Connect to a SNTP (Time) Server in PTP 650/700

The syslog feature in PTP 650 and PTP 700 creates an accurate record of configuration and status changes and important events. The syslog record can be really useful in tracking down faults, configuration errors or malicious attacks on the infrastructure. For further infomration, see Enable local syslog collection

It important to have accurate timestamps on the syslog entries so that you can correlate the syslog record with other evidence. However, PTP 650 and PTP 700 do not have a non-volatile real-time clock and the system clock has to be set on every reboot. Also, it would be a relatively easy step for an attacker with access to the ODU to reset a manually controlled system clock to distract attention away from the time that the intrusion took place.

A good solution is to set up an external Simple Network Time Protocol (SNTP) server so that the clock in the PTP 650/700 is synchronised automatically. Before you start, you will need the IP address of a suitable SNTP server in your management network.

The SNTP client in PTP 650/700 is enabled in the Time Configuration page like this:

Time Configuration 1.png

Set SNTP State from Disabled to Enabled. The page expands. Enter the IP address of the SNTP server as the SNTP Server Internet Address attribute under SNTP Server 1. Click on the Submit Updated Configuration button. The page should look like this:

After a few seconds, refresh the web page. If the ODU has synchronised with the SNTP server, the SNTP Sync alarm should be green, as it is here:

See the PTP 650 Series User Guide for further details of configuring SNTP, including configuring a back-up server and configuring for time messages authenticated with an MD5 code.

1 Like

We introduced support for authenticated SNTP using the SHA1 algorithm as part of 670-02-65 and 700-02-65. Here's a screenshoot of the updated Time Configuration page:

If you select SHA1 as the protocol, additional controls are revealed to enter Key Identifier and Server Key. The Server Key should be a 40-character hexadecimal number. You probably need to find out the Key Identifier and Server Key from the administrator responsible for the time server.

1 Like