04-28-2019 07:15 PM - edited 02-21-2020 09:37 PM
Hi All,
Can i request to give me a favor to solve my NTP testing.
I trying to test ntp configuration and setup in lab.I want to configure R1 as NPT Master of R2 and R2 as NPT client of R1 and R2 is NTP master of R3. I also want to authenicate with MD5 and configure with ACL.But I got the problem in first step.
I referenced and followed below guide.
https://blog.ine.com/2008/07/28/ntp-access-control
https://ccie-or-null.net/tag/ntp-version-3/
I can see ntp association and reach time. But when i change Time of R1,the time of R2 and R1 didn't change and syned.How to know it is work properly or not ?i thought it is my weak of understanding NTP configuration .Please advise me what is the best practice ?
04-28-2019 11:27 PM
Fist step :
Setup and Clock in the R1 :
Example :
config t
!
clock timezone BST 0 0 (Want to set a UK time)
clock summer-time xxx 1 Sunday March 02:00 1 Sunday November 02:00 60
!
ntp master
ntp souce loopback 0 <<- since loopback never go down - but make sure loopback reachable to oteh ddevices)
!
end
CLIENTS :
config t
!
ntp server x.x.x.x <-- this is server loopback address
test and advise if any issue post the output below :
show ntp status
show clock
04-29-2019 01:02 AM - edited 04-29-2019 04:13 AM
Hi,
My main concern is on R2. Because i want to get time of R3 from R2.I don't want R3 directly sync time from R1.
So i would like to know which configuration is correct ?
R2#ntp master
R2#ntp server 1.1.1.1 prefer
R2#ntp source lo0
R3#ntp server 1.1.1.2
R3#ntp source lo0
(OR)
R2#ntp server 1.1.1.1 prefer
R2#ntp source lo0
R3#ntp server 1.1.1.2
R3#ntp source lo0
Now i tested as below diagram.
After configuration without ACL ntp sync is work properly but R3 sync time is a little longer than R4 .
but after i put ACL rule in R2 . All ntp cannot synced.please see below pic
R3#sh ntp associations
address ref clock st when poll reach delay offset disp
~1.1.1.2 .INIT. 16 536 1024 0 0.000 0.000 15937.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
R3#
Let me know your advice ?
04-29-2019 01:08 PM
On high level i looked at the config, If you want to R3 need to query to R2, you need to Allow R3 IP address in ACL.
make sense ?
04-30-2019 01:54 AM
Hi ,
i already allowed R3 traffic in R2.but still got error.
04-30-2019 10:47 AM
Post the errors, also enable debug for NTP see wht causing the issue ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide