NTP Configuration with Authentication

Mokhalil82 · ‎10-03-2018

Hi

I just want to confirm my NTP configuration. I have 2 routers acting as the NTP servers. They are receiving their time from the domain controllers (ntp server x.x.x.x). Then all the network devices (Clients) in the business will be configured to use the 2 routers as NTP servers as primary and secondary.

Does the following configuration look correct. Is there anything I can add or remove for best practice?

SERVERS

ntp server x.x.x.x
ntp authentication-key 1 md5 xxx
ntp max-associations 100
ntp trusted-key 1
ntp trusted-key 2

ntp server y.y.y.y
ntp authentication-key 2 md5 xxx
ntp max-associations 100
ntp trusted-key 1
ntp trusted-key 2

CLIENT

ntp authentication-key 1 md5 xxx
ntp authentication-key 2 md5 xxx
ntp authenticate
ntp server x.x.x.x key 1 prefer
ntp server y.y.y.y key 2
ntp trusted-key 1
ntp trusted-key 2

Diana Karolina Rojas · ‎10-25-2018

Hello!

In order to add a little more security you can define an ACL in the client network devices, this enable the device to receive time requests and NTP control queries and to synchronize itself to only the servers specified in the access list. Here is an example:

switch(config)# ip access-list accesslist1

switch(config-acl)# 10 permit ip host 10.1.1.1 any

switch(config-acl)# 20 permit ip host 10.8.8.8 any

switch(config)#ntp access-group peer accesslist1

Please do not forget to rate useful posts.

Best Regards,