Network Time Protocol

Unanswered Question
Feb 19th, 2009

I am setting up a lab to test NTP ACLs. I have two 3560 switches and I want to test allows and denials to peer and service NTP. Should I use the 3560? And is it possible to setup a windows XP workstation to be a master time server?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Richard Burts Fri, 02/20/2009 - 04:19


The link that Giuseppe posts discusses what to do to enable a protocol that it identifies as NTP. And I believe that if you do what it shows that other Windows PCs would learn time from it. But the time service that Windows implements is a simplified protocol and not a full implementation of NTP. I do not believe that your Cisco devices will learn NTP time from your XP PC unless you run some special software on it that does implement the full protocol of NTP. I have heard of offerings from Meinberg, from Tardis, and from Spectracomcorp that would do this.

And of course you can set up your XP PC according to the link above and see if it does work.



Joseph W. Doherty Fri, 02/20/2009 - 04:47

In days of yore, recall(?) Windows had its own time service which wasn't NTP. Also recall, they had an optional service which would run NTP. That was a while back, i.e. pre-XP. Rick could also be correct, current implmentation with registry change might not support all NTP features. Might be something like SNTP or reduced feature set of NTP. If not, besides 3rd party, you might also want to check if Microsoft offers any additional software for NTP support. (Such software often found within one of their resource kits or on their web site.)

vjlsmalls1 Fri, 02/20/2009 - 06:23

Thanks rburts. You may be correct. I initially set up my workstation according to the pctools article and it did not work. I am going to try again today with a more simplified configuration. Also, the command "NTP master" is not available on the code 12.2.35 that I am running. Any ideas? I am going to upgrade to 12.2.46 to see if that helps. Thanks.

Richard Burts Fri, 02/20/2009 - 07:21


If a Cisco router or switch learns NTP time from an authoritative source then it does not need the ntp master command. The ntp master command is only needed if you want your router to act as an authoritative NTP server when it is not learning NTP time from an authoritative source. If I understood your original post correctly you plan for the Cisco to learn time from your PC. Assuming that you find a way for the PC to run the full function/full feature NTP then you will not need ntp master on your Cisco switches.



vjlsmalls1 Fri, 02/20/2009 - 07:37

Thanks Rick. I am exploring both options since I have not been able to get the workstation to act as a time source. Is there a certain code I need for the 3560? I have two 3560 48 port TS and one 3750.

vjlsmalls1 Fri, 02/20/2009 - 20:39

Thanks. However, I updated the 3560s to the latest advanced IP services code and I still do not see the NTP master command. Any ideas?

Giuseppe Larosa Sat, 02/21/2009 - 01:38

Hello Vincent,

ntp master should be available on routers with a built-in calendar

see for example from a 2620 XM

ntp master ?

<1-15> Stratum number

I tried to give it with stratum 13 (to avoid to be preferred it is in production)

and it was accepted

On the other end on a C3560 with universal the command is not available:

ntp ?

access-group Control NTP access

authenticate Authenticate time sources

authentication-key Authentication key for trusted time sources

broadcastdelay Estimated round-trip delay

clock-period Length of hardware clock tick

logging Enable NTP message logging

max-associations Set maximum number of associations

peer Configure NTP peer

server Configure NTP server

source Configure interface for source address

trusted-key Key numbers for trusted time sources

So if you should find a router to act as source.

Or you can try to use NTP source over the internet that are available

Hope to help



This Discussion