Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4561
Views
0
Helpful
4
Replies

How to Configure Cisco Routers only as NTP Client and not as NTP Server?

manoochehr.zangooei
Level 1
Level 1

‎09-26-2015 01:44 AM - edited ‎03-08-2019 01:57 AM

i have configured a NTP server.and i want to configure cisco routers to only get time from NTP Server.i do not cisco routers to be as a NTP server so that they give time to other systems.
i have configured routers like this:
ntp server x.x.x.x prefer

 

but the problem is that when i set a router's ip address as ntp for another cisco router , the second router synchronizes it's time from first router that i want to be only a ntp client.
there is another program named ntpquery that can query time from ntp servers.when i configure a router , then the program query the time successfully.it means that the router is configured as ntp server.
how can i set the routers to be only and only a ntp client?

2 people had this problem
Labels:
0 Helpful
4 Replies 4

Rolf Fischer
Level 9
Level 9

‎09-26-2015 03:21 AM

Hi,

IOS offers a lot of options for hardening NTP.

This document gives a very good overview: Secure NTP Template

Especially the commands 'ntp access-group peer <acl>' and 'ntp access-group serve-only <acl>' shoud be useful to achieve the control you're looking for.

Command Reference: http://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/command/bsm-cr-book/bsm-cr-n1.html#wp5471302810

HTH

Rolf

0 Helpful

paul driver
VIP
VIP

‎09-26-2015 01:14 PM

Hello

 

NTP server x.x.x.x    ( you are pointing to a authorative server and you are the client)

NTP peer x.x.x.x( use this between two devices as they are non authoritive with each other) they will agree on a time.

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Rolf Fischer
Level 9
Level 9
In response to paul driver

‎09-27-2015 04:16 AM

Hi Paul,

I agree on your explanations about the ntp peer and ntp server commands, but I don't see how they can be used to restrict time requests without additional configuration (that's how I understand the original question).

Regards

Rolf

0 Helpful

paul driver
VIP
VIP
In response to Rolf Fischer

‎09-27-2015 11:09 AM

Hello Rolf

On their own they dont.

ACLs or client authentication would be applicable approach, as yourself pointed out with the cco doc link

 

What I was pointing out is:

The server option is for a client to a reliable time source( thus it will be a client only)

The peer option is for a client to client with reliable time sources ( thus it can share its reliable time to other clients)

res

paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card