- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2012 06:17 AM - edited 03-04-2019 04:33 PM
Is it possible to have an ISR authenticate with a secure NTP server and then relay that time by acting as a Stratum 1 NTP server?
Solved! Go to Solution.
- Labels:
-
Other Routers
Accepted Solutions
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2012 11:27 AM
I am not sure that I fully understand your question or what you are trying to achieve. But here is what I know that I hope will answer your question.
It is quite possible to have an ISR authenticate with a secure NTP server and to learn time from that server. After the router has learned authoritative time from the server then the router can pass the time to other NTP clients who would request time from the ISR. So for that part of your question the answer is yes.
But when it learns time from a server the router will pass along time at one level lower than the server from which it learned time. For example if the router learns time from a stratum one server then the router will send out time as a stratum two source. Or if the router learned time from a stratum four server then the router would send time as a stratum five source. So for that part of your question the answer is no it can not send time as stratum one.
If this does not answer your question then please provide clarification of your issue.
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2012 12:48 PM
No other commands are needed to activate the router NTP service. In an IOS router when you enter the ntp server command, and when the router has successfully learned authoritative time then the NTP function is automatically activated.
The command ntp master is not needed unless you want the router to serve NTP time from its own clock. Since the router clock is pretty good but not highly accurate Cisco generally does not suggest using the ntp master command as part of a normal NTP configuration. If there is no other source of time (if the network is really isolated and has no external connectivity for example) then it would be advisable to use ntp master.
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2012 11:27 AM
I am not sure that I fully understand your question or what you are trying to achieve. But here is what I know that I hope will answer your question.
It is quite possible to have an ISR authenticate with a secure NTP server and to learn time from that server. After the router has learned authoritative time from the server then the router can pass the time to other NTP clients who would request time from the ISR. So for that part of your question the answer is yes.
But when it learns time from a server the router will pass along time at one level lower than the server from which it learned time. For example if the router learns time from a stratum one server then the router will send out time as a stratum two source. Or if the router learned time from a stratum four server then the router would send time as a stratum five source. So for that part of your question the answer is no it can not send time as stratum one.
If this does not answer your question then please provide clarification of your issue.
HTH
Rick
Rick
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2012 11:56 AM
Ok the stratum issue is fine. So are there any commands needed to activate the router's NTP service? Usually I would do NTP server x.x.x.x for an external source and NTP master if I wanted the router to act as an NTP server. I wasn't sure if one mode negated the other.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
06-04-2012 12:48 PM
No other commands are needed to activate the router NTP service. In an IOS router when you enter the ntp server command, and when the router has successfully learned authoritative time then the NTP function is automatically activated.
The command ntp master is not needed unless you want the router to serve NTP time from its own clock. Since the router clock is pretty good but not highly accurate Cisco generally does not suggest using the ntp master command as part of a normal NTP configuration. If there is no other source of time (if the network is really isolated and has no external connectivity for example) then it would be advisable to use ntp master.
HTH
Rick
Rick
