As an Amazon Associate I earn from qualifying purchases.

Cisco IOS NTP Configuration

Maintaining time synchronization across all of your network (and telephony) devices is absolutely critical to properly maintain (and troubleshoot) the overall solution.  However, there is quite a bit of variety in how NTP can be configured.  This post contains a list of the various features, and sample configurations for each.

Poll-Based NTP Association

Devices on your network can configured to obtain time information in a two basic ways:  by polling host servers or by listening for NTP broadcasts.  This section discusses the poll-based association mode.

Router(config)# ntp server ip-address [version number] [key keyid] [source interface] [prefer]

When a networking device is operating in the client mode, it polls its assigned time serving hosts for the current time. The networking device will then pick a host from all the polled time servers to synchronize with. Because the relationship that is established in this case is a client-host relationship, the host will not capture or use any time information sent by the local client device. This mode is most suited for file-server and workstation clients that are not required to provide any form of time synchronization to other local clients. Use the ntp server command to individually specify the time-serving hosts that you want your networking device to consider synchronizing with and to set your networking device to operate in the client mode.

Router(config)# ntp server ip-address [version number] [key keyid] [source interface] [prefer]

When a networking device is operating in the symmetric active mode, it polls its assigned time serving hosts for the current time and it responds to polls by its hosts. Because this is a peer-to-peer relationship, the host will also retain time-related information about the local networking device that it is communicating with. This mode should be used when a number of mutually redundant servers are interconnected via diverse network paths. Most stratum 1 and stratum 2 servers on the Internet adopt this form of network setup. Use the ntp peer command to individually specify the time serving hosts that you want your networking device to consider synchronizing with and to set your networking device to operate in the symmetric active mode.

Router(config)# ntp peer ip-address [normal-sync] [version number] [key keyid] [source interface] [prefer]

Note:  CUCM will not synchronize NTP with another device that is stratum 10 or greater.

Broadcast-Based NTP Associations

Broadcast-based NTP associations should be used when time accuracy and reliability requirements are modest and if your network is localized and has more than 20 clients. Broadcast-based NTP associations are also recommended for use on networks that have limited bandwidth, system memory, or CPU resources.

When a networking device is operating in the broadcastclient mode, it does not engage in any polling. Instead, it listens for NTP broadcast packets transmitted by broadcast time servers. Consequently, time accuracy can be marginally reduced because time information flows only one way.

Router(config-if)# ntp broadcast [version number]

Router(config-if)# ntp broadcast client

Use the ntp broadcast client command to set your networking device to listen for NTP broadcast packets propagated through a network. In order for broadcastclient mode to work, the broadcast server and its clients must be located on the same subnet. The time server that is transmitting NTP broadcast packets will also have to be enabled on the interface of the given device using the ntp broadcast command.

Router(config)# ntp broadcastdelay microseconds

The above command is used to manually set the estimated round-trip delay between the device and the NTP broadcast server.

Note:  You will see the "ntp clock-period" command added automatically to your IOS configuration.  This simply reflects the constantly changing correction factor used when NTP synchronizes the time.  Do not try to manually change this value.

Disable NTP On An Interface

By default, NTP is disabled on all interfaces by default.  However, once any NTP commands are entered into the IOS configuration, NTP will be enabled on all interfaces.

To selectively disable the router's ability to accept an NTP packet on a specific interface:

Router(config-if)# ntp disable

Selecting the Source IP Address Used to Send NTP

Normally, when the system sends an NTP packet, it uses the interface from which the packet is being sent.  If you'd like to manually configure the address that is used to source all NTP packets egressing the router (perhaps to allow remote systems to configure a common access-list):

Router(config)# ntp source interface

Establish the Router as an Authoritative NTP Source

If an authoritative public NTP server cannot be reached by your network devices, you'll want to specific a device or two within your network to be authoritative for the rest of the network. 

Keep in mind that a very low stratum value could potentially cause the new NTP master to override other devices that can reach a valid public authoritative NTP Source.  The default stratum is 8.

Router(config)# ntp master [stratum]

Update the Hardware Clock

For devices that have system calendars (hardware clocks), it is advisable to have the NTP-learned software clock update it periodically.  The software clock will be more accurate over time than a hardware clock.

Router(config)# ntp update-calendar

Monitoring NTP Associations

These commands will give you an indication of how your NTP service is performing on the router.  To see if an NTP client is properly synchronizing with a peer, use the show ntp associations command.  If however, you'd like to get a general status of NTP, use the show ntp status command.

Router# show ntp associations [detail]

Router# show ntp status

NTP Sample Configurations

In the following example, a router with a system calendar has server associations with two other systems, transmits broadcast NTP packets, and periodically updates the calendar:

clock timezone PST -8
clock summer-time PDT recurring
ntp update-calendar
ntp server 192.168.13.57
ntp server 192.168.11.58
interface Ethernet 0/0
 ntp broadcast

In the following example, a router with a system calendar has no outside time source, so it uses the calendar as an authoritative time source and distributes the time via NTP broadcast packets.

clock timezone MET 2
clock calendar-valid
ntp master
interface fddi 0/0
 ntp broadcast

Relevant Posts
Cisco CUCM NTP Configuration
Cisco IOS NTP Overview


More Information
Cisco IOS Network Management Configuration Guide, Release 12.4

No comments:

Post a Comment