Network Time Protocol

4.5.b i Master, client

General information about “NTP Master, client”:

• Four different modes:
  • Server (Master Mode): Provides time to clients
  • Client (Static Client Mode): Synchronizes time with NTP server
  • Peer (Symmetric Active Mode): Exchange of time information between different peers.
  • Broadcast/Multicast: Special push mode of NTP server
• Two clocks:
  • Software clock: show clock
  • Hardware clock: show calendar
• NTP synchronizes only the software clock (by default, can be changed)
• Stratum defines the value of a clock source (the lower, the better)
• Stratum 1 = Directly attached to an atomic clock/radio clock source
• Stratum X = x hops ways from an atomic clock source
• Enabling NTP automatically makes the device a NTP server on all interfaces (can be disabled)
• If there’s no NTP server on the network, a device can be defined as authoritative NTP source
• Time zone and summer/winter time can be configured
• IP address of the local clock is 127.127.1.1

“NTP Master, client” CLI configuration commands:

## Configuring a NTP server to sync with
Router(config)# ntp server <ip> [prefer]

## Disabling/Enabling receiving/sending NTP on an interface
Router(config)# interface <if>
Router(config-if)# [no] ntp disable

## Configuring the local HW clock
Router# clock set <hh:mm:ss> <DAY> <MONTH> <YEAR>

## Configuring the router as NTP server
Router(config)# ntp master <stratum>

## Configuring a NTP peer
Router(config)# ntp peer <ip>

## Configuring NTP multicast server/client feature
Router(config)# interface <if>
Router(config-if)# ntp multicast <ip>

Router(config)# interface <if>
Router(config-if)# ntp multicast client <ip>

## Configuring NTP broadcast server/client feature
Router(config)# interface <if>
Router(config-if)# ntp broadcast

Router(config)# interface <if>
Router(config-if)# ntp broadcast client

## Configuring a timezone and summer/winter time on the local HW clock
Router(config)# clock timezone [name of time zone] [UTC offset]
Router(config)# clock summertime [name of time zone] recurring [parameters]

## Configuring NTP to update the HW clock
Router(config)# ntp update-calendar

“NTP Master, client” CLI show commands:

## Showing NTP status (clock sync, stratum, ...)
Router# show ntp status

## Showing NTP associations (peers, ...)
Router# show ntp associations

4.5.b ii Authentication

General information on “NTP Authentication”:

• NTP provides an easy attack vector
• Therefor NTP should be secured

“NTP Authentication” CLI configuration commands:

## Configuring an NTP authentication key
Router(config)# ntp authentication-key <number> md5 <password>

## Disabling/Enabling NTP authentication globally
Router(config)# [no] ntp authenticate

## Setting the configured NTP authentication key to be trusted
Router(config)# ntp trusted-key <number>

## Configuring a NTP server with the configured authentication key
Router(config)# ntp server <ip> key <number>