NVIDIA Onyx User Manual v3.10.4408 LTS

NTP and Clock

Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over variable-latency data networks. NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC) and is designed to mitigate the effects of variable network latency. NTP can usually maintain time to within tens of milliseconds over the public Internet, and can achieve better than one millisecond accuracy in local area networks under ideal conditions.

When authentication of incoming NTP packets is enabled, the switch ensures that they come from an authenticated time source before using them for time synchronization on the switch. Authentication keys are created and added to the trusted list.

To add a key to be used for authentication, take the following steps.

  1. Create the key.

    Copy
    Copied!
                

    switch (config)# ntp authentication-key 1 md5 password

  2. Add the key to the trusted list.

    Copy
    Copied!
                

    switch (config)# ntp trusted-key 1

  3. Assign the key to the server/peer.

    Copy
    Copied!
                

    switch (config)# ntp server 10.34.1.1 keyID 1

An authentication key may be created and used to authenticate incoming NTP packets. For the key to be used, make sure the following is in place.

  1. It should be shared with the NTP server/peer sending the NTP packet.

  2. It should be added to the trusted list.

  3. NTP authenticate should be enabled on the system

For more information about this feature and its potential applications, please refer to the following community post:

clock set

1

clock set <hh:mm:ss> [<yyyy/mm/dd>]

Sets the time and date.

2

Syntax Description

hh:mm:ss

Time

yyyy/mm/dd

Date

3

Default

N/A

4

Configuration Mode

config

5

History

3.1.0000

6

Example

switch (config) # clock set 23:23:23 2010/08/19

7

Related Commands

show clock

8

Notes

If not specified, the date will be left the same.


clock timezone

clock timezone [<zone-word> [<zone-word> [<zone-word>] [<zone-word>]]]

no clock timezone

Sets the system time zone. The time zone may be specified in one of three ways:

  • A nearby city whose time zone rules to follow. The system has a large list of cities which can be displayed by the help and completion system. They are organized hierarchically because there are too many of them to display in a flat list. A given city may be required to be specified in two, three, or four words, depending on the city

  • An offset from UTC. This will be in the form UTC-offset UTC, UTC-offset UTC+<0-14>, UTC-offset UTC-<1-12>

  • UTC (Universal Time, which is almost identical to GMT), and this is the default time zone

The no form of the command resets time zone to its default (GMT).

Syntax Description

zone-word

Possible forms this could take include: continent, city, continent, country, city, continent, region, country, city, ocean, and/or island.

Default

GMT

Configuration Mode

config

History

3.1.0000

Example

switch (config) # clock timezone America North United_States Other New_York

Related Commands

show clock

Notes


ntp

ntp { {[vrf <vrf-name>] { disable | enable [force]}} | {peer | server} <IP address> [version <number> | disable]}

no ntp { {[vrf <vrf-name>] {disable | enable}} | {peer | server} <IP address> [version <number> | disable]}

Configures NTP.

The no form of the command negates NTP options.

Syntax Description

disable

Disables NTP.

enable

Enables NTP.

peer | server

Configures an NTP peer or server node.

IP address

IPv4 or IPv6 address.

version <number>

Specifies the NTP version number of this peer.

Possible values: 3 or 4

vrf name—Describes the VRF name for NTP daemon. If the VRF parameter is not specified, the "default" VRF will be used implicitly

force—This option will restart ntp with passed VRF context even if it was already enabled using other VRF.

Default

NTP is enabled

NTP version number is 4

Configuration Mode

config

History

3.1.0000

3.9.2000—Added VRF option

Example

switch (config) # no ntp peer 192.168.10.24 disable

Related Commands

Notes

NTP can be enabled only in one VRF at a time.


ntpdate

ntpdate <ip-address>

Configures the system clock using the specified SNTP server.

Syntax Description

ip-address

IP address of SNTP server.

Default

N/A

Configuration Mode

config

History

3.1.0000

Example

switch (config) # ntpdate 192.168.10.10

26 Feb 17:25:40 ntpdate[15206]: adjust time server 192.168.10.10 offset -0.000092 sec

Related Commands

Notes

This is a one-time operation and does not cause the clock to be kept in sync on an ongoing basis. It will generate an error if SNTP is enabled since the socket it requires will already be in use.


ntp authenticate

ntp authenticate

no ntp authenticate

Enables NTP authentication.

The no form of the command disables NTP authentication.

Syntax Description

N/A

Default

Disabled

Configuration Mode

config

History

3.5.0200

Example

switch (config) # ntp authenticate

Related Commands

Notes


ntp authentication-key

ntp authentication-key <key-id> <encrypt-type> [<password>]

no ntp authentication-key <key-id>

Enables NTP authentication.

The no form of the command disables NTP authentication.

Syntax Description

key-id

Specifies a key ID, whether existing or a new one to be added.

Range: 1-65534

encrypt-type

Specifies encryption type to use (md5, or sha1)

password

Password string

Default

Disabled

Configuration Mode

config

History

3.5.0200

Example

switch (config) # ntp authentication-key 123 md5 examplepass

switch (config) # ntp authentication-key 1234 sha1

Password: **

Confirm: **

Related Commands

Notes

If a password is not entered, a prompt appears requiring that a password is introduced.


ntp peer disable

ntp peer <ip-address> disable

no ntp peer <ip-address> disable

Temporarily disables this NTP peer.

The no form of the command enables this NTP peer.

Syntax Description

ip-address

IP address of the peer.IPv4, IPv6 and hostname (FQDN) are acceptable.

Default

Disabled

Configuration Mode

config

History

3.5.0200

3.6.4000—Added hostname as option for ip-address, and added note

Example

switch (config) # ntp peer 10.10.10.10 disable

Related Commands

Notes

  • IP addresses must be in IPv4 format (e.g., '192.168.0.1') or IPv6 format with scope zone ID for IPv6 link-local addresses (e.g., '2001:db8:701f::8f9' or 'fe80::21c:23f:ec1:4fb%7'.)

  • The length of a hostname is limited to 255 characters. Each label (node delimited by a dot in the hostname) is limited to 63 characters and may contain letters, numbers and hyphens ('-'), but may not begin with a hyphen.


ntp peer keyID

ntp peer <ip-address> keyID <key-id>

no ntp peer <ip-address> keyID <key-id>

Specifies the KeyID of the NTP peer.

The no form of the command removes key ID configuration from the NTP peer.

Syntax Description

ip-address

IP address of the peer.IPv4, IPv6 and hostname (FQDN) are acceptable.

key-id

Range: 1-65534

Default

Disabled

Configuration Mode

config

History

3.5.0200

3.6.4000—Added hostname as option for ip-address, and added note

Example

switch (config) # ntp peer 10.10.10.10 keyID 120

Related Commands

Notes

  • IP addresses must be in IPv4 format (e.g., '192.168.0.1') or IPv6 format with scope zone ID for IPv6 link-local addresses (e.g., '2001:db8:701f::8f9' or 'fe80::21c:23f:ec1:4fb%7'.)

  • The length of a hostname is limited to 255 characters. Each label (node delimited by a dot in the hostname) is limited to 63 characters and may contain letters, numbers and hyphens ('-'), but may not begin with a hyphen.


ntp peer version

ntp peer <ip-address> version <ver-num>

no ntp peer <ip-address> version <ver-num>

Specifies the NTP version number of this peer.

The no form of the command defaults NTP to version 4.

Syntax Description

ip-address

IP address of the peer.IPv4, IPv6 and hostname (FQDN) are acceptable.

ver-num

NTP version.

Possible values: 3 or 4

Default

4

Configuration Mode

config

History

3.5.0200

3.6.4000—Added hostname as option for ip-address, and added note

Example

switch (config) # ntp peer 10.10.10.10 version 4

Related Commands

Notes

  • IP addresses must be in IPv4 format (e.g., '192.168.0.1') or IPv6 format with scope zone ID for IPv6 link-local addresses (e.g., '2001:db8:701f::8f9' or 'fe80::21c:23f:ec1:4fb%7')

  • The length of a hostname is limited to 255 characters. Each label (node delimited by a dot in the hostname) is limited to 63 characters and may contain letters, numbers and hyphens ('-'), but may not begin with a hyphen.


ntp server disable

ntp server <ip-address> disable

no ntp server <ip-address> disable

Temporarily disables this NTP server.

The no form of the command enables this NTP server.

Syntax Description

ip-address

IP address of the peer.IPv4, IPv6 and hostname (FQDN) are acceptable.

Default

Disabled

Configuration Mode

config

History

3.5.5000

3.6.4000—Added hostname as option for ip-address, and added note

Example

switch (config) # ntp server 10.10.10.10 disable

Related Commands

Notes

  • IP addresses must be in IPv4 format (e.g., '192.168.0.1') or IPv6 format with scope zone ID for IPv6 link-local addresses (e.g., '2001:db8:701f::8f9' or 'fe80::21c:23f:ec1:4fb%7'.)

  • The length of a hostname is limited to 255 characters. Each label (node delimited by a dot in the hostname) is limited to 63 characters and may contain letters, numbers and hyphens ('-'), but may not begin with a hyphen.


ntp server keyID

ntp server <ip-address> keyID <key-id>

no ntp server <ip-address> keyID <key-id>

Specifies the KeyID of the NTP server.

The no form of the command removes key ID configuration from the NTP server.

Syntax Description

ip-address

IP address of the peer.IPv4, IPv6 and hostname (FQDN) are acceptable.

key-id

Range: 1-65534

Default

Disabled

Configuration Mode

config

History

3.5.0200

3.6.4000—Added hostname as option for ip-address, and added note

Example

switch (config) # ntp server 10.10.10.10 keyID 120

Related Commands

Notes

  • IP addresses must be in IPv4 format (e.g., '192.168.0.1') or IPv6 format with scope zone ID for IPv6 link-local addresses (e.g., '2001:db8:701f::8f9' or 'fe80::21c:23f:ec1:4fb%7'.)

  • The length of a hostname is limited to 255 characters. Each label (node delimited by a dot in the hostname) is limited to 63 characters and may contain letters, numbers and hyphens ('-'), but may not begin with a hyphen.


ntp server-role disable

ntp server-role disable

no ntp server-role disable

Disables the switch's default ability to function as an NTP server.

The no form of the command restores the switch's ability to function as an NTP server.

Syntax Description

N/A

Default

N/A

Configuration Mode

Configure terminal

History

3.8.2100

Role

Admin

Example

switch (config) # ntp server-role disable

Related Commands

show ntp

Notes

This command is configurable.


ntp server trusted-enable

ntp server <ip-address> trusted-enable

no ntp server <ip-address> trusted-enable

Trusts this NTP server; if authentication is configured this will additionally force all time updates to only use trusted servers.

The no form of the command removes trust from this NTP server.

Syntax Description

ip-address

IP address of the peer.IPv4, IPv6 and hostname (FQDN) are acceptable.

Default

N/A

Configuration Mode

config

History

3.6.2002

3.6.4000—Added hostname as option for ip-address, and added note

Example

switch (config) # ntp server 10.10.10.10 trusted-enable

Related Commands

Notes

  • IP addresses must be in IPv4 format (e.g., '192.168.0.1') or IPv6 format with scope zone ID for IPv6 link-local addresses (e.g., '2001:db8:701f::8f9' or 'fe80::21c:23f:ec1:4fb%7'.)

  • The length of a hostname is limited to 255 characters. Each label (node delimited by a dot in the hostname) is limited to 63 characters and may contain letters, numbers and hyphens ('-'), but may not begin with a hyphen.

  • NTP trusted servers can be used as a mitigation for Sybil attacks which is a vulnerability caused by NTP peers sharing the same NTP key base. This mitigation adds the concept of trusted servers which if enabled in conjunction with NTP authentication ensures that time information will only be obtained from trusted servers.


ntp server version

ntp server <ip-address> version <ver-num>

no ntp server <ip-address> version <ver-num>

Specifies the NTP version number of this server.

The no form of the command defaults NTP to version 4.

Syntax Description

ip-address

IP address of the peer.IPv4, IPv6 and hostname (FQDN) are acceptable.

ver-num

NTP version.

Possible values: 3 or 4

Default

4

Configuration Mode

config

History

3.5.0200

3.6.4000—Added hostname as option for ip-address, and added note

Example

switch (config) # ntp server 10.10.10.10 version 4

Related Commands

Notes

  • IP addresses must be in IPv4 format (e.g., '192.168.0.1') or IPv6 format with scope zone ID for IPv6 link-local addresses (e.g., '2001:db8:701f::8f9' or 'fe80::21c:23f:ec1:4fb%7')

  • The length of a hostname is limited to 255 characters. Each label (node delimited by a dot in the hostname) is limited to 63 characters and may contain letters, numbers and hyphens ('-'), but may not begin with a hyphen


ntp trusted-key

ntp trusted-key <key(s)>

no ntp trusted-key <key(s)>

Adds one or more keys to the trusted key list.

The no form of the command removes keys from the trusted key list.

Syntax Description

key(s)

Range: 1-65534

Default

Disabled

Configuration Mode

config

History

3.5.0200

Example

switch (config) # ntp trusted-key 1,3,5

switch (config) # ntp trusted-key 1-5

Related Commands

Notes

Keys may be separated with commas without any space, or they may be set as a range using a hyphen.


show clock

show clock

Displays the current system time, date and time zone.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History

3.1.0000

3.6.6000—Updated example

Example

switch (config) # show clock

Time: 02:48:41

Date: 2018/1/1

Time zone: UTC (Etc/UTC)

UTC offset: same as UTC

Related Commands

Notes


show ntp

show ntp

Displays the current NTP settings.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History

3.1.0000

3.5.0200—Updated example

3.6.6000—Updated example

3.9.2000—Updated example

Example

switch (config)# show ntp

NTP is administratively            : enabled

VRF name : mgmt

NTP Authentication administratively: disabled

NTP server role : enabled

Clock is synchronized:

Reference: 10.7.7.134

Offset : -0.038 ms

Active servers and peers:

10.7.7.134:

Conf Type : serv

Status : sys.peer(*)

Stratum : 3

Offset(msec) : -0.038

Ref clock : 192.14.55.225

Poll Interval (sec): 128

Last Response (sec): 101

Auth state : none

Related Commands

Notes


show ntp configured

show ntp configured

Displays NTP configuration.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History

3.1.0000

3.6.6102—Updated example

Example

switch (config) # show ntp configured

NTP enabled: yes

NTP Authentication enabled: no

NTP peer 0.us.pool.ntp.org # Hostname peer configuration

Resolved as: 45.79.111.114

Enabled: yes

NTP version: 4

Key ID: none

NTP peer 2.3.1.3 # IP peer configuration

Enabled: yes

NTP version: 4

Key ID: none

NTP server vnc23 # Hostname server configuration

Resolved as: 10.7.2.23

Enabled: yes

NTP version: 4

Key ID: none

Trusted: no

NTP server 1.2.3.4 # IP server configuration

Enabled: yes

NTP version: 4

Key ID: none

Trusted: no

NTP server idontexist (DNS resolution failed. Reset or reconfigure NTP to try again)

Enabled: yes

NTP version: 4

Key ID: none

Trusted: no

Related Commands

Notes


show ntp keys

show ntp configured

Displays NTP keys.

Syntax Description

N/A

Default

N/A

Configuration Mode

Any command mode

History

3.5.0200

Example

switch (config) # show ntp keys

NTP Key 1

Trusted: yes

Encryption Type: MD5

NTP Key 2

Trusted: yes

Encryption Type: MD5

NTP Key 3

Trusted: yes

Encryption Type: MD5

NTP Key 4

Trusted: yes

Encryption Type: md5

Related Commands

Notes


© Copyright 2024, NVIDIA. Last updated on Mar 27, 2024.