Network Time Protocol

Unanswered Question
Feb 19th, 2009
User Badges:

I am setting up a lab to test NTP ACLs. I have two 3560 switches and I want to test allows and denials to peer and service NTP. Should I use the 3560? And is it possible to setup a windows XP workstation to be a master time server?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Giuseppe Larosa Fri, 02/20/2009 - 03:10
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vincent,

the two C3650 are fine to test NTP.


to test NTP acl you can use

ntp source


command to change the ip address the one device use when sending out NTP messages


it should be possible to have an NTP service on Win XP


for example see


http://www.pctools.com/guides/registry/detail/1117/


Hope to help

Giuseppe


Richard Burts Fri, 02/20/2009 - 04:19
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Vincent


The link that Giuseppe posts discusses what to do to enable a protocol that it identifies as NTP. And I believe that if you do what it shows that other Windows PCs would learn time from it. But the time service that Windows implements is a simplified protocol and not a full implementation of NTP. I do not believe that your Cisco devices will learn NTP time from your XP PC unless you run some special software on it that does implement the full protocol of NTP. I have heard of offerings from Meinberg, from Tardis, and from Spectracomcorp that would do this.


And of course you can set up your XP PC according to the link above and see if it does work.


HTH


Rick

Joseph W. Doherty Fri, 02/20/2009 - 04:47
User Badges:
  • Super Bronze, 10000 points or more

In days of yore, recall(?) Windows had its own time service which wasn't NTP. Also recall, they had an optional service which would run NTP. That was a while back, i.e. pre-XP. Rick could also be correct, current implmentation with registry change might not support all NTP features. Might be something like SNTP or reduced feature set of NTP. If not, besides 3rd party, you might also want to check if Microsoft offers any additional software for NTP support. (Such software often found within one of their resource kits or on their web site.)

vjlsmalls1 Fri, 02/20/2009 - 06:23
User Badges:

Thanks rburts. You may be correct. I initially set up my workstation according to the pctools article and it did not work. I am going to try again today with a more simplified configuration. Also, the command "NTP master" is not available on the code 12.2.35 that I am running. Any ideas? I am going to upgrade to 12.2.46 to see if that helps. Thanks.

Richard Burts Fri, 02/20/2009 - 07:21
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Vincent


If a Cisco router or switch learns NTP time from an authoritative source then it does not need the ntp master command. The ntp master command is only needed if you want your router to act as an authoritative NTP server when it is not learning NTP time from an authoritative source. If I understood your original post correctly you plan for the Cisco to learn time from your PC. Assuming that you find a way for the PC to run the full function/full feature NTP then you will not need ntp master on your Cisco switches.


HTH


Rick

vjlsmalls1 Fri, 02/20/2009 - 07:37
User Badges:

Thanks Rick. I am exploring both options since I have not been able to get the workstation to act as a time source. Is there a certain code I need for the 3560? I have two 3560 48 port TS and one 3750.

Leo Laohoo Fri, 02/20/2009 - 19:37
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

NTP is standard from the Cisco 2960/2975/3560/3750 and up.

vjlsmalls1 Fri, 02/20/2009 - 20:39
User Badges:

Thanks. However, I updated the 3560s to the latest advanced IP services code and I still do not see the NTP master command. Any ideas?

Giuseppe Larosa Sat, 02/21/2009 - 01:38
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Vincent,


ntp master should be available on routers with a built-in calendar


see for example from a 2620 XM


ntp master ?

<1-15> Stratum number


I tried to give it with stratum 13 (to avoid to be preferred it is in production)

and it was accepted


On the other end on a C3560 with universal the command is not available:


ntp ?

access-group Control NTP access

authenticate Authenticate time sources

authentication-key Authentication key for trusted time sources

broadcastdelay Estimated round-trip delay

clock-period Length of hardware clock tick

logging Enable NTP message logging

max-associations Set maximum number of associations

peer Configure NTP peer

server Configure NTP server

source Configure interface for source address

trusted-key Key numbers for trusted time sources


So if you should find a router to act as source.


Or you can try to use NTP source over the internet that are available


http://support.ntp.org/bin/view/Servers/WebHome


Hope to help

Giuseppe


Actions

This Discussion