Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
266
Views
0
Helpful
0
Comments

Implementing Network Time Protocol (NTP) - Beginner Level

Gopinath_Pigili
Spotlight
Spotlight

‎09-04-2024 10:44 AM - edited ‎09-18-2024 07:38 PM

                                                                            Network Time Protocol (NTP)

Introduction

NTP Modes

NTP Configuration for IPv4

NTP Versions

NTP Configuration for IPv6

Introduction

  • Network Time Protocol (NTP) allows network infrastructure device to keep its system time synchronized to an external accurate time source.
  • For network devices like routers, switches, or firewalls this is very important because we want to make sure that logging information and timestamps have the accurate time and date. If you ever have network issues or get hacked, you want to know exactly what and when it happened.
  • The common terminology that is used to reference the accuracy of clocks is called the stratum hierarchy. The easiest way to think of this structure is to think of a tree structure.
  • The most accurate clock available is referred to as a Reference clock or a Stratum 0 is a clock source.
  • If a computer within a network obtains its clock from a Stratum 1 source, its clock would be considered a Stratum 2 time source and so on up to a maximum of a Stratum 15 (Stratum 16 is equivalent to no external clock at all).
Gopinath_Pigili_0-1725459872436.png

NTP Modes:

Cisco routers and switches can use three different NTP modes:

  • NTP client mode.
  • NTP server mode.
  • NTP symmetric active mode.

The symmetric active mode is used between NTP devices to synchronize with each other, it’s used as a backup mechanism when they are unable to reach the (external) NTP server.

  • If you have only one server, we recommend that you configure all the devices as clients to that server.
  • You can configure up to 64 NTP entities (servers and peers).
  • If you configure NTP in a VRF, ensure that the NTP server and peers can reach each other through the configured VRFs
  • If you are using the switch as an edge device and want to use NTP, we recommend using the ntp access-group command and filtering NTP only to the required edge devices.

NTP configuration for IPv4

Gopinath_Pigili_1-1725459940746.png

This tells us that the time source is actual hardware calendar-local clock

We want all our devices to be synchronized together if we are able to going to correlate our logs correctly. We set manually clock if you would like to do that.

Gopinath_Pigili_2-1725459979719.png

Obviously, manually setting clock is not best practice. We want to point this instead to an authoritative NTP Server.

Now, the server itself should pointed to an external authoritative NTP server as well. It’s usually a public NTP server like US NIST Internet Time Service or it is pointed to an internal NTP server. A Windows Server or Linux server running with NTP service.

Gopinath_Pigili_3-1725460008053.png
Gopinath_Pigili_4-1725460025891.png
Gopinath_Pigili_5-1725460055458.png

These tell us that R2 has 10.0.0.1 configured as the NTP server and it’s currently not synchronized.

Gopinath_Pigili_6-1725460090805.png
Gopinath_Pigili_7-1725460112940.png

This debug tells us that R1 is sending NTP packets, and R2 is receiving anything.

Troubleshooting NTP

There are a couple of things that could go wrong with NTP:

  • NTP traffic filtered: access-lists could block NTP traffic.
  • NTP Authentication issues: NTP supports authentication, client and server need to use the same settings.
  • Time offset too high: When the time offset between client/server is too large it will take a very long time to synchronize.
  • Stratum level too high: The stratum level is between 1 (best) and 15 (worst). A stratum level of 16 is considered unusable.
  • NTP server source filter: NTP servers can be configured to allow only clients from certain IP addresses.
Gopinath_Pigili_8-1725460180271.png

Once you confirm that NTP packets are not received, you must:

  • Check if NTP is configured correctly.
  • Check if an ACL blocks NTP packets.
  • Check for routing issues to the source or destination IP.

For more information about Troubleshooting, Please follow the following cisco document:

https://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/108076-ntp-troubleshoot.html

Broadcast(ipv4) vs multicast(ipv6)

In broadcast mode, the NTP server sends synchronization information to all clients on the same subnet. In multicast mode, the NTP server sends data to a multicast group, and all devices in that group can access the data

NTP Versions

The current NTP version is 3. NTPv4 is an extension of NTPv3 that supports IPv4 and IPv6. It is backward compatible with NTPv3, offers some new features, and time synchronization is faster and more precise.

Security has improved, NTPv4 supports public key cryptography and standard X509 certificates.

When using NTP for IPv4, broadcast is a popular option as it allows you to send NTP packets in the broadcast domain to everyone. We can’t do this with IPv6, but NTPv4 does support site-local multicast.

DNS support is also improved. With NTPv3, if you configure a hostname to sync with, your device does a lookup for the hostname and stores the IP address in the configuration, the hostname is then lost. With NTPv4, the hostname is stored in the configuration.

NTP Configuration for IPv6

Gopinath_Pigili_9-1725460258402.png

R1#clock set 05:35:00 3 Sep 2024

I will configure R1 as an NTP master so that I don’t need an external server:

R1(config)#ntp master 1

Clients

Let’s configure our clients. R2 will be an NTP unicast client and for R3 we will use multicast.

Unicast: We can configure the IPv6 address of R1 but instead, we’ll use a hostname to test if R2 stores the hostname in its configuration. I’ll create a manual host record for this:

R2(config)#ipv6 host R1 2001:DB8:0:12::1

Now we configure R1 as the NTP server. The version 4 parameter sets the correct version:

R2(config)#ntp server R1 version 4

Gopinath_Pigili_10-1725460391777.png

Multicast: To make multicast work, we need to configure R1 to send NTP multicast packet and R3 to receive them.

R3(config)#ntp server 2001:db8:0:13::1 version 4

 

Gopinath_Pigili_11-1725460462461.png

Thank you very much..!!

-------------------------------------------THE END ------------------------------------------------------

NTP.zip
NTPv4.zip
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card