NTP Set up on a Cisco Router
Hi
Has anyone set up a Cisco router to be the primary time source within an organization? Currently our Domain Controller is the primary NTP source. The problem is that the Cisco phones and the wallboards are out of sync by a few seconds. The wallboard is just a desktop by the way so it gets its time from the Domain Controllers. I was hoping to use one of our routers as the main NTP source that the Domain Controllers sync to this way the time should be accurate as the phones and DC's have the same time source.
I checked the Cisco website and it would seem that I need to set up an authentication method first I.E in global config
ntp authenticate
ntp authentication-key number md5 value
ntp trusted-key key-number
Once the authentication is set up it would seem that you need to set up an association I.E a device on the network to sync with (in this case my I want my my DC to get its time from the router then the DC to sync with all other hosts on the network)
The choices are server or peer I think I need the server choice here so that the Domain Controller is the only system that syncs with the router. Does that sound right?
Once I have selected either server or peer then the commands I need are below. I'm assuming the IP address would be that of the domain controller but I was unsure about the other commands below I.E Version number, Key ID and Source interface
ntp server ip-address [version number] [key keyid] [source interface] [prefer]
After the above is done then the setup I believe should be complete. Does this sound about right?????
Sorry for the long post by the way.
Thanks for any help offered
Has anyone set up a Cisco router to be the primary time source within an organization? Currently our Domain Controller is the primary NTP source. The problem is that the Cisco phones and the wallboards are out of sync by a few seconds. The wallboard is just a desktop by the way so it gets its time from the Domain Controllers. I was hoping to use one of our routers as the main NTP source that the Domain Controllers sync to this way the time should be accurate as the phones and DC's have the same time source.
I checked the Cisco website and it would seem that I need to set up an authentication method first I.E in global config
ntp authenticate
ntp authentication-key number md5 value
ntp trusted-key key-number
Once the authentication is set up it would seem that you need to set up an association I.E a device on the network to sync with (in this case my I want my my DC to get its time from the router then the DC to sync with all other hosts on the network)
The choices are server or peer I think I need the server choice here so that the Domain Controller is the only system that syncs with the router. Does that sound right?
Once I have selected either server or peer then the commands I need are below. I'm assuming the IP address would be that of the domain controller but I was unsure about the other commands below I.E Version number, Key ID and Source interface
ntp server ip-address [version number] [key keyid] [source interface] [prefer]
After the above is done then the setup I believe should be complete. Does this sound about right?????
Sorry for the long post by the way.
Thanks for any help offered
Comments
-
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
Hi
Has anyone set up a Cisco router to be the primary time source within an organization? Currently our Domain Controller is the primary NTP source. The problem is that the Cisco phones and the wallboards are out of sync by a few seconds. The wallboard is just a desktop by the way so it gets its time from the Domain Controllers. I was hoping to use one of our routers as the main NTP source that the Domain Controllers sync to this way the time should be accurate as the phones and DC's have the same time source.
I checked the Cisco website and it would seem that I need to set up an authentication method first I.E in global config
ntp authenticate
ntp authentication-key number md5 value
ntp trusted-key key-number
Once the authentication is set up it would seem that you need to set up an association I.E a device on the network to sync with (in this case my I want my my DC to get its time from the router then the DC to sync with all other hosts on the network)
The choices are server or peer I think I need the server choice here so that the Domain Controller is the only system that syncs with the router. Does that sound right?
Once I have selected either server or peer then the commands I need are below. I'm assuming the IP address would be that of the domain controller but I was unsure about the other commands below I.E Version number, Key ID and Source interface
ntp server ip-address [version number] [key keyid] [source interface] [prefer]
After the above is done then the setup I believe should be complete. Does this sound about right?????
Sorry for the long post by the way.
Thanks for any help offered
We have a couple of (very small) networks set up like that. The windows boxes point to the cisco router for NTP and the router points to a public NTP server or our own NTP server. -
broc
Member Posts: 167
It does sounds right but being out of synch by a "few" seconds is probably normal and my guess is setting up a Cisco router as a NTP server is not going to make much of a difference.
Do you have any reason why you want to change it? Does the time difference create some authentication problems?"Not everything that counts can be counted, and not everything that can be counted counts.” -
Bl8ckr0uter
Inactive Imported Users Posts: 5,031 ■■■■■■■■□□
It does sounds right but being out of synch by a "few" seconds is probably normal and my guess is setting up a Cisco router as a NTP server is not going to make much of a difference.
Do you have any reason why you want to change it? Does the time difference create some authentication problems?
Isn't it ok (in theory) as long as they are w/in 5 minutes of each other (for kerebos)? -
tiersten
Member Posts: 4,505
Work in finance and you'll find out that a "few" seconds is pretty important...It does sounds right but being out of synch by a "few" seconds is probably normal and my guess is setting up a Cisco router as a NTP server is not going to make much of a difference.
Do you have any reason why you want to change it? Does the time difference create some authentication problems? -
tiersten
Member Posts: 4,505
If whatever is running CM uses NTP to synchronise then there shouldn't be any difference between the phones and the wallboard within a second anyway. The phones aren't constantly synced and rely on their own local timekeeping during the day but that is usually accurate enough that you won't notice it.
-
broc
Member Posts: 167
knwminus wrote:Isn't it ok (in theory) as long as they are w/in 5 minutes of each other (for kerebos)?
Yep a few seconds is absolutely fine.Work in finance and you'll find out that a "few" seconds is pretty important...
I know which is why I was asking why he wanted to change it!"Not everything that counts can be counted, and not everything that can be counted counts.” -
cjthedj45
Member Posts: 331 ■■■□□□□□□□
Isn't it ok (in theory) as long as they are w/in 5 minutes of each other (for kerebos)?
Thanks guys firstly the reason it needs to be changed is because it is a call center environment and the call center agents are going by the time of the wallboard as opposed to the phones so they are coming back late from breaks. Just to confirm the Wallboard gets it time from the Domain Controller the Domain Controller gets its time from a Internet based Time Server. I'm not to sure how the phones keep there time Im assuming they get it from a router and the router perhaps uses an external source. Therefore as you can see there are two different sources of synchronization and therefore these times seem to be different. Now my solution is for the DC to get its time from the router instead of the internet based time server then this will mean there is only one time source and the wallboard and phones will be in sync. Sorry regards to the above comment regarding kerbeors can you explain? I just need to make sure by changing the tinme like this that it will not have an effect on any other systems??
