 13:37:47.923, state=4, offset=3.706, frequency=-23.018, jitter=1.818, stability=0.303
The output shows status information about the switch and the NTP.