Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1011
Views
25
Helpful
7
Replies

Cisco Router as NTP Client

abob21
Level 1
Level 1

‎12-30-2022 01:05 AM

Hello!

I wish to use cisco router as ntp-client and get time update from internal NTP server (stratum 2) and configured "ntp disable" on all interfaces in order to prevent the router acts as ntp server to other devices. NTP configuration is below. However, router's ntp association status shows as "unsynchronized"

May I know "ntp disable" causes issue between router and NTP server?

!
ntp logging
ntp authentication-key 10 md5 
ntp authenticate
ntp trusted-key 10
ntp access-group serve-only 99
ntp server vrf Mgmt-vrf xx.xx.xx.xx prefer

!

ip access-list standard 99
10 remark ***NTP Control List***
10 permit xx.xx.xx.xx
20 deny any

Best regards,

abob21

Labels:
7 Replies 7

MHM Cisco World
VIP
VIP

‎12-30-2022 02:04 AM

I will check your config 

0 Helpful

abob21
Level 1
Level 1
In response to MHM Cisco World

‎12-30-2022 04:11 AM

Thanks @MHM Cisco World 

Just some updates, I have total 3x routers as not-client and initially all routers ntp configuration were same.

Now I did changes different configuration in router as below

RT01:

  • removed “ntp disable” under interface associated with vrf 
  • Replaced “ntp access-group serv-only 99” with “ntp access-group peer 99”
  • NTP is working and synchronized

RT02:

  • replaced “ntp disable” with “ntp broadcast client” under interface associated with vrf 
  • Replaced “ntp access-group serv-only 99” with “ntp access-group peer 99”
  • NTP is working and synchronized

RT03:

  • remain “ntp disable” under interface associated with vrf 
  • Replaced “ntp access-group serv-only 99” with “ntp access-group peer 99”
  • NTP is not working and unsynchronized

I have no clues how and what causes RT01 & RT02 ntp is working just removed/replaced “ntp disable” command.

Regards,

 

 

Richard Burts
Hall of Fame
Hall of Fame
In response to abob21

‎12-30-2022 09:43 PM

The command ntp disable pretty much means do not process ntp on this interface. If you disable ntp on the vrf then it can not learn ntp time.

HTH

Rick

marl12
Level 1
Level 1

‎12-30-2022 10:24 PM - edited ‎01-01-2023 07:57 PM

NTP provides two important services, accurate time setting and clock synchronization. Enabling a router to become a NTP master will not guarantee accurate time, but it will ensure that all network components' time remain synchronized. NTP supports authentication, client and server need to use the same settings. Time offset too high: When the time offset between client/server is too large it will take a very long time to synchronize. Stratum level too high: The stratum level is between 1 (best) and 15 (worst).

0 Helpful

Georg Pauwen
VIP
VIP
In response to marl12

‎12-31-2022 12:52 AM

Hello,

I agree with @Richard Burts : if you disable NTP on an interface, no NTP packets are being processed. And hence no synchronization with the NTP server will occur. Have a look at the debug output below. After disabling NTP, packets are dropped:

R1#
*Dec 31 08:45:17.172: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
R1#
*Dec 31 08:45:36.337: NTP message sent to 192.168.1.2, from interface 'NULL' (0.0.0.0).
*Dec 31 08:45:36.551: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:38.480: NTP message sent to 2.2.2.2, from interface 'NULL' (0.0.0.0).
*Dec 31 08:45:38.484: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:38.611: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:38.613: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:40.331: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:40.335: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:40.549: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:40.551: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:42.526: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:42.529: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:42.744: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:42.745: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:44.493: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:44.497: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:44.746: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:44.747: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:46.491: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:46.496: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:46.932: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:46.934: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:48.467: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:48.687: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
R1(config)#interface gigabitEthernet0/0
R1(config-if)#ntp disable
R1(config-if)#end
R1#
*Dec 31 08:46:19.039: %SYS-5-CONFIG_I: Configured from console by console
R1#
*Dec 31 08:46:42.331: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:46:42.337: NTP IPv4 disabled on interface GigabitEthernet0/0, packet dropped.

abob21
Level 1
Level 1
In response to Georg Pauwen

‎01-01-2023 04:21 AM

Thank you everyone and wishing prosperous happy new year 2023!

I might have misinterpreted ntp disable as it’s preventing router interface being as ntp server but  actually its blocked everything

In order to work router as ntp client, which one will be more secure and best approach for my requirement

1) enable ntp by no ntp disable under router’s interface 

or

2) ntp broadcast client 

regards,

 

MHM Cisco World
VIP
VIP
In response to abob21

‎01-01-2023 12:11 PM

first happy new years 
second I will check this point. 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents