Chapter 19
Configure and Verify NTP
At first, you might think of the time set on your Cisco device as just a bit of a “nice to have” but not something that is very important. In reality, having the super-accurate time on your networking devices can be very, very important—for several reasons. For example, you might have policies that take effect at certain times (such as permitting no gaming traffic during work hours). You might also need accurate time so you can accurately monitor and understand security breaches that have been logged by devices.
Network Time Protocol (NTP) is a proven effective protocol for sharing the correct time between devices and ensuring that the devices stay in sync with accurate time.
This chapter covers the following essential terms and components:
▸ NTP server
▸ NTP client
▸ Stratum
Topic: Configure and verify NTP operating in client/server mode
CramSaver
If you can correctly answer these CramSaver questions, save time by skimming the ExamAlerts in this section and then completing the CramQuiz at the end of this section and the Review Questions at the end of the chapter. If you are in doubt at all, read everything in this chapter!
1. What command configures a Cisco router to be an authoritative reference clock source with a stratum of 3?
_________
2. What command confirms an NTP client-to-server relationship in tabular form?
_________
It is critical to have accurate time on your network devices—for many reasons. Network Time Protocol (NTP) enables you to automate this synchronization process. The current version of the protocol, NTPv4, uses the transport layer protocol UDP and port 123.
NTP uses the concept of a stratum value to gauge the accuracy of time values carried by NTP. A lower stratum value is preferred. The stratum value indicates the NTP hop count from an authoritative reference clock source. Ideally, this reference time source should be an atomic clock. An NTP server that is directly attached to an atomic clock has a stratum of 1.
Example 19.1 shows how to configure R1 to use its internal clock as a reference clock source. Notice that it selects a stratum value of 2.
Example 19.1 Configuring the NTP Master in a Network
R1# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R1(config)# ntp master ? <1-15> Stratum number <cr> R1(config)# ntp master 2 R1(config)# end R1#
ExamAlert
The default stratum value for the ntp master command is 8.
How do you configure an NTP client to receive the correct time from an NTP server (master)? You use the command ntp server ntp-server-ip-address-or-dns-name. You will almost always see a DNS name used in actual production environments. Example 19.2 shows this configuration in our lab.
Example 19.2 Configuring an NTP Client
R2# R2# configure terminal Enter configuration commands, one per line. End with CNTL/Z. R2(config)# ntp server 10.1.1.1 R2(config)# end R2#
ExamAlert
There are several other NTP configuration options available (such as broadcasting NTP updates), but you don’t need to understand them for the CCNA 200-301 exam. If you are interested in these more advanced NTP topics, check out the links provided in the “Additional Resources” section at the end of this chapter.
Note that once an IOS device synchronizes with a clock source (an internal clock or an external NTP server), it acts as a lower-stratum NTP server, without any additional configuration. The ntp master command is necessary only when the IOS device has no external clock source to synchronize to. If you have access to the Internet and wish to synchronize your entire network to the public time, you can have two or three border routers synchronize to public NTP servers with the ntp server command and then have your entire internal network synchronize to those border routers (now NTP servers themselves), again using the same ntp server command.
There are two key commands for verifying NTP. Example 19.3 shows one of them, the show ntp associations command. Note how this command allows you to easily verify the association with the configured NTP master device.
Example 19.3 Verifying NTP Configuration with show ntp associations
R2# show ntp associations address ref clock st when poll reach delay offset disp *~10.1.1.1 127.127.1.1 2 0 64 275 19.784 40129.7 68.951 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured R2#
Example 19.4 shows another frequently used verification command: show ntp status.
Example 19.4 Using show ntp status to Verify NTP
R2# show ntp status Clock is synchronized, stratum 3, reference clock is 10.1.1.1 nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24 reference time is DA5E7147.56CADEA7 (19:54:31.339 EST Thu Feb 4 2022) clock offset is 0.0986 msec, root delay is 2.46 msec root dispersion is 16.27 msec, peer dispersion is 5.33 msec loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000009 s/s system poll interval is 64, last update was 530 sec ago. R2#
ExamAlert
Be ready to be patient when you are verifying an NTP configuration. Even in a small practice lab with two devices, it can take many minutes before the NTP synchronization fully takes place. This is by design in the workings of the protocol. Quite impressively, simulators like Packet Tracer take this into account and properly delay the synchronization to add realism.
CramQuiz
1. What is a stratum in NTP?
A. A measure of the proximity to the reference clock
B. A measure of a clock’s accuracy
C. A measure of the number of total NTP clients
D. A measure of the number of NTP queries per minute
2. What command configures a Cisco device as an NTP client of 10.1.1.1?
A. ntp client 10.1.1.1
B. ntp master 10.1.1.1
C. ntp server 10.1.1.1
D. ntp 10.1.1.1
CramQuiz Answers
1. A is correct. The stratum value indicates how far a device is from the reference clock.
2. C is correct. The ntp server command is used on a client to configure the NTP server’s IP address or hostname.
Review Questions
1. What protocol does NTP use, and what port number does it use? (Choose two.)
A. TCP
B. UDP
C. 123
D. 412
2. What is the best possible stratum value that a Cisco NTP server can advertise?
A. 0
B. 1
C. 5
D. 15
3. What command would you use to cause your local router to retrieve the correct time from an NTP master in your network at 10.10.10.100?
A. ntp receive 10.10.10.100
B. ntp fetch 10.10.10.100
C. ntp server 10.10.10.100
D. ntp client 10.10.10.100
4. What command produced the output shown here?
Clock is synchronized, stratum 3, reference clock is 10.1.1.1 nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24 reference time is DA5E7147.56CADEA7 (19:54:31.339 EST Thu Feb 4 2022) clock offset is 0.0986 msec, root delay is 2.46 msec root dispersion is 16.27 msec, peer dispersion is 5.33 msec loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000009 s/s system poll interval is 64, last update was 530 sec ago.
A. show ntp status
B. show ntp associations
C. show ntp peers
D. show ntp masters
Answers to Review Questions
1. B and C are correct. NTP uses UDP and port 123.
2. B is correct. The stratum range is from 1 to 15. The lower the stratum value, the more preferred. Therefore, the best stratum is 1.
3. C is correct. Remember that the ntp server command is the command you use to specify the time source for a local device.
4. A is correct. A very powerful show command for verifying NTP is show ntp status. It provides easy-to-read and easy-to-interpret details about the NTP settings that are in place.
Hands-On Lab Practice Assignment
Configure NTP
To complete this Hands-On Lab Practice Assignment, download the assigned Packet Tracer file from the book’s companion website and perform the lab on your locally installed version of Packet Tracer. For instructions on how to download and use the Packet Tracer files, see “Packet Tracer Hands-On Lab Practice Assignments” in the Introduction of this book.
Additional Resources
Setting Time and Calendar Services
Cisco IOS Clocks and NTP
https://packetlife.net/blog/2011/mar/28/cisco-ios-clocks-and-ntp/