NTP uses unicast client mode to enable time servers and NTP clients to communicate in the synchronization subnet. The switch supports only unicast client mode.
After you configure a set of remote time servers (peers), NTP creates a list that includes each time server IP address. If you configure the server address using a fully qualified domain name (FQDN), the switch resolves the FQDN to the IP address. The NTP client uses this list to determine the remote time servers to query for time information.
Note
Using FQDNs requires a DNS configuration for address resolution. If you add a new DNS server or change the operational state of a DNS server, NTP also restarts. For more information about how to configure DNS on the switch, see Domain Name Service.
After the NTP client queries the remote time servers, the servers respond with various timestamps, along with information about their clocks, such as stratum, precision, and time reference. The NTP client reviews the list of responses from all available servers and chooses one as the best available time source from which to synchronize its internal clock.
The following figure shows how NTP time servers operate in unicast mode.
The switch can operate as both an NTPv4 client and an NTPv4 server. You can configure the NTPv4 server by enabling the master mode. When the master mode is configured, peers can synchronize themselves with the local clock when the NTPv4 server loses synchronization or if an external NTPv4 source is not reachable. For information about configuring NTPv4 server master mode, see Configure NTP Master Mode and Configure NTP Globally.
The switch offers the restrict capability on the NTPv4 server. When the NTPv4 server master mode is disabled, the restrict capabilities are disabled by default. All addresses or networks except for those configured as servers are ignored. For addresses configured as servers, traffic is allowed but there are some default restriction values.
When the NTPv4 server master mode is enabled, there are no restrict rules configured, which means all connections are allowed or there are one or multiple rules configured and only those addresses or networks with the configured rules are allowed. For more information about creating NTP restrict entries, see Create NTP Restrict Entries.