How to use Cisco devices for 'time' management

hornbeck · ‎01-18-2007

Our core device is a 4506. We have two WAN routers (2610's) and multiple 3560 switches and our a Windows environment.

My question is this. We presently manage the time via Windows software. We would like to manage the network time thru our cisco devices.

Does anyone know how this is done? Can you direct me to a document? Any help or assistance is greatly appreciated.

TIA,

Gary

johnmar.mulder-wolswijk · ‎01-19-2007

You can use your cisco's as an NTP server, but be adviced a hostile party might be able to misuse the enabled services to access the firewall or the network by sending out an NTP update setting the time backwards so a packet replays becomes possible.

So by default disable NTP if you do not need it.

If you must run NTP, configure NTP only on required interfaces, and configure NTP to listen only to certain peers.

For details on how to configure look at:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a008030c799.html#wp1001170

HTH and rate if it does

Johnmar

steve.busby · ‎01-19-2007

Gary,

The problem with NTP on Windows and synching with Cisco devices is that Windows actually uses SNTP (Simple Network Time Protocol as W32Time) and not NTP. SNTP can only receive the time from NTP servers; it cannot be used to provide time services to other systems. The work around is to replace SNTP on Windows with an NTP Server - SNTP and NTP clients can both sync to an NTP Server.

It would be easier to setup a Linux based NTP server and use it provide time to your network (Cisco and Windows).

HTH

Steve