ON THIS PAGE
Example: Configure NTP
This topic provides an example to configure NTP.
The Network Time Protocol (NTP) provides the mechanism to synchronize time and coordinate time distribution in a large, diverse network. NTP uses a returnable-time design in which a distributed subnet of time servers operating in a self-organizing, hierarchical primary-secondary configuration synchronizes local clocks within the subnet and to national time standards by means of wire or radio. The servers also can redistribute reference time using local routing algorithms and time daemons.
This example shows how to configure NTP:
Requirements
This example uses the following software and hardware components:
-
Junos OS Release 11.1 or later
-
A switch connected to a network on which an NTP boot server and NTP server reside
Overview
Debugging and troubleshooting are much easier when the timestamps in the log files of all switches are synchronized, because events that span a network can be correlated with synchronous entries in multiple logs. We recommend using the Network Time Protocol (NTP) to synchronize the system clocks of your switch and other network equipment.
In this example, an administrator wants to synchronize the time in a switch to a single
time source. We recommend using authentication to make sure that the NTP peer is trusted.
The boot-server statement identifies the server from which the initial time
of day and date are obtained when the switch boots. The server statement
identifies the NTP server used for periodic time synchronization. The
authentication-key statement specifies that an HMAC-Message Digest 5
(MD5) scheme is used to hash the key value for authentication, which prevents the switch
from synchronizing with an attacker’s host that is posing as the time server.
Configuration
To configure NTP:
Procedure
CLI Quick Configuration
To quickly configure NTP, copy the following commands and paste them into the switch’s terminal window:
[edit system] set ntp boot-server 10.1.4.1 set ntp server 10.1.4.2 set ntp authentication-key 2 type md5 value "$ABC123"
Step-by-Step Procedure
To configure NTP :
-
Specify the boot server:
[edit system] user@host# set ntp boot-server 10.1.4.1
-
Specify the NTP server:
[edit system] user@host# set ntp server 10.1.4.2
-
Specify one source address per family for each routing-instance:
[edit system] user@host# set system ntp source-address 10.10.4.3 routing-instance ntp-instance
-
Specify the key number, authentication type (MD5), and key for authentication:
[edit system] user@host# set ntp authentication-key 2 type md5 value "$ABC123"
Results
Check the results:
[edit system]
user@host# show
ntp {
boot-server 10.1.4.1;
authentication-key 2 type md5 value "$ABC123"; ## SECRET-DATA
server 10.1.4.2;
source-address 10.10.4.3 routing-instance ntp-instance;
}
Verification
To confirm that the configuration is correct, perform these tasks:
Checking the Time
Purpose
Check the time that has been set on the switch.
Action
Enter the show system uptime operational mode command to display the
time.
user@host> show system uptime fpc0: -------------------------------------------------------------------------- Current time: 2009-06-12 12:49:03 PDT System booted: 2009-05-15 06:24:43 PDT (4w0d 06:24 ago) Protocols started: 2009-05-15 06:27:08 PDT (4w0d 06:21 ago) Last configured: 2009-05-27 14:57:03 PDT (2w1d 21:52 ago) by admin1 12:49PM up 28 days, 6:24, 1 user, load averages: 0.05, 0.06, 0.01
Meaning
The output shows that the current date and time are June 12, 2009 and 12:49:03 PDT. The switch booted 4 weeks, 6 hours, and 24 minutes ago, and its protocols were started approximately 3 minutes before it booted. The switch was last configured by user admin1 on May 27, 2009, and there is currently one user logged in to the switch.
The output also shows that the load average is 0.05 seconds for the last minute, 0.06 seconds for the last 5 minutes, and 0.01 seconds for the last 15 minutes.
Displaying the NTP Peers
Purpose
Verify that the time has been obtained from an NTP server.
Action
Enter the show ntp associations operational mode command to display
the NTP server from switch obtained its time.
user@host> show ntp associations
remote refid st t when poll reach delay offset jitter
==============================================================================
*ntp.net .GPS. 1 u 414 1024 377 3.435 4.002 0.765Meaning
The asterisk (*) in front of the NTP server name, or peer, indicates that the time is synchronized and obtained from this server. The delay, offset, and jitter are displayed in milliseconds.
Displaying the NTP Status
Purpose
View the configuration of the NTP server and the status of the system.
Action
Enter the show ntp status operational mode command to view the status
of the NTP.
user@host> show ntp status status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg, version="ntpd 4.2.0-a Mon Apr 13 19:09:05 UTC 2009 (1)", processor="powerpc", system="JUNOS9.5R1.8", leap=00, stratum=2, precision=-18, rootdelay=2.805, rootdispersion=42.018, peer=48172, refid=192.168.28.5, reftime=cddd397a.60e6d7bf Fri, Jun 12 2009 13:30:50.378, poll=10, clock=cddd3b1b.ec5a2bb4 Fri, Jun 12 2009 13:37:47.923, state=4, offset=3.706, frequency=-23.018, jitter=1.818, stability=0.303
Meaning
The output shows status information about the switch and the NTP.