NTP configuration on a Cisco switch: step by step manual with examples

This blog provides information about the following topics:


Most networks today are being designed with high performance and reliability in mind. Delivery of content is, in many cases, guaranteed by service level agreements (SLAs). Having your network display an accurate time is vital to ensuring that you have the best information possible when reading logging messages or troubleshooting issues.

Note

When a local device is configured with the ntp master command, it can be identified by a syntactically correct but invalid IP address. This address will be in the form of 127.127.x.x. The master will synchronize with itself and uses the 127.127.x.x address to identify itself. This address will be displayed with the show ntp associations command and must be permitted via an access list if you are authenticating your NTP servers.

You have two different options in NTP design: flat and hierarchical. In a flat design, all routers are peers to each other. Each router is both a client and a server with every other router. In a hierarchical model, there is a preferred order of routers that are servers and others that act as clients. You use the ntp peer command to determine the hierarchy.

Tip

Do not use the flat model in a large network, because with many NTP servers it can take a long time to synchronize the time.

Note

Although Cisco IOS recognizes three versions of NTP, versions 3 and 4 are most commonly used. Version 4 introduces support for IPv6 and is backward compatible with version 3. NTPv4 also adds DNS support for IPv6.

Note

NTPv4 has increased security support using public key cryptography and X.509 certificates.

Note

NTPv3 uses broadcast messages. NTPv4 uses multicast messages.

You can secure NTP operation using authentication and access lists.

Note

Securing NTP is not part of the CCNA (200-301) exam topics.

Note

NTP does not authenticate clients; it only authenticates the source. That means that a device will respond to unauthenticated requests. Therefore, access lists should be used to limit NTP access.

Note

Once a device is synchronized to an NTP source, it will become an NTP server to any device that requests synchronization.

Note

NTP access group options are scanned from least restrictive to most restrictive in the following order: peer, serve, serve-only, query-only. However, if NTP matches a deny ACL rule in a configured peer, ACL processing stops and does not continue to the next access group option.

Note

It is important to have your routers display the correct time for use with time stamps and other logging features.

If the system is synchronized by a valid outside timing mechanism, such as an NTP server, or if you have a router with a hardware clock, you do not need to set the software clock. Use the software clock if no other time sources are available.

Table 19-1 shows the common acronyms used for setting the time zone on a router.

Table 19-2 lists an alternative method for referring to time zones, in which single letters are used to refer to the time zone difference from UTC. Using this method, the letter Z is used to indicate the zero meridian, equivalent to UTC, and the letter J (Juliet) is used to refer to the local time zone. Using this method, the international date line is between time zones M and Y.

Figure 19-1 shows the network topology for the configuration that follows, which demonstrates how to configure NTP using the commands covered in this post.

Вас заинтересует / Intresting for you:

Configuring a Cisco Router: fi...
Configuring a Cisco Router: fi... 1325 views Валерий Павлюков Sun, 06 Feb 2022, 18:18:52
Cisco Discovery Protocol (CDP)...
Cisco Discovery Protocol (CDP)... 991 views Валерий Павлюков Sat, 05 Feb 2022, 17:35:12
Cisco: Resetting Switch Config...
Cisco: Resetting Switch Config... 1700 views Андрей Волков Mon, 15 Feb 2021, 19:13:09
Cisco Switch Configuration: st...
Cisco Switch Configuration: st... 1911 views Валерий Павлюков Sun, 06 Feb 2022, 16:39:35
Comments (0)
There are no comments posted here yet
Leave your comments
Posting as Guest
×
Suggested Locations