Reliable time synchronization is critical for both the security and effective management of the Wi-SUN network, as many core protocols (like CSMP) and secure authentication methods rely on accurate system clocks. The NTP service is enabled by default on the XBee Hive for Wi-SUN device. By default, the Wi-SUN firewall zone is included in the list of firewall zones allowed to access the XBee Hive for Wi-SUN device’s network time protocol (NTP) service. Unless specifically disabled, your device will automatically provide NTP services to eligible downstream devices on the Wi-SUN network.

Required configuration items

  • Enable the NTP service.

  • Configure at least one upstream NTP server for synchronization.

    • Default server: time.devicecloud.com (Digi NTP server).

Additional configuration options

  • Additional upstream NTP servers.

  • Access Control List to limit downstream access to the XBee Hive for Wi-SUN device’s NTP service.

  • Set the time zone (if default UTC is not suitable).

Configuration methods

You can configure the XBee Hive for Wi-SUN device’s NTP service via either the Web UI or command line interface.

  1. Log in to Digi Remote Manager or the local Web UI as a user with full Admin access rights.

  2. Access the device configuration:

    Method Steps

    Remote Manager

    1. Locate your device.

    2. Select the Device ID.

    3. Select Settings.

    4. Select to expand Config.

    Local Web UI

    Select Services > NTP.

  3. Enable the XBee Hive for Wi-SUN device’s NTP service by selecting Enable.

  4. (Optional) Configure the Access Control List (ACL) to limit downstream access.

    1. To limit access to specified IPv4 addresses/networks:

      1. Select IPv4 Addresses.

      2. For Add Address, select the Add (+) icon.

      3. Enter the IPv4 address or network (e.g., 192.168.1.0/24, or any for unrestricted access).

      4. Select Add again to include additional addresses.

    2. To limit access to specified IPv6 addresses/networks:

      1. Select IPv6 Addresses.

      2. Add addresses/networks (e.g., 2001:db8::/48, or any).

    3. To limit access by interface:

      1. Select Interfaces.

      2. For Add Interface, select the Add (+) icon.

      3. Select the interface from the dropdown.

    4. To limit access by firewall zone:

      1. Select Zones (default zones: Internal, Edge, IPsec, Wi-SUN).

      2. Add zones as necessary from the dropdown.

  5. (Optional) Enable Fall back to local clock to allow the device’s local system clock as a backup time source.

  6. (Optional) Add or modify upstream NTP servers:

    1. Default: time.devicecloud.com

    2. To change:

      1. Select NTP Servers.

      2. Modify server name(s) as needed.

      3. Select Add (+) to include more servers.

      4. The program tries to connect servers in order to the NTP service until a connection is successful.

  7. (Optional) Set the system time zone (default is UTC).

  8. Select Apply to save and apply the configuration.

The list of NTP servers is synced with the NTP client config. Changes will be reflected in both.

  1. Select the device in Remote Manager and Actions > Open Console, or log in locally as an Admin.

  2. Enter Admin CLI (type admin if prompted).

  3. Enter configuration mode:

    > config
(config)>

  4. Enable NTP service:

    (config)> service ntp enable true
(config)>

  5. (Optional) Manage upstream NTP servers:

    1. Delete default server:

      (config)> del service ntp server 0

    2. Add a new server at the beginning:

      (config)> add service ntp server 0 time.server.com

    3. Add a new server at the end:

      (config)> add service ntp server end time.server.com

    4. Add at a specific position:

      (config)> add service ntp server 1 time.server.com

  6. (Optional) Allow fallback to local clock:

    (config)> service ntp local true
(config)>

  7. (Optional) Configure Access Control List:

    1. Restrict by IPv4 address/network:

      (config)> add service ntp acl address end value

      • Where value is an IP, host name, CIDR, or any. Repeat to add more.

    2. Restrict by IPv6 address/network:

      (config)> add service ntp acl address6 end value

      • Where value is an IP, host name, CIDR, or any. Repeat to add more.

    3. Restrict by interface:

      (config)> add service ntp acl interface end interface_name

    4. Restrict by firewall zone:

      (config)> add service ntp acl zone end zone_name

      • Where zone_name is a firewall zone or any.

  8. (Optional) Set the timezone for your location. Default: UTC.

  9. Save the configuration:

    (config)> save
Configuration saved.
>

  10. Type exit to leave Admin CLI. If prompted, type quit to disconnect.