How to Really Set Up NTP on HP ProCurve / Aruba Switches – HP Networking Series Part 7

This is a short guide on how to set up NTP time synchronisation properly on HP ProCurve / Aruba network devices. Astute readers of this blog might remember that I covered this topic back in 2015, and you’d be right, I did, it was even called the same thing. However, back then in firmware v.15, HP ProCurve devices only supported SNTP, not proper NTP. But now, when we have v.16, native NTP support is finally available. I’ll be covering NTP settings in this guide, as well as some of the niftier things that aren’t in the manuals but still are really handy. NTP time synchronisation allows you to maintain correct time across your network, which is very important for troubleshooting when comparing logs between two switches for example.

Write the old config to memory

Start by issuing the command write memory before you do anything, that way you can boot the switch to recover your previous settings if you mess something up.
If you’re doing this over Telnet/SSH and the switch is miles away, you might want to consider using the reload command as well to tell the switch to reboot after a couple of hours if you loose access to it, see my article on how to do this.

Configuring General Time Settings

First, we need to configure stuff like time zone and DST (Day-Light Savings Time) rules.
Enter config mode by typing configure
SW1# configure
SW1(config)#

Now we’ll set the DST rule:
Type “time day” and hit tab to autocomplete. Hit tab again to show you the available options.

SW1(config)# time daylight-time-rule
none
alaska
continental-us-and-canada
middle-europe-and-portugal
southern-hemisphere
western-europe
user-defined

Write the beginning of the option you want, hit tab again, and hit enter. I’ll use “western-europe” here in Finland.
SW1(config)# time daylight-time-rule western-europe
Then, we’ll set the time zone with the following command:
SW1(config)# time timezone 120
This sets the normal (non-DST) time to GMT+2, so after timezone, type you GMT offset in minutes.

Configuring SNTP Time Synchronisation

First, we’ll set the timesync setting to ntp
SW1(config)# timesync ntp
That’ll set the time synchronisation to NTP, so now that we’ve got that sorted, let’s move on to configuring NTP with the ntp command.

First, we’ll configure the servers. NTP finally does away with the priority malarkey that SNTP had, so all we have to do is issue the ntp server command for every server we want to add

SW1(config)# ntp server 192.168.0.10 iburst
SW1(config)# ntp server 192.168.0.20 iburst
SW1(config)# ntp server 192.168.0.30 iburst

The above will work on any switch running firmware major version 16, however, if your switch is running 16.05.xxxx or newer, the servers can be set using DNS as well, provided you add the appropriate DNS settings

SW1(config)# ip dns server-address priority 1 8.8.8.8
SW1(config)# ip dns server-address priority 2 8.8.4.4
SW1(config)# ntp server-name 0.pool.ntp.org iburst
SW1(config)# ntp server-name 1.pool.ntp.org iburst
SW1(config)# ntp server-name 2.pool.ntp.org iburst

As you can see, I’ve added the DNS servers (only 2 are allowed), in this case Googles DNS servers, and then I’ve added the NTP pool domain names. This is rather handy, as the NTP Pool always gives you NTP servers close to you, and the only (correct) way to use the pool is to configure your devices with the domain names instead of the IPs of the servers (as somebody might want to leave the pool some day).

Remember to be careful with the burst options, iburst is usually fine, even to public NTP servers, but burst should only be used against servers that you operate, and even then it’s completely unnecessary. iburst basically let’s the NTP client send more requests at startup to speed up the initial synchronisation process, while burst just sends an awful lot of NTP requests which results in your public IPs getting blacklisted.

Then, we’ll set the NTP mode to unicast:
SW1(config)# ntp unicast
After that, we can enable NTP

SW1(config)# ntp enable

Check your settings

Check your settings so that they actually worked:

SW1(config)# show time Thu Aug 23 23:58:15 2018
SW1(config)# show ntp status


NTP Status Information

NTP Status : Enabled NTP Mode : Unicast
Synchronization Status : Synchronized Peer Dispersion : 0.00000 sec
Stratum Number : 2 Leap Direction : 0
Reference Assoc ID : 0 Clock Offset : 0.00100 sec
Reference ID : 192.168.53.40 Root Delay : 0.00254 sec
Precision : 2**-18 Root Dispersion : 0.03645 sec
NTP Up Time : 0d 0h 6m Time Resolution : 960 nsec
Drift : 0.00001 sec/sec

System Time : Thu Aug 23 23:58:43 2018
Reference Time : Thu Aug 23 23:58:36 2018
SW1(config)# show ntp servers

NTP Server Information

Server Name Resolved Address Server Status
-------------------- -------------------- ---------------------------------
0.pool.ntp.org 192.168.0.10 Success: NTP server active

1.pool.ntp.org 192.168.0.20 Success: NTP server active

2.pool.ntp.org 192.168.0.30 Success: NTP server active

SW1(config)#

If the time is still wrong, or show ntp status still shows Not Synchronised, you might want to give it a few minutes, and if it still doesn’t work, check your settings.

Write the new config to memory

Remember to issue the command “write memory” to push your new settings to memory when you’ve verified that everything works.

A couple of tips;

Some NTP servers might require authentication, and you can set all that with the ntp command.

This post is part of a new series called Network Friday, where I explain a new networking concept some Fridays and tell you have to configure it on (mostly) HP/Aruba hardware. The series will mostly focus on the configuration side, as I feel there are lots of resources out there that do a fine job of explaining complex concepts, but very few that show you how to do it on your specific hardware. This series aims to address this somewhat, at least on the HP/Aruba side of the fence.

Advertisements


Categories: Networks, Tech

Tags: , , , , , , , , , , , , , , ,

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: