Debugging NTP packets on the firewall

3

Debug firewall NTP packets as follows:
Before enabling the debugging function, you must run the terminal monitor and terminal debugging commands in the user view to enable the information display and debugging information display functions of the terminal.
Note:
Enabling the debugging function affects the system performance. After debugging, run the undo debugging all command to disable the debugging function immediately.
Run the debugging ntp-service { access | adjustment | all | authentication | event | filter | packet [ ipv6 ] [ send | receive ] | parameter | refclock | selection | synchronization | validity } command to enable NTP debugging.

Other related questions:
Method used to debug the license on firewalls
The license debugging on firewalls is as follows: Before enabling the debugging function, you must run the terminal monitor and terminal debugging commands in the user view to enable the information display and debugging information display functions of the terminal. Note: Enabling the debugging function affects the system performance. After debugging, run the undo debugging all command to disable the debugging function immediately. You can run the debugging license command to debug the device license.

How to check ICMP packets on S series switches
You can check ICMP packets on S series switches (excluding the S1700) using the following method:
Ensure that at least one ICMP packet passes or arrives at the switch. Then enable the debugging of ICMP packets in the user view:
 <HUAWEI> terminal debugging
 <HUAWEI> terminal monitor
 <HUAWEI> debugging ip icmp

Disabling the NTP service on the firewall
Disable the NTP service on the firewall as follows: 1. Run the system-view command to enter the system view. 2. Run the following commands to disable the NTP service. a. Run the ntp-service [ ipv6 ] disable command to disable the NTP service. By default, the NTP function is enabled. b. Run the ntp-service [ ipv6 ] server disable command to disable the function that the FW serves as the NTP server. By default, the NTP server function is enabled.

Displaying the NTP configuration information on the firewall
Check the NTP configuration information of the firewall as follows: -Run the display ntp-service status command to view the NTP service status. -Run the display ntp-service sessions [ verbose ] command to view the NTP session status. -Run the display ntp-service trace command to view brief information traced from the local device to the NTP servers of the reference clock source. -Run the display ntp-service statistics packet [ ipv6 | peer [ ip-address [ vpn-instance vpn-instance-name ] | ipv6 [ ipv6-address [ vpn-instance vpn-instance-name ] ] ] command to view the global NTP packet statistics. -Run the display current-configuration | include ntp-service command to view configuration parameters currently valid to the KOD feature on the firewall.

What is the meaning of PACKET_LENGTH_WRON in the NTP log of the AR router
NTP/4/PACKET_LENGTH_WRON G(l)[500]:The received NTP packet is longer than or shorter than a valid packet. This log is generated when the AR receives NTP packets in which the packet length is not in the range of 32 to 68. If this log does not need to be displayed, run the info-center filter-id bymodule-alias CFM CFM_LOG command in the system view.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top