12-30-2022 01:05 AM
Hello!
I wish to use cisco router as ntp-client and get time update from internal NTP server (stratum 2) and configured "ntp disable" on all interfaces in order to prevent the router acts as ntp server to other devices. NTP configuration is below. However, router's ntp association status shows as "unsynchronized"
May I know "ntp disable" causes issue between router and NTP server?
!
ntp logging
ntp authentication-key 10 md5
ntp authenticate
ntp trusted-key 10
ntp access-group serve-only 99
ntp server vrf Mgmt-vrf xx.xx.xx.xx prefer
!
ip access-list standard 99
10 remark ***NTP Control List***
10 permit xx.xx.xx.xx
20 deny any
Best regards,
abob21
12-30-2022 02:04 AM
I will check your config
12-30-2022 04:11 AM
Thanks @MHM Cisco World
Just some updates, I have total 3x routers as not-client and initially all routers ntp configuration were same.
Now I did changes different configuration in router as below
RT01:
RT02:
RT03:
I have no clues how and what causes RT01 & RT02 ntp is working just removed/replaced “ntp disable” command.
Regards,
12-30-2022 09:43 PM
The command ntp disable pretty much means do not process ntp on this interface. If you disable ntp on the vrf then it can not learn ntp time.
12-30-2022 10:24 PM - edited 01-01-2023 07:57 PM
NTP provides two important services, accurate time setting and clock synchronization. Enabling a router to become a NTP master will not guarantee accurate time, but it will ensure that all network components' time remain synchronized. NTP supports authentication, client and server need to use the same settings. Time offset too high: When the time offset between client/server is too large it will take a very long time to synchronize. Stratum level too high: The stratum level is between 1 (best) and 15 (worst).
12-31-2022 12:52 AM
Hello,
I agree with @Richard Burts : if you disable NTP on an interface, no NTP packets are being processed. And hence no synchronization with the NTP server will occur. Have a look at the debug output below. After disabling NTP, packets are dropped:
R1#
*Dec 31 08:45:17.172: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on GigabitEthernet0/0 from LOADING to FULL, Loading Done
R1#
*Dec 31 08:45:36.337: NTP message sent to 192.168.1.2, from interface 'NULL' (0.0.0.0).
*Dec 31 08:45:36.551: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:38.480: NTP message sent to 2.2.2.2, from interface 'NULL' (0.0.0.0).
*Dec 31 08:45:38.484: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:38.611: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:38.613: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:40.331: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:40.335: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:40.549: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:40.551: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:42.526: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:42.529: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:42.744: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:42.745: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:44.493: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:44.497: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:44.746: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:44.747: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:46.491: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:46.496: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:46.932: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:46.934: NTP message received from 192.168.1.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#
*Dec 31 08:45:48.467: NTP message sent to 2.2.2.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:45:48.687: NTP message received from 2.2.2.2 on interface 'GigabitEthernet0/0' (192.168.1.1).
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#
R1(config)#interface gigabitEthernet0/0
R1(config-if)#ntp disable
R1(config-if)#end
R1#
*Dec 31 08:46:19.039: %SYS-5-CONFIG_I: Configured from console by console
R1#
*Dec 31 08:46:42.331: NTP message sent to 192.168.1.2, from interface 'GigabitEthernet0/0' (192.168.1.1).
*Dec 31 08:46:42.337: NTP IPv4 disabled on interface GigabitEthernet0/0, packet dropped.
01-01-2023 04:21 AM
Thank you everyone and wishing prosperous happy new year 2023!
I might have misinterpreted ntp disable as it’s preventing router interface being as ntp server but actually its blocked everything
In order to work router as ntp client, which one will be more secure and best approach for my requirement
1) enable ntp by no ntp disable under router’s interface
or
2) ntp broadcast client
regards,
01-01-2023 12:11 PM
first happy new years
second I will check this point.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: