Latest

Introduction & Configuration of NTP in the network

Today I am going to discuss about the NTP or so called Network Time Protocol. I knew many of you already aware about the use of NTP in our networks but as it was asked by some guys who follow our blogs, so I am happy to explain the NTP little bit with the configurations

What is Network Time Protocol or NTP?

NTP is Network Time Protocol which is generally used to synchronize of the devices to some specific time references. NTP uses UDP protocol to communicate with all the devices in the network and all NTP communications in the network will be synchronized with the defined universal time in the network.

How they synchronize with the time source?

NTP server usually receives its time from a trustworthy time source, such as a radio clock attached to a time server, and then distributes this time across the network. NTP is extremely efficient and there is no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other


Fig 1.1- Sample Topology 

A Network Time Protocol actually uses a layer to describe the distance between a network device and an authoritative time source

  • A layer 1 time server is directly attached to an authoritative time source
  • A layer 2 NTP server receives its time through NTP from a layer 1 time server.

Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a layer 1. Let me talk about the Cisco devices Because Cisco NX-OS cannot connect to a radio or atomic clock and act as a layer 1 server, we recommend that you use the public NTP servers available on the Internet.

Below is the example shows how to configure an NTP server and peer and also enable NTP authentication with NTP logging:

I : Configuring NTP Server and Peer with IP address

NDNA# config t

Enter configuration commands, one per line. End with CNTL/Z.

NDNA(config)# ntp server 192.0.2.105 key 42
NDNA(config)# ntp peer 2001:420:c0c8:1003::217
NDNA(config)# show ntp peers

II: Configuring NTP authentication

NDNA(config)# ntp authentication-key 42 md5 aNiceKey
NDNA(config)# show ntp authentication-keys

III. Authentication key MD5 String

NDNA(config)# ntp trusted-key 42
NDNA(config)# show ntp trusted-keys

Trusted Keys:42

NDNA(config)# ntp authenticate
NDNA(config)# show ntp authentication-status

Authentication enabled.

NDNA(config)# ntp logging
NDNA(config)# show ntp logging

Below example shows an NTP access group configuration with the following restrictions:

  • Peer restrictions are applied to IP addresses that pass the criteria of the access list named “aclpeer-NDNA.”
  • Serve restrictions are applied to IP addresses that pass the criteria of the access list named “aclserve-NDNA.”
  • Serve-only restrictions are applied to IP addresses that pass the criteria of the access list named “aclserve-only-NDNA.”
  • Query-only restrictions are applied to IP addresses that pass the criteria of the access list named “aclquery-NDNA.”

NDNA# config t
NDNA(config)# ntp peer 172.1.1.1
NDNA(config)# ntp peer 172.2.2.2
NDNA(config)# ntp peer 172.3.3.3
NDNA(config)# ntp peer 172.4.4.4
NDNA(config)# ntp peer 172.5.5.5
NDNA(config)# ntp peer 172.6.6.6
NDNA(config)# ntp peer 172.7.7.7
NDNA(config)# ntp peer 172.8.8.8
NDNA(config)# ntp access-group peer aclpeer-NDNA
NDNA(config)# ntp access-group serve aclserve-NDNA
NDNA(config)# ntp access-group serve-only aclserve-only-NDNA
NDNA(config)# ntp access-group query-only aclquery-NDNA 
NDNA(config)# ip access-list aclpeer-NDNA
NDNA(config-acl)# 10 permit ip host 172.1.1.1 any
NDNA(config-acl)# 20 permit ip host 10.8.8.8 any
NDNA(config)# ip access-list aclserve-NDNA
NDNA(config-acl)# 10 permit ip host 172.4.4.4 any
NDNA(config-acl)# 20 permit ip host 172.5.5.5 any
NDNA(config)# ip access-list aclserve-only-NDNA
NDNA(config-acl)# 10 permit ip host 172.6.6.6 any
NDNA(config-acl)# 20 permit ip host 172.7.7.7 any
NDNA(config)# ip access-list aclquery-NDNA
NDNA(config-acl)# 10 permit ip host 172.2.2.2 any
NDNA(config-acl)# 20 permit ip host 172.3.3.3 any

Above configuration is the basic configuration for NTP in your network. Well configuration can be different according to the network and the requirement. We will come up more on NTP server. Stay tuned.