Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NTP Server question

Greetings,

I am currently trying to sync all our routers/devices and servers to use a single source for time. I've set all routers to pull time from an single router that points to an outside source. One problem, though. We have an IDS 4200 that has to get it's time from an authenticated connection. The document goes on about configuring a router as an NTP server and using it's internal clock as the time source. Does this clock use a BIOS battery like servers to provide a power source? I understand about needing a secure source for time for our IDS, but this doesn't seem to be a good way to handle providing correct time. As already mentioned abouve, I'm hoping to sync all devices with an external atomic clock. Any insights/suggestions?

  • Network Management
2 REPLIES
Hall of Fame Super Silver

Re: NTP Server question

If you want the best of both worlds - secure and accurate - then use a time server appliance. Something like a Symmetricom S200: http://www.symmttm.com/products_nt_SyncServerS200.asp

It gets its time from GPS satellites via an antenna and feeds it to your network via an Ethernet port. Stratum One timing source and it's all in house and secure.

Hall of Fame Super Silver

Re: NTP Server question

There are several interesting aspects to the question that Chris asks. First the objective question: do Cisco routers have a battery and clock/calendar chip so that they maintain time over a boot? Some do and some do not. In general the higher part of the product line does and the lower end of the product line does not. It is pretty easy to determine on a router by router basis: just boot and then show clock.

Beyond that there are some interesting aspects which do not have clear answers. If you are already planning to have a router learn time from an external (reliable) source then what are the implications of having the IDS learn that time? If Security is insistent that the IDS not be compromised by being dependent on an outside resource, then it would be fairly simple to set up one (or two - depending on whether redundancy is important) routers to supply time to the IDS. Making a router function as NTP master is quite easy.

I would also ask the question that if Chris is going to need to set up an internal router to function as NTP master then why not just have the network devices learn time from that one (instead of having two different times masters in the network - one internal and one external)? I would suggest that for most networks it is most important that time accross network devices be consistent but not neccesarily as important that the time be precisely accurate.

I think it is also good practice to configure two devices as master and to have network devices configured with two time sources, so that there is not a potential single point of failure. And if you really take NTP seriously then 3 sources are better than 2.

HTH

Rick

149
Views
0
Helpful
2
Replies
This widget could not be displayed.