Re: NTP server

kaktusss · ‎10-17-2018

We have connetced two 3850 in trunk with theree 2960 in ring network topology. And big question is. If is done on one switch configuration of NTP server. Can other switches take this adress from that one switch?

And what is the best configuration of synchronization time on siwtches in this case?

Joseph W. Doherty · ‎10-17-2018

For just five devices, you should be fine having four of the devices pull from the NTP master.

Julio A. Martinez Herrera · ‎10-17-2018

Hi dude ;

You can try below configuration, last time it worked for me :

NTP Server 192.168.99.1

R1-TEST#configure terminal
R1-TEST(config)#ip name-server 8.8.8.8 8.8.4.4
R1-TEST(config)#ntp server mx.pool.ntp.org
R1-TEST(config)#ntp logging
R1-TEST(config)#ntp authentication-key 1 md5 passwordNTP123
R1-TEST(config)#ntp trusted-key 1
R1-TEST(config)#ntp authenticate
R1-TEST(config)#ntp master 2

NTP Client

R1-TEST_2(config)#ntp authentication-key 1 md5 passwordNTP123
R1-TEST_2(config)#ntp trusted-key 1
R1-TEST_2(config)#ntp authenticate
R1-TEST_2(config)#ntp server 192.168.99.1 key 1

More NTP Servers https://www.pool.ntp.org

---------------------------------------------------------------------

Please rate my answer if it was helpful for you.
May the force be with you.

Richard Burts · ‎10-17-2018

I am a bit confused about the description of 2 3850 in trunk and 3 2960 in ring topology. But I do not believe that the topology is significant if the question is about having 5 switches and wanting ntp. It should work find if one switch learns ntp time from an authoritative source and if the other switches learn ntp time from that switch.

That solution would work but would not provide any redundancy. If you are interested in redundancy then you might consider this alternative. Configure both 3850 to learn ntp time from an authoritative source. Then on 3 2960 switches configure 2 ntp server commands pointing at the 2 3850s.

HTH

Rick

HTH

Rick

Joseph W. Doherty · ‎10-17-2018

Rick's raises a great point about redundancy. However, implementing what he describes can bump into a couple of issues especially if the authoritative source is a public Internet NTP source. First, you may not have redundant paths to the authoritative sources, and without that, you would still have a single point of failure. Second, Internet public NTP servers generally don't want to be hit by multiple downstream devices (to avoid overloading them).

Fortunately, though, network devices on-line and running don't time "drift" too much. I.e., if you lose your authoritative source, you devices will likely still have accurate enough time, for most purposes, for some time. (One issue is, devices that don't have an on-board "calendar". If they reboot, their time will be off. [If they do have an on-board calendar, when setting up NTP, you should configure it to occasionally sync it up too,])

What I don't recall is behavior if the the authoritative source is lost, whether downstream devices will still NTP sync their time with upstream devices. If they do, what Rick suggested would be great even if you couldn't get dual authoritative sources.

dbeattie · ‎10-18-2018

Hi,

Please see this thread:

cores-distribution-switch-as-ntp-server

You should aim for at least three NTP servers in each stratum for reliable NTP. In this case I would set all switches to use three separate sources from the ntp.org pool (so 15 in total) and get the switches to peer with each other. This way you get a large number of sources and your switches will arbitrate between themselves. If you lose your Internet connection, the switches will be stable as a group and if one has a bad internal clock it will be held in place by the others. Additionally, if a switch reboots, its clock will be declared insane until it is synced to the arbitrated time.

Hope this helps,

Dave