This article provides an example of a basic NTP configuration and also an example of configuring NTP on EX/QFX switches with authentication from an NTP server.
Basic NTP Client Configuration on EX Switches
EX switches are capable of acting as a client to some services such as Network Time Protocol (NTP), and can be configured to fetch system time from the NTP servers that are connected in the network.
The configuration statement used to set the EX switch as a client to the external NTP server is given as follows:
user@switch# set system ntp server 172.17.27.46
user@switch# show system ntp
server 172.17.27.46
The following commands can be used to verify NTP status and association with the external NTP server:
user@switch> show ntp status
status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Thu Feb 14 03:06:23 UTC 2008 (1)",
processor="i386", leap=00, stratum=2,
precision=-20, rootdelay=170.961, rootdispersion=21.583, peer=46724,
refid=172.17.27.46,
reftime=cbc2b0d7.b5d026c0 Wed, Apr 30 2008 10:48:23.710, poll=6,
clock=cbc2b0ef.b402b32b Wed, Apr 30 2008 10:48:47.703, state=4,
offset=18.736, frequency=58.615, jitter=1.425, stability=0.080
user@switch> show ntp associations no-resolve
remote refid st t when poll reach delay offset jitter
==============================================================================
*172.17.27.46 .GPS. 1 u 47 64 17 170.125 0.934 1.228
Configuring NTP with Authentication
The switch works as a client and synchronizes its time from an NTP server. But there are NTP servers, which require client/server authentication before synchronizing the local system.
This is an example configuration of NTP on EX/QFX switches when the NTP server requires client/server authentication.
Topology
NTP Server--------EX/QFX-Switch-1 -----------Switch-2
(129.6.15.12)
In this topology, the EX/QFX Switch-1 will get authenticated from the NTP Server before it synchronizes its local clock. Switch-2 is a LAN switch which will synchronize its local clock with Switch-1 as an NTP client.
Switch-1 Configuration
-
Configure the trusted-key.
set system ntp trusted-key <key number>
-
Configure the external NTP server address.
set system ntp server <server address>
Example: set system ntp server 129.6.15.12
-
Configure the trusted key and define the key number.
Example:set system ntp trusted-key 11196
If the remote system has authentication enabled, then it is must to specify the key number for synchronizing the local system.
-
Configure the authentication key along with the authentication type and map the trusted key.
set system ntp authentication-key <key-number> value <password>
set system ntp authentication-key 11196 value 2b3f6c939cFD7E
set system ntp authentication-key 11196 type md5
Note: Only MD5 hashing is supported on Juniper EX switches.
Validation
user@host> show ntp associations
remote refid st t when poll reach delay offset disp
============================================================================
*129.6.15.12 2 u 43 64 377 1.86 0.319 0.08
Note: * denotes the server, which is synchronizing with the switch.
2020-08-24: Modified article to include information about configuring NTP with authentication; checked article for accuracy