Introduction & Configuration of NTP in the network
Today I am going to discuss about the NTP or so called
Network Time Protocol. I knew many of you already aware about the use of NTP in
our networks but as it was asked by some guys who follow our blogs, so I am
happy to explain the NTP little bit with the configurations
What is Network Time Protocol or NTP?
NTP is Network Time Protocol which is generally used to
synchronize of the devices to some specific time references. NTP uses UDP
protocol to communicate with all the devices in the network and all NTP
communications in the network will be synchronized with the defined universal
time in the network.
How they synchronize with the time source?
NTP server usually receives its time from a trustworthy time
source, such as a radio clock attached to a time server, and then distributes
this time across the network. NTP is extremely efficient and there is no more
than one packet per minute is necessary to synchronize two machines to within a
millisecond of each other
Fig 1.1- Sample Topology |
A Network Time Protocol actually uses a layer to describe the
distance between a network device and an authoritative time source
- A layer 1 time server is directly attached to an authoritative time source
- A layer 2 NTP server receives its time through NTP from a layer 1 time server.
Below is the example shows how to configure an NTP server and peer and also enable NTP authentication with NTP logging:
I : Configuring NTP Server and Peer with IP address
NDNA# config t
Enter configuration commands, one per line. End with CNTL/Z.
NDNA(config)# ntp server 192.0.2.105 key 42
NDNA(config)# ntp peer 2001:420:c0c8:1003::217
NDNA(config)# show ntp peers
II: Configuring NTP authentication
NDNA(config)# ntp authentication-key 42 md5 aNiceKey
NDNA(config)# show ntp authentication-keys
III. Authentication key MD5 String
NDNA(config)# ntp trusted-key 42
NDNA(config)# show ntp trusted-keys
Trusted Keys:42
NDNA(config)# ntp authenticate
NDNA(config)# show ntp authentication-status
Authentication enabled.
NDNA(config)# ntp logging
NDNA(config)# show ntp logging
Below example shows an NTP access group configuration with the following restrictions:
- Peer restrictions are applied to IP addresses that pass the criteria of the access list named “aclpeer-NDNA.”
- Serve restrictions are applied to IP addresses that pass the criteria of the access list named “aclserve-NDNA.”
- Serve-only restrictions are applied to IP addresses that pass the criteria of the access list named “aclserve-only-NDNA.”
- Query-only restrictions are applied to IP addresses that pass the criteria of the access list named “aclquery-NDNA.”
NDNA# config t
NDNA(config)# ntp peer 172.1.1.1
NDNA(config)# ntp peer 172.2.2.2
NDNA(config)# ntp peer 172.3.3.3
NDNA(config)# ntp peer 172.4.4.4
NDNA(config)# ntp peer 172.5.5.5
NDNA(config)# ntp peer 172.6.6.6
NDNA(config)# ntp peer 172.7.7.7
NDNA(config)# ntp peer 172.8.8.8
NDNA(config)# ntp access-group peer aclpeer-NDNA
NDNA(config)# ntp access-group serve aclserve-NDNA
NDNA(config)# ntp access-group serve-only aclserve-only-NDNA
NDNA(config)# ntp access-group query-only aclquery-NDNA
NDNA(config)# ip access-list aclpeer-NDNA
NDNA(config-acl)# 10 permit ip host 172.1.1.1 any
NDNA(config-acl)# 20 permit ip host 10.8.8.8 any
NDNA(config)# ip access-list aclserve-NDNA
NDNA(config-acl)# 10 permit ip host 172.4.4.4 any
NDNA(config-acl)# 20 permit ip host 172.5.5.5 any
NDNA(config)# ip access-list aclserve-only-NDNA
NDNA(config-acl)# 10 permit ip host 172.6.6.6 any
NDNA(config-acl)# 20 permit ip host 172.7.7.7 any
NDNA(config)# ip access-list aclquery-NDNA
NDNA(config-acl)# 10 permit ip host 172.2.2.2 any
NDNA(config-acl)# 20 permit ip host 172.3.3.3 any