Configuring the NTP Time Server and Time Services
When you use NTP, configure the router or switch to operate in one of the following modes:
Client mode
Symmetric active mode
Broadcast mode
Server mode
The following topics describe how to configure these modes of operation:
Configuring the Router or Switch to Operate in Client Mode
To configure the local router or switch to operate
in client mode, include the server
statement and other
optional statements at the [edit system ntp]
hierarchy
level:
[edit system ntp]
server address <key key-number> <version value> <routing-instance routing-instance> <prefer>;
authentication-key key-number type type value password;
boot-server address;
trusted-key [ key-numbers ];
Specify the address of the system acting as the time server. You must specify an address, not a hostname.
To include an authentication key in all messages
sent to the time server, include the key
option. The key
corresponds to the key number you specify in the authentication-key
statement, as described in Configuring
NTP Authentication Keys.
By default, the router or switch sends NTP version
4 packets to the time server. To set the NTP version level to 1, 2,
or 3, include the version
option.
If you configure more than one time server, you
can mark one server preferred by including the prefer
option.
For information about how to configure trusted keys, see Configuring NTP Authentication Keys. For information about how to configure an NTP boot server, see Configuring the NTP Boot Server. For information about how to configure the router or switch to operate in server mode, see Configuring the Router or Switch to Operate in Server Mode.
The following example shows how to configure the router or switch to operate in client mode:
[edit system ntp] authentication-key 1 type md5 value "$9$EgfcrvX7VY4ZEcwgoHjkP5Q3CuREyv87"; boot-server 10.1.1.1; server 10.1.1.1 key 1 prefer; trusted-key 1;
Configuring the Router or Switch to Operate in Symmetric Active Mode
To configure the local router or switch to operate
in symmetric active mode, include the peer
statement at
the [edit system ntp]
hierarchy level:
[edit system ntp] peer address <key key-number> <version value> <prefer>;
Specify the address of the remote system. You must specify an address, not a hostname.
To include an authentication key in all messages
sent to the remote system, include the key
option. The
key corresponds to the key number you specify in the authentication-key
statement, as described in Configuring
NTP Authentication Keys.
By default, the router or switch sends NTP version
4 packets to the remote system. To set the NTP version level to 1,
2 or 3, include the version
option.
If you configure more than one remote system, you
can mark one system preferred by including the prefer
option:
peer address <key key-number> <version value> prefer;
Configuring the Router or Switch to Operate in Broadcast Mode
To configure the local router or switch to operate
in broadcast mode, include the broadcast
statement at the [edit system ntp]
hierarchy level:
[edit system ntp] broadcast address <key key-number> <version value> <ttl value>;
Specify the broadcast address on one of the local
networks or a multicast address assigned to NTP. You must specify
an address, not a hostname. If the multicast address is used, it must
be 224.0.1.1
.
To include an authentication key in all messages
sent to the remote system, include the key
option. The
key corresponds to the key number you specify in the authentication-key
statement, as described in Configuring
NTP Authentication Keys.
By default, the router or switch sends NTP version
4 packets to the remote system. To set the NTP version level to 1,
2, or 3, include the version
option.
Configuring the Router or Switch to Operate in Server Mode
In server mode, the router or switch acts as an NTP server for clients when the clients are configured appropriately. The only prerequisite for “server mode” is that the router or switch must be receiving time from another NTP peer or server. No other configuration is necessary on the router or switch.
When configuring the NTP service in the management VRF (mgmt_junos
), you
must configure at least one IP address on a physical or logical interface within
the default routing instance and ensure that this interface is up in order for
the NTP service to work with the mgmt_junos VRF.
To configure the local router or switch to operate
as an NTP server, include the following statements at the [edit
system ntp]
hierarchy level:
[edit system ntp] authentication-key key-number type type value password; server address <key key-number> <version value> <routing-instance routing-instance> <prefer>; trusted-key [ key-numbers ];
Specify the address of the system acting as the time server. You must specify an address, not a hostname.
To include an authentication key in all messages
sent to the time server, include the key
option. The key
corresponds to the key number you specify in the authentication-key
statement, as described in Configuring
NTP Authentication Keys.
By default, the router or switch sends NTP version
4 packets to the time server. To set the NTP version level to 1, 2,
or 3, include the version
option.
If you configure more than one time server, you
can mark one server preferred by including the prefer
option.
For information about how to configure trusted keys, see Configuring NTP Authentication Keys. For information about how to configure the router or switch to operate in client mode, see Configuring the Router or Switch to Operate in Client Mode.
The following example shows how to configure the router or switch to operate in server mode:
[edit system ntp] authentication-key 1 type md5 value "$9$txERuBEreWx-wtuLNdboaUjH.T3AtOESe"; server 172.17.27.46 prefer; trusted-key 1;
When a host is added as an NTP server, it resolves to an IP address prior to being added to the configuration.