Controller Based WLANs

How to configure the Aruba Mobility Controller to use a Network Time Protocol (NTP) ?

Time is inherently important to the function of networking devices, It provides the only frame of reference between all devices on the network. This makes synchronized time extremely important. Without proper time synchronization between your Aruba Gears and network servers , you may not only have trouble with correlating log files, but inaccurate time may also affect your ability to perform accounting, fault analysis, network management, and even time-based AAA authentication and authorization.

You can set the clock on a controller manually or by configuring the controller to use a Network Time Protocol (NTP).

 

Aruba Controllers supports network Time Protocol (NTP), a protocol designed to synchronize the clocks of Devices over a network. NTP Version 3 is a standard  formalized in RFC 1305 that uses the User Datagram Protocol (UDP) and port 123.

Aruba Controller can be configured as NTP client  to let its clock be set and synchronized by an external NTP timeserver.

 

 

Environment : This article applies to all Aruba Mobility Controllers.

 

Configure the controller to set its system clock using NTP by configuring one or more NTP

In the WebUI

1. Navigate to the Configuration > Management > Clock page.
2. Under NTP Servers, click Add.
3. Enter the IP address of the NTP server.
4. Select (check) the iburst mode, if desired.
5. Click Add.
6. 
Under Time Zone, enter the name of the time zone and the offset from Greenwich Mean Time (GMT).
7. Click Apply.

 

rtaImage.png

 

 

rtaImage (1).png

 

In the CLI

ntp server ipaddr [iburst]

For each NTP server, you can optionally specify the NTP iburst mode for faster clock synchronization. 
 

To set the time zone and daylight savings time adjustment, enter the following commands in configure mode:
clock timezone <WORD> <-23 - 23>


Note :-   Make sure your controller's timezone is set to something sensible

NTP Authentication

Most users of NTP do not need authentication as the protocol contains several filters against bad time. However, there is still authentication, and its use seems to become more common. Some reasons might be:

  • You only want to use time from trusted sources

  • An attacker may broadcast wrong time stamps

  • An attacker disguise as another time server

The Network Time Protocol adds security to an NTP client by authenticating the server before synchronizing thelocal clock. NTP authentication works by using a symmetric key which is configured by the user. The secret key is shared by both the controller and an external NTP server. This helps identify secure servers from fraudulent servers. Trusted Keys are additional subset of keys which are trusted and can be used for NTP authentication.

In the WebUI

1. Navigate to the Configuration > Management > Clock page.
2. Under NTP Authentication, make sure Enable is selected.
3. Under NTP Servers, enter the NTP server IP address in the NTP Server Address field.
4. Under NTP Identification Keys, enter an identification key (a number between 1 and 65535)in the Identification Key field. Then add a secret string in the Md5 Secret field. The Md5 ID key must be an ASCII string up to 31 characters.
5. Click Add.
6. The identification key along with its corresponding Md5 secret string display in the NTP Identification Keys section.
7. Under NTP Trusted Keys, enter a string in the Trusted Key field. This is a subset of key which are trusted. The trusted key value must be numeric characters between 1 to 65535.
8. Click Apply.

rtaImage (2).png

In the CLI

This example enables NTP authentication, add authentication secret keys into the database, and specifies a subset
of keys which are trusted. It also enables the iburst option.
(host) (config) #ntp authenticate
(host) (config) #ntp authentication-key <key-id> md5 <key-secret>
(host) (config) #ntp trusted-key <key-id>
(host) (config) #ntp <server IP> iburst key <key-id>

The following show commands can be used to verify NTP configurations

(host) #show running-config | include clock
Building Configuration...
clock summer-time CDT recurring 2 sunday march 02:00 first sunday november 02:00 5

clock timezone CST -6


(host) #show ntp servers
        remote               local              st          poll        reach         delay            offset         disp
=======================================================================
   =10.4.0.21         10.6.2.253        16        1024          0             0.00000    0.000000   0.00000
   *10.1.1.250        10.6.2.253          2         1024          377        0.00081   -0.010376   0.03040


(host) (config) #show ntp servers brief
server 1.1.1.1 key 1234
server 10.1.1.245 iburst key 12345


(host)#show ntp status

system uptime: 7594
time since reset: 7594
bad stratum in packet: 0
old version packets: 113
new version packets: 0
unknown version number: 0
bad packet format: 0
packets processed: 110
bad authentication: 0
packets rejected: 0
system peer: 10.1.1.250
system peer mode: client
leap indicator: 00
stratum: 3
precision: -18
root distance: 0.03236 s
root dispersion: 0.06728 s
reference ID: [10.1.1.250]
reference time: cd45b701.bcbc05d5 Tue, Feb 17 2009 14:21:53.737
system flags: auth monitor ntp kernel stats
jitter: 0.005020 s
stability: 0.866 ppm
broadcastdelay: 0.003998 s
authdelay: 0.000000 s

#show ntp authentication-keys
#show ntp trusted-keys

 

  • Make sure that the time zone configuration of your controller is correct. ntpd itself does not do anything about the time zones,
  • Make sure NTP server is reachable ,

 

  • Analyze the Following show command with the help of the Aruba Teach-Support

 

(Aruba) (config) #show ipc statistics app-name ntp

 


Wed Sep  4 04:31:17 2013

Local Statistics
To application            Tx Msg   Tx Blk   Tx Ret   Tx Fail   Rx Ack   Rx Msg  Rx Drop   Rx Err   Tx Ack
AMAPI Web Client         0            0            0            0              0           150            0             0          150
Layer2/3                         1             0            0            0              0             1              0              0           0
AMAPI CLI Client           0            0            0            0              0             23            0              0          22
Configuration Man        9            8            2            0              9             35            0               0         32

Kernel PAPI Statistics
RxSockbufSize   RxSockbufHimark    CurRxQLen     MaxRxQLen    Drops
2097152                            0                              0                       0                  0

Allocated Buffers   0
Static Buffers      1

 

Static Buffer Size  1024
 

 

  • Restart the ntpd process if needed.

  • Verify the shared identification Key and md5 secret.

 

Version History
Revision #:
1 of 1
Last update:
‎07-18-2014 10:11 AM
Updated by:
 
Labels (1)
Contributors
Comments

Can Aruba controller act as a NTP server?

Search Airheads
Showing results for 
Search instead for 
Did you mean: 
Is this a frequent problem?

Request an official Aruba knowledge base article to be written by our experts.