在无线局域网控制器配置示例的NTP
Contents
Introduction
本文解释如何配置无线局域网控制器(WLCs)同步的日期和时间与网络时间协议(NTP)服务器。
Prerequisites
Requirements
尝试进行此配置之前,请确保满足以下要求:
-
Cisco WLCs的配置的基础知识。
-
NTP基础知识。
Components Used
本文档中的信息基于以下软件和硬件版本:
-
Cisco WLC运行软件版本8.8.110.0的3504。
-
运行Cisco IOS软件版本15.2(6)E2的Cisco Catalyst 3560-CX系列L3交换机。
The information in this document was created from the devices in a specific lab environment.
All of the devices used in this document started with a cleared (default) configuration.If your network is live, make sure that you understand the potential impact of any command.
管理系统日期和时间在无线局域网控制器
在WLC,可以手工配置从WLC或配置系统日期和时间得到日期和时间从Ntp server。
使用CLI配置向导或WLC GUI/CLI,系统日期和时间可以手工被配置。
本文为同步WLC系统日期和时间提供配置示例通过Ntp server。
网络时间协议(NTP)是时钟同步的一个网络协议在可变潜伏期同步计算机时钟的数据网的计算机系统之间一些时间参考。 关于NTPv3和NTPv4实施的RFC 1305和RFC 5905提供详细信息,分别。
NTP网络从一授权时间源通常接受其时间,例如一个无线时钟或原子时钟附加时间服务器。NTP 然后在整个网络中分配此时间。
NTP客户机做处理用其在轮询间隔的服务器,根据在Ntp server和客户端之间的网络状况随着时间的推移动态地更改。
NTP使用层的概念描述多少次NTP跳跃机器是从一授权时间源。例如, stratum1时间服务器有无线电或原子时钟直接地附有它。它然后发送其时间到层2时间服务器通过NTP,等等。
关于NTP配置的最佳实践的更多信息,请参考toNetwork时间协议:最佳实践白皮书。
在本文的示例使用一台Cisco Catalyst 3560-CX系列L3交换机作为Ntp server。配置WLC与此Ntp server同步其日期和时间。
Configure
Network Diagram
WLC----3560-CX L3交换机----Ntp server
配置
配置L3请交换作为授权Ntp server
请使用此in命令全局配置模式,如果希望系统是一授权Ntp server,即使系统没有同步对一外部时间源:
#ntp master !--- Makes the system an authoritative NTP server
配置NTP认证
如果要用于安全性目的验证与其他系统的关联,请使用跟随的命令。第一条命令enable (event) NTP认证功能。第二条命令定义了其中每一认证密钥。每个键有一密钥号码、一种类和值。目前,支持的唯一的关键类型是md5。第三, “委托的”认证密钥列表被定义。如果键委托,此系统准备同步到在其NTP信息包使用此键的系统。为了配置NTP认证,请使用这些in命令全局配置模式:
#ntp authenticate !--- Enables the NTP authentication feature #ntp authentication-key number md5 value !--- Defines the authentication keys #ntp trusted-key key-number !--- Defines trusted authentication keys
这是在3560-CX L3交换机的一种示例Ntp server配置。交换机是Ntp master,意味着路由器作为授权Ntp server,但是本身从另一Ntp server “pool.ntp.org”得到时间。
(config)#ntp authentication-key 1 md5 1511021F0725 7
(config)#ntp authenticate
(config)#ntp trusted-key 1
(config)#ntp master
(config)#ntp server pool.ntp.org
配置Ntp server的WLC
从版本8.6开始我们能enable (event) NTPv4。我们能也配置在控制器和Ntp server之间的一条认证信道。
使用控制器GUI,为了配置NTP认证,请执行这些步骤:
-
ChooseController > NTP >键。
-
ClickNewto创建一个键。
-
输入主索引在theKey Indextext机箱。
-
选择关键校验和(MD5或SHA1)和theKey Formatdrop-down列表。
-
输入键在theKeytext机箱:
-
ChooseController > NTP > Serversto打开NTP服务器页。挑选版本3或4 clickNewto然后添加一Ntp server。TheNTP服务器>New pageappears。
- 选择服务器索引(优先级)。
-
输入Ntp server IP地址在theServer IP Addresstext机箱。
-
Enable (event) Ntp server认证通过选择Ntp server认证复选框和选择早先配置的主索引。
-
ClickApply。
使用控制器CLI,为了配置NTP认证, followe此命令树:
>config time ntp version 4
>config time ntp key-auth add 1 md5 ascii cisco
>config time ntp server 1 192.168.100.254
>config time ntp auth enable 1 1
Verify
在Ntp server
#show ntp status
Clock is synchronized, stratum 3, reference is 193.136.152.72
nominal freq is 286.1023 Hz, actual freq is 286.0901 Hz, precision is 2**21
ntp uptime is 6591900 (1/100 of seconds), resolution is 3496
reference time is E007C909.80902653 (09:23:21.502 UTC Fri Feb 8 2019)
clock offset is 0.3406 msec, root delay is 59.97 msec
root dispersion is 25.98 msec, peer dispersion is 1.47 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000042509 s/s
system poll interval is 128, last update was 7 sec ago.
#show ntp associations
address ref clock st when poll reach delay offset disp
*~193.136.152.72 138.96.64.10 2 20 1024 17 13.634 0.024 1.626
~127.127.1.1 .LOCL. 7 9 16 377 0.000 0.000 0.232
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
#show ntp information
Ntp Software Name : Cisco-ntpv4
Ntp Software Version : Cisco-ntpv4-1.0
Ntp Software Vendor : CISCO
Ntp System Type : Cisco IOS / APM86XXX
在WLC
在GUI中
在通信的建立期间:
在已建立连接以后:
在WLC CLI中
(Cisco Controller) >show time
Time............................................. Fri Feb 8 10:14:47 2019
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Version.................................. 4
Index NTP Key NTP Server NTP Key Polling Intervals
Index Type Max Min
-----------------------------------------------------------
1 1 192.168.100.254 MD5 10 6
NTPQ status list of NTP associations
assoc
ind assid status conf reach auth condition last_event cnt src_addr
===============================================================================
1 1385 f63a yes yes ok sys.peer sys_peer 3 192.168.100.254
(Cisco Controller) >
Troubleshoot
在运行Cisco IOS的NTP服务器端我们能使用“调试ntp所有enable (event)” :
#debug ntp all
NTP events debugging is on
NTP core messages debugging is on
NTP clock adjustments debugging is on
NTP reference clocks debugging is on
NTP packets debugging is on
#
(communication between SW and NTP server pool.ntp.org)
Feb 8 09:52:30.563: NTP message sent to 195.22.17.7, from interface 'Vlan1' (192.168.1.81).
Feb 8 09:52:30.577: NTP message received from 195.22.17.7 on interface 'Vlan1' (192.168.1.81).
Feb 8 09:52:30.577: NTP Core(DEBUG): ntp_receive: message received
Feb 8 09:52:30.577: NTP Core(DEBUG): ntp_receive: peer is 0x0D284B34, next action is 1.
(communication between SW and WLC)
Feb 8 09:53:10.421: NTP message received from 192.168.100.253 on interface 'Vlan100' (192.168.100.254).
Feb 8 09:53:10.421: NTP Core(DEBUG): ntp_receive: message received
Feb 8 09:53:10.421: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
Feb 8 09:53:10.421: NTP message sent to 192.168.100.253, from interface 'Vlan100' (192.168.100.254).
(communication between SW and NTP server pool.ntp.org)
Feb 8 09:53:37.566: NTP message sent to 195.22.17.7, from interface 'Vlan1' (192.168.1.81).
Feb 8 09:53:37.580: NTP message received from 195.22.17.7 on interface 'Vlan1' (192.168.1.81).
Feb 8 09:53:37.580: NTP Core(DEBUG): ntp_receive: message received
Feb 8 09:53:37.580: NTP Core(DEBUG): ntp_receive: peer is 0x0D284B34, next action is 1.
(communication between SW and WLC)
Feb 8 09:54:17.421: NTP message received from 192.168.100.253 on interface 'Vlan100' (192.168.100.254).
Feb 8 09:54:17.421: NTP Core(DEBUG): ntp_receive: message received
Feb 8 09:54:17.421: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
Feb 8 09:54:17.421: NTP message sent to 192.168.100.253, from interface 'Vlan100' (192.168.100.254).
在WLC边:
>debug ntp ?
detail Configures debug of detailed NTP messages.
low Configures debug of NTP messages.
packet Configures debug of NTP packets.
(at the time of writting this doc there was a DDTS CSCvo29660on which the debugs of ntpv4 are not printed in the CLI. The below debugs are using NTPv3.)
(Cisco Controller) >debug ntp detail enable
(Cisco Controller) >debug ntp packet enable
(Cisco Controller) >*emWeb: Feb 08 11:26:53.896: ntp Auth key Info = -1
*emWeb: Feb 08 11:26:58.143: ntp Auth key Info = -1
*emWeb: Feb 08 11:26:58.143: ntp Auth key Info = -1
*emWeb: Feb 08 11:26:58.143: Key Id = 1 found at Local Index = 0
*sntpReceiveTask: Feb 08 11:26:58.143: Initiating time sequence
*sntpReceiveTask: Feb 08 11:26:58.143: Fetching time from:192.168.100.254
*sntpReceiveTask: Feb 08 11:26:58.143: Started=3758614018.143350 2019 Feb 08 11:26:58.143
*sntpReceiveTask: Feb 08 11:26:58.143: hostname=192.168.100.254 hostIdx=1 hostNum=0
*sntpReceiveTask: Feb 08 11:26:58.143: Looking for the socket addresses
*sntpReceiveTask: Feb 08 11:26:58.143: NTP Polling cycle: accepts=0, count=5, attempts=1, retriesPerHost=6. Outgoing packet on NTP Server on socket 0:
*sntpReceiveTask: Feb 08 11:26:58.143: sta=0 ver=3 mod=3 str=15 pol=8 dis=0.000000 ref=0.000000
*sntpReceiveTask: Feb 08 11:26:58.143: ori=0.000000 rec=0.000000
*sntpReceiveTask: Feb 08 11:26:58.143: tra=3758614018.143422 cur=3758614018.143422
*sntpReceiveTask: Feb 08 11:26:58.143: Host Supports NTP authentication with Key Id = 1
*sntpReceiveTask: Feb 08 11:26:58.143: NTP Auth Key Id = 1 Key Length = 5
*sntpReceiveTask: Feb 08 11:26:58.143: MD5 Hash and Key Id added in NTP Tx packet
*sntpReceiveTask: Feb 08 11:26:58.143: 00000000: 1b 0f 08 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*sntpReceiveTask: Feb 08 11:26:58.143: 00000010: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
*sntpReceiveTask: Feb 08 11:26:58.143: 00000020: 00 00 00 00 00 00 00 00 e0 07 e6 02 24 b7 50 00 ............$.P.
*sntpReceiveTask: Feb 08 11:26:58.143: 00000030: 00 00 00 01 e4 35 f3 1a 89 f0 93 c5 51 c7 c5 23 .....5......Q..#
*sntpReceiveTask: Feb 08 11:26:58.143: 00000040: 01 dd 67 e0 ..g.
*sntpReceiveTask: Feb 08 11:26:58.143: Flushing outstanding packets
*sntpReceiveTask: Feb 08 11:26:58.143: Flushed 0 packets totalling 0 bytes
*sntpReceiveTask: Feb 08 11:26:58.143: Packet of length 68 sent to ::ffff:192.168.100.254 UDPport=123
*emWeb: Feb 08 11:26:58.143: ntp Auth key Info = 0
*emWeb: Feb 08 11:26:58.143: idx != 0 : ntp key Id = 1 Msg auth Status = 66
*sntpReceiveTask: Feb 08 11:26:58.146: Packet of length 68 received from ::ffff:192.168.100.254 UDPport=123
*sntpReceiveTask: Feb 08 11:26:58.146: Incoming packet on socket 0: has Authentication Enabled
*sntpReceiveTask: Feb 08 11:26:58.146: 00000000: 1c 04 08 eb 00 00 0e a0 00 00 0b 2e c3 16 11 07 ................
*sntpReceiveTask: Feb 08 11:26:58.146: 00000010: e0 07 e5 f8 d3 21 bf 57 e0 07 e6 02 24 b7 50 00 .....!.W....$.P.
*sntpReceiveTask: Feb 08 11:26:58.146: 00000020: e0 07 e6 02 24 e5 e3 b4 e0 07 e6 02 24 f3 c7 5a ....$.......$..Z
*sntpReceiveTask: Feb 08 11:26:58.146: 00000030: 00 00 00 01 32 e4 26 47 33 16 50 bd d1 37 63 b7 ....2.&G3.P..7c.
*sntpReceiveTask: Feb 08 11:26:58.146: KeyId In Recieved NTP Packet 1
*sntpReceiveTask: Feb 08 11:26:58.146: KeyId 1 found in recieved NTP packet exists as part of the trusted Key/s
*sntpReceiveTask: Feb 08 11:26:58.146: The NTP trusted Key Id 1 length = 5
*sntpReceiveTask: Feb 08 11:26:58.146: NTP Message Authentication - SUCCESS
*sntpReceiveTask: Feb 08 11:26:58.146: sta=0 ver=3 mod=4 str=4 pol=8 dis=0.043671 ref=3758614008.824734
*sntpReceiveTask: Feb 08 11:26:58.146: ori=3758614018.143422 rec=3758614018.144133
*sntpReceiveTask: Feb 08 11:26:58.146: Offset=-0.000683+/-0.002787 disp=1.937698
*sntpReceiveTask: Feb 08 11:26:58.146: best=-0.000683+/-0.002787
*sntpReceiveTask: Feb 08 11:26:58.146: accepts=1 rejects=0 flushes=0
*sntpReceiveTask: Feb 08 11:26:58.146: Correction: -0.000683 +/- 0.002787 disp=1.937698
*sntpReceiveTask: Feb 08 11:26:58.146: Setting clock to 2019 Feb 08 11:26:58.145 + 0.001 +/- 1.940 secs
*sntpReceiveTask: Feb 08 11:26:58.146: correction -0.001 +/- 1.938+0.003 secs - ignored
(Cisco Controller) >
反馈