we are going to deploy Symmetricom's SyncServer S200 in our network, and I have a few questions:
1. for other routers/switches need to request the time from S200, I just use command "ntp server x.x.x.x", in which x.x.x.x is the IP of the S200, right?
2. It looks that I don't need to configure "NTP master" command on the router, because routers need to get the time from external source, what is the conqusence if I configure "NTP master 2" on the router?
3. For high availablity, do we need to buy 1 more S200 servers and on the routers, configure:"ntp server x.x.x.x prefer" and "ntp server y.y.y.y", in which y.y.y.y is the IP of the second S200, so that x.x.x.x is the primary NTP server, and y.y.y.y is the second NTP server?
4. what if the time is different on x.x.x.x and y.y.y.y? which one we should trust? or we need to buy 1 more S200 to prevent this situation happen?
I have a stupid question: why can't you use public NTP servers?
2. Not sure, but if what you want is simply to get the router to sync its clock with external time source, "ntp server " is enough
3. Short answer: yes. "ntp server prefer" for primary and "ntp server " for secondary NTP servers.
Is NTP really that critical to you to warrant multiple GPS time server investments? Again, my first question, why can't you use public NTP servers? Your SyncServer will have to sync up with another upper stratum NTP server anyway, so might as well use one of many lower-stratum public NTP servers.
4. Well, I'm not familiar with this type of product, but I'd hazard a guess that you'd have to sync up with some public NTP servers. In this case, you'd just have to make sure that they sync up to multiple Stratum 2 (or even Stratum 1) NTP servers.
Not really. What security concern do you have? "Punching hole" thru firewall for NTP is not exactly high risk. If you're really concerned, just configure NTP on a couple of your servers in the DMZ, then allow only those servers to sync up with Internet NTP servers thru the firewall. Easy, cheap, reliable.
Which NTP software to use? Lots of cheap choices out there. You can use Windows' built-in W32Time service (you can configure this to behave like a standard NTP server), Linux has its own NTP Daemon, or you can also use Tardis. Tardis is excellent. The only "drawback" is it only runs under Windows. Although Cisco routers can be configured as NTP server as well, I wouldn't recommend it if you're concerned about security. If someone can actually break in via the "NTP hole" thru the firewall into your NTP server, and if you use Cisco router, the impact will be greater than if you use a dedicated server in the DMZ.
We are pleased to announce availability of Beta software for 16.6.3.
16.6.3 will be the second rebuild on the 16.6 release train targeted
towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are
looking for early feedback from customers befor...
Introduction Featured Speakers Luis Espejel is the Telecommunications
Manager of IENova, an Oil & Gas company. Currently he works with Cisco
IOS® and Cisco IOS XE platforms, and NX to some extent. He has also
worked as a Senior Engineer with the Routing P...
In this session you can learn more about Layer 3 multicast and the best
practices to identify possible threats and take security measures. It
provides an overview of basic multicast, the best security practices for
use of this technology, and recommendati...