ntp

hadi_xhadi_x Registered Users Posts: 6 ■□□□□□□□□□
hi guys!
how can I config NTP Server? please say me what is NTP config command?
Thank's alot my dude!icon_study.gif

Comments

  • malcyboodmalcybood Member Posts: 900 ■■■□□□□□□□
    hadi_x wrote: »
    hi guys!
    how can I config NTP Server? please say me what is NTP config command?
    Thank's alot my dude!icon_study.gif

    ntp server 2.2.2.2
  • SubnetZeroSubnetZero Member Posts: 124
    So you have a couple of options here. First one, if your Cisco router is going to be acting as an NTP server it either needs to be synched with an authoritative time source, or you can force your Cisco router to be the authoritative time source.

    Typically what I see is that your redundant distribution layer routers are configured to sync with an authoritative time source, and then all of your other Cisco devices below sync to the distribution routers. It's also a good idea to authenticate your NTP as well.

    Here is an example configuring what will be an NTP server
    [COLOR=#000080]ntp authentication-key 1 md5 1234567891011121314 7[/COLOR]
    [COLOR=#000080]ntp authenticate[/COLOR]
    [COLOR=#000080]ntp trusted-key 1[/COLOR]
    [COLOR=#000080]ntp update-calendar[/COLOR]
    [COLOR=#000080]ntp server 198.60.73.8[/COLOR]
    [COLOR=#000080]ntp server 131.107.13.100[/COLOR]
    [COLOR=#000080]ntp server 64.147.116.229[/COLOR]
    
    To verify your clocks are synched do the following:
    [COLOR=#000080]Router#show ntp ass[/COLOR]
    [COLOR=#000080]      address         ref clock     st  when  poll reach  delay  offset    disp[/COLOR]
    [COLOR=#000080]-~198.60.73.8      .ACTS.            1     1  1024  377    31.6    0.64     0.8[/COLOR]
    [COLOR=#000080]+~127.127.7.1      127.127.7.1       2    44    64  377     0.0    0.00     0.0[/COLOR]
    [COLOR=#000080]+~131.107.13.100   .ACTS.            1   310  1024  377    43.6   -1.34     4.9[/COLOR]
    [COLOR=#000080]*~64.147.116.229   .ACTS.            1   964  1024  377    17.1   -4.17     4.2[/COLOR]
    [COLOR=#000080] * master (synced), # master (unsynced), + selected, - candidate, ~ configured
    [/COLOR]
    
    [COLOR=#000080]Router#show ntp status[/COLOR]
    [COLOR=#000080]Clock is synchronized, stratum 2, reference is 198.60.73.8[/COLOR]
    [COLOR=#000080]nominal freq is 250.0000 Hz, actual freq is 250.0012 Hz, precision is 2**18[/COLOR]
    [COLOR=#000080]reference time is D2DE7306.22FCE98A (08:29:58.136 PST Thu Feb 9 2012)[/COLOR]
    [COLOR=#000080]clock offset is -2.7579 msec, root delay is 31.31 msec[/COLOR]
    [COLOR=#000080]root dispersion is 9.99 msec, peer dispersion is 2.29 msec[/COLOR]
    

    Now just point your clients to your internal NTP server's
    [COLOR=#000080]SV3750-MDF-1A#sh run | i ntp[/COLOR]
    [COLOR=#000080]ntp authentication-key 1 md5 1234567891011121314 7[/COLOR]
    [COLOR=#000080]ntp authenticate[/COLOR]
    [COLOR=#000080]ntp trusted-key 1[/COLOR]
    [COLOR=#000080]ntp clock-period 36028713[/COLOR]
    [COLOR=#000080]ntp server 10.75.176.2 key 1[/COLOR]
    [COLOR=#000080]ntp server 10.75.176.3 key 1[/COLOR]
    

    Verify it
    [COLOR=#000080]SV3750-MDF-1A#sh ntp ass[/COLOR]
    [COLOR=#000080]      address         ref clock     st  when  poll reach  delay  offset    disp[/COLOR]
    [COLOR=#000080]*~10.75.176.2      198.60.73.8       2    68   128  377     0.6    0.59     0.1[/COLOR]
    [COLOR=#000080] ~10.75.176.3      0.0.0.0          16   952  1024    0     0.0    0.00  16000.[/COLOR]
    
    [COLOR=#000080]SV3750-MDF-1A#show ntp stat[/COLOR]
    [COLOR=#000080]Clock is synchronized, stratum 3, reference is 10.75.176.2[/COLOR]
    [COLOR=#000080]nominal freq is 119.2092 Hz, actual freq is 119.2095 Hz, precision is 2**18[/COLOR]
    [COLOR=#000080]reference time is D2DE77D9.E36302AC (08:50:33.888 PST Thu Feb 9 2012)[/COLOR]
    [COLOR=#000080]clock offset is 0.5941 msec, root delay is 31.94 msec[/COLOR]
    [COLOR=#000080]root dispersion is 10.67 msec, peer dispersion is 0.08 msec[/COLOR]
    

    Alternatively you can configure an unsynchronized router to act as an authoritative NTP source using the ntp master command.

    Note: Cisco and NTP experts discourage the use of this command if any other NTP time sources are available because it violates NTP's hierarchical trust model. When using this command, you should choose a high stratum number, such as 10, so time associations through the fake master clock are ignored if more trustworthy NTP information is made available.

    To enable an unsynchronized Cisco router to act as an authoritative NTP clock at stratum 10:
    [COLOR=#000080]Router#config terminal[/COLOR]
    [COLOR=#000080]Enter configuration commands, one per line.  End with CNTL/Z.[/COLOR]
    [COLOR=#000080]Router(config)#ntp master 10[/COLOR]
    

    HTH

    While no trees were harmed in the transmission of this message, several electrons were severely inconvenienced
    :cool:
  • hadi_xhadi_x Registered Users Posts: 6 ■□□□□□□□□□
    SubnetZero wrote: »
    So you have a couple of options here. First one, if your Cisco router is going to be acting as an NTP server it either needs to be synched with an authoritative time source, or you can force your Cisco router to be the authoritative time source.

    Typically what I see is that your redundant distribution layer routers are configured to sync with an authoritative time source, and then all of your other Cisco devices below sync to the distribution routers. It's also a good idea to authenticate your NTP as well.

    Here is an example configuring what will be an NTP server
    [COLOR=#000080]ntp authentication-key 1 md5 1234567891011121314 7[/COLOR]
    [COLOR=#000080]ntp authenticate[/COLOR]
    [COLOR=#000080]ntp trusted-key 1[/COLOR]
    [COLOR=#000080]ntp update-calendar[/COLOR]
    [COLOR=#000080]ntp server 198.60.73.8[/COLOR]
    [COLOR=#000080]ntp server 131.107.13.100[/COLOR]
    [COLOR=#000080]ntp server 64.147.116.229[/COLOR]
    
    To verify your clocks are synched do the following:
    [COLOR=#000080]Router#show ntp ass[/COLOR]
    [COLOR=#000080]      address         ref clock     st  when  poll reach  delay  offset    disp[/COLOR]
    [COLOR=#000080]-~198.60.73.8      .ACTS.            1     1  1024  377    31.6    0.64     0.8[/COLOR]
    [COLOR=#000080]+~127.127.7.1      127.127.7.1       2    44    64  377     0.0    0.00     0.0[/COLOR]
    [COLOR=#000080]+~131.107.13.100   .ACTS.            1   310  1024  377    43.6   -1.34     4.9[/COLOR]
    [COLOR=#000080]*~64.147.116.229   .ACTS.            1   964  1024  377    17.1   -4.17     4.2[/COLOR]
    [COLOR=#000080] * master (synced), # master (unsynced), + selected, - candidate, ~ configured
    [/COLOR]
    
    [COLOR=#000080]Router#show ntp status[/COLOR]
    [COLOR=#000080]Clock is synchronized, stratum 2, reference is 198.60.73.8[/COLOR]
    [COLOR=#000080]nominal freq is 250.0000 Hz, actual freq is 250.0012 Hz, precision is 2**18[/COLOR]
    [COLOR=#000080]reference time is D2DE7306.22FCE98A (08:29:58.136 PST Thu Feb 9 2012)[/COLOR]
    [COLOR=#000080]clock offset is -2.7579 msec, root delay is 31.31 msec[/COLOR]
    [COLOR=#000080]root dispersion is 9.99 msec, peer dispersion is 2.29 msec[/COLOR]
    

    Now just point your clients to your internal NTP server's
    [COLOR=#000080]SV3750-MDF-1A#sh run | i ntp[/COLOR]
    [COLOR=#000080]ntp authentication-key 1 md5 1234567891011121314 7[/COLOR]
    [COLOR=#000080]ntp authenticate[/COLOR]
    [COLOR=#000080]ntp trusted-key 1[/COLOR]
    [COLOR=#000080]ntp clock-period 36028713[/COLOR]
    [COLOR=#000080]ntp server 10.75.176.2 key 1[/COLOR]
    [COLOR=#000080]ntp server 10.75.176.3 key 1[/COLOR]
    

    Verify it
    [COLOR=#000080]SV3750-MDF-1A#sh ntp ass[/COLOR]
    [COLOR=#000080]      address         ref clock     st  when  poll reach  delay  offset    disp[/COLOR]
    [COLOR=#000080]*~10.75.176.2      198.60.73.8       2    68   128  377     0.6    0.59     0.1[/COLOR]
    [COLOR=#000080] ~10.75.176.3      0.0.0.0          16   952  1024    0     0.0    0.00  16000.[/COLOR]
    
    [COLOR=#000080]SV3750-MDF-1A#show ntp stat[/COLOR]
    [COLOR=#000080]Clock is synchronized, stratum 3, reference is 10.75.176.2[/COLOR]
    [COLOR=#000080]nominal freq is 119.2092 Hz, actual freq is 119.2095 Hz, precision is 2**18[/COLOR]
    [COLOR=#000080]reference time is D2DE77D9.E36302AC (08:50:33.888 PST Thu Feb 9 2012)[/COLOR]
    [COLOR=#000080]clock offset is 0.5941 msec, root delay is 31.94 msec[/COLOR]
    [COLOR=#000080]root dispersion is 10.67 msec, peer dispersion is 0.08 msec[/COLOR]
    

    Alternatively you can configure an unsynchronized router to act as an authoritative NTP source using the ntp master command.

    Note: Cisco and NTP experts discourage the use of this command if any other NTP time sources are available because it violates NTP's hierarchical trust model. When using this command, you should choose a high stratum number, such as 10, so time associations through the fake master clock are ignored if more trustworthy NTP information is made available.

    To enable an unsynchronized Cisco router to act as an authoritative NTP clock at stratum 10:
    [COLOR=#000080]Router#config terminal[/COLOR]
    [COLOR=#000080]Enter configuration commands, one per line.  End with CNTL/Z.[/COLOR]
    [COLOR=#000080]Router(config)#ntp master 10[/COLOR]
    

    HTH

    thank you so much it was complete answericon_thumright.gif
Sign In or Register to comment.