Huawei SmartAX MA5616 Configuration Manual page 87

SmartAX MA5616 Multi-service Access Module
Configuration Guide
Precaution
1.
2.
Procedure
Step 1 Add a VLAN L3 interface.
1.
2.
3.
4.
Step 2 Run the ntp-service unicast-server command to configure the NTP unicast server mode, and
specify the IP address of the remote server that functions as the local timer server and the interface
for transmitting and receiving NTP packets.
l In this command, ip-address is a unicast address, which cannot be a broadcast address, a multicast address,
l After the source interface of the NTP packets is specified by source-interface, the source IP address of the
l A server can function as a time server to synchronize other devices only after its clock is synchronized.
l When the clock stratum of the server is higher than or equal to that of the client, the client does not
l You can run the ntp-service unicast-server command for multiple times to configure multiple servers.
Step 3 (Optional) Configure the ACL rules.
Filter the packets that pass through the L3 interface. Only the IP packet from the clock server is
allowed to access the L3 interface. Other unauthorized packets are not allowed to access the L3
interface. It is recommended to use the ACL rules for the system that has high requirements on
security.
1.
2.
3.
----End
Example
Assume the following configurations: The IP address of the NTP server is 10.20.20.20/24,
MA5616 (IP address of the L3 interface of VLAN 2: 10.10.10.10/24 and gateway IP address:
10.10.10.1) functions as the NTP client, the NTP client sends the clock synchronization request
Issue 04 (2011-10-30)
In the client/server mode, you need to configure only the client, and need not configure the
server.
The clock stratum of the synchronizing device must be lower than or equal to that of the
synchronized device. Otherwise, the clock synchronization fails.
Run the vlan command to create a VLAN.
Run the port vlan command to add an upstream port to the VLAN so that the user packets
carrying the VLAN tag are transmitted upstream through the upstream port.
In the global config mode, run the interface vlanif command to create a VLAN interface,
and then enter the VLAN interface mode to configure the L3 interface.
Run the ip address command to configure the IP address and subnet mask of the VLAN
interface so that the IP packets in the VLAN can participate in the L3 forwarding.
NOTE
or the IP address of a local clock.
NTP packets is configured as the primary IP address of the specified interface.
synchronize with the server.
Then, the client selects the best server according to clock priorities.
Run the acl adv-acl-numbe command to create an ACL.
Run the rule command to classify traffic according to the source IP address, destination IP
address, type of the protocol over IP, and features or protocol of the packet, allowing or
forbidding the data packets that meet related conditions to pass.
Run the packet-filter command to configure an ACL filtering rule for a specified port, and
make the configuration take effect.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 Basic Configuration
76