06-20-2010 10:39 PM - edited 03-04-2019 08:50 AM
Hi
I want to configure NTP Server on a router and it would be the only source for all other devices on the network ( server /routers / linux_boxes ).
The Router would be directly connected to internet via public IP on one interface.
How do I secure the router for NTP Server role only.
Router# conf t
Router# ntp server 192.168.1.15 #(Public IP
Router# ntp server 172.32.10.55 # Public IP
Router# clock timezone PST -8
any other NTP Public Server recommended?
06-20-2010 10:50 PM
"192.168.1.15" & "172.32.10.55" are not PUBLIC IP addresses.
any other NTP Public Server recommended?
Here's a list of NTP/SNTP public servers:
http://support.microsoft.com/kb/262680
Hope this helps. Please don't forget to rate useful posts. Thanks.
06-21-2010 07:08 AM
Just a comment:
"192.168.1.15" & "172.32.10.55" are not PUBLIC IP addresses.
172.32.x.x is a public IP.
The private range from class B is only 172.16.0.0 - 172.31.255.255
Federico.
06-20-2010 10:56 PM
Hi,
Configure the router as a NTP server with stratum 1 and authentication on client and server. Stratum 1 will be the preferred server over servers with stratum higher than 1, also you may authenticate clients with server..
Client
R2(config)#ntp authenticate
R2(config)#ntp authentication-key 1 md5 CISCO
R2(config)#ntp trusted-key 1
R2(config)#ntp server 12.0.0.1 key 1
Server
R1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ntp master 1
R1(config)#ntp authentication-key 1 md5 CISCO
Hope this helps
Hitesh Vinzoda
Pls rate useful posts
06-20-2010 11:26 PM
Hi
I want to configure NTP Server on a router and it would be the only source for all other devices on the network ( server /routers / linux_boxes ).
The Router would be directly connected to internet via public IP on one interface.
How do I secure the router for NTP Server role only.
Router# conf t
Router# ntp server 192.168.1.15 #(Public IP
Router# ntp server 172.32.10.55 # Public IP
Router# clock timezone PST -8any other NTP Public Server recommended?
Hi,
Use authentication or access list on ntp server cofiguration so that only authenticated client which are having key can be sync with the ntp server,check out the below link for ntp server configuration on switches/router along with authentication/access list.
https://www.cisco.com/en/US/docs/ios/12_1/configfun/configuration/guide/fcd303.html#wp1001170
Hope to Help !!
Ganesh.H
Remember to rate the helpful post
06-21-2010 02:01 AM
Hi
I tested attached config, but doesnt work.
Server -
NTP(config)# conf t
NTP(config)# clock timezone PST -8
NTP(config)# ntp server clock.via.net
NTP(config)# ntp server nist1.symmetricom.com
NTP(config)#ntp master 1
NTP(config)#ntp authentication-key 1 md5 brief1
Client -
Rx(config)#ntp authenticate
Rx(config)#ntp authentication-key 1 md5 brief1
Rx(config)#ntp trusted-key 1
Rx(config)#ntp server 192.168.1.90 key 1
=============================================
06-21-2010 04:02 AM
Hi
I tested attached config, but doesnt work.
Server -NTP(config)# conf t
NTP(config)# clock timezone PST -8
NTP(config)# ntp server clock.via.net
NTP(config)# ntp server nist1.symmetricom.com
NTP(config)#ntp master 1
NTP(config)#ntp authentication-key 1 md5 brief1
Client -
Rx(config)#ntp authenticate
Rx(config)#ntp authentication-key 1 md5 brief1
Rx(config)#ntp trusted-key 1
Rx(config)#ntp server 192.168.1.90 key 1=============================================
Hi Saquib,
Are you able to reach the ntp server clock.via.net from your switch and you need to configure ntp master 3 or 2 on your switch,As trusted is configure as startum 1 in ntp time server which is configured to sync with your switches.
Hope to Help !!
Ganesh.H
06-21-2010 05:42 AM
Hi Ganesh,
I have NTP Server sync issue with NTP global server and NTP client cannot sync with NTP Server
but, NTP server can reach internet.
NTP client can ping NTP Server.
M i missing some config
06-21-2010 11:23 AM
Hi
Please check this link, works like a charm for me. it doesn't cover completely your objective but is pretty close,
http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html
pls look for Cisco cookbook and check Recipe 14.7 Setting the Router as the NTP Master for the Network
14.7.1 Problem You want to use the router as an NTP server to act as the primary time source for the network.
And of course this one http://support.ntp.org/bin/view/Support/ConfiguringNTP
Note access control lists between the router and its NTP peer may prevent ping traffic from passing, but allow NTP (or vice versa):
What did the debug(s) telling you? the Linxuses and Cisco's Windows? obviously did you enable ntp on the appropiate interfaces?
debug ntp packets
( and turn on "term mon" to see what happens on you cisco when finished turn it off --> term no mon & no debug all)
show ntp associations
pin ntp server ip address
debug ntp packet
Goodluck!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide