NTP Client Configuration
Overview
NTP modes differ based on how NTP allows communication between systems. NTP communication consists of time requests and control queries. Time requests provide the standard client/server relationship in which a client requests time synchronization from an NTP server. Control queries provide ways for remote systems to get configuration information and reconfigure NTP servers.
Support for Default VRF via In-band Management
OcNOS supports NTP over the default and management VRFs via in-band management interface and OOB management interface, respectively.
By default, NTP runs on the management VRF.
NTP Modes
The following describes the various NTP node types.
Client
An NTP client is configured to let its clock be set and synchronized by an external NTP timeserver. NTP clients can be configured to use multiple servers to set their local time and are able to give preference to the most accurate time sources. They do not, however, provide synchronization services to any other devices.
Server
An NTP server is configured to synchronize NTP clients. Servers can be configured to synchronize any client or only specific clients. NTP servers, however, will accept no synchronization information from their clients and therefore will not let clients update or affect the server's time settings.
Peer
With NTP peers, one NTP-enabled device does not have authority over the other. With the peering model, each device shares its time information with the others, and each device can also provide time synchronization to the others.
Authentication
For additional security, you can configure your NTP servers and clients to use authentication. Routers support MD5 authentication for NTP. To enable a router to do NTP authentication:
1. Enable NTP authentication with the ntp authenticate command.
2. Define an NTP authentication key with the ntp authentication-key vrf management command. A unique number identifies each NTP key. This number is the first argument to the ntp authentication-key vrf management command.
3. Use the ntp trusted-key vrf management command to tell the router which keys are valid for authentication. If a key is trusted, the system will be ready to synchronize to a system that uses this key in its NTP packets. The trusted key should already be configured and authenticated.
NTP Configuration
NTP client, user can configure an association with a remote server. In this mode the client clock can synchronize to the remote server
After configuring the NTP servers, wait a few minutes before you verify that clock synchronization is successful. When clock synchronization has actually happened, there will be an asterisk “*” symbol along with the interface when you give the show ntp peers command.
Topology
NTP Client and Server
NTP Client
#configure terminal | Enter configure mode. |
(config)#feature ntp vrf management | Configure feature on default or management VRF. By default this feature runs on management VRF. |
(config)#ntp enable vrf management | This feature enables ntp. This will be enabled in default. |
(config)#ntp server 10.1.1.1 vrf management | Configure ntp server ip address. |
(config)#exit | Exit from the Configure Mode. |
Validation Commands
#show ntp peers
-----------------------------------------------------------
Peer IP Address Serv/Peer
-----------------------------------------------------------
10.1.1.1 Server (configured)
#show ntp peer-status
Total peers : 1
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode
remote refid st t when poll reach delay offset jitter
==============================================================================
*10.1.1.1 LOCAL(0) 7 u 14 32 37 0.194 -4.870 3.314
Maxpoll and Minpoll Configuration
The maximum poll interval are specified in defaults to 6 (64 seconds), but can be increased by the maxpoll option to an upper limit of 16 (18.2 hours). The minimum poll interval defaults to 4 (16 seconds), and this is also the minimum value of the minpoll option.
The client will retry between minpoll and maxpoll range configured for synchronization with the server.
Client
#configure terminal | Enter configure mode. |
(config)#feature ntp vrf management | Configure feature on default or management VRF. By default this feature runs on management VRF. |
(config)#ntp server 10.1.1.1 maxpoll 7 minpoll 5 vrf management | Configure minpoll and maxpoll range for ntp server. |
(config)#exit | Exit from the Configure Mode. |
Validation Commands
#show ntp peers
-----------------------------------------------------------
Peer IP Address Serv/Peer
-----------------------------------------------------------
10.1.1.1 Server (configured)
#show ntp peer-status
Total peers : 1
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode
remote refid st t when poll reach delay offset jitter
==============================================================================
*10.1.1.1 LOCAL(0) 7 u 14 32 37 0.194 -4.870 3.314
NTP Authentication
When you enable NTP authentication, the device synchronizes to a time source only if the source carries the authentication keys specified with the source by key identifier. The device drops any packets that fail the authentication check, and prevents them from updating the local clock.
Client
#configure terminal | Enter configure mode. |
(config)#feature ntp vrf management | Enable feature on default or management VRF. By default this feature runs on management VRF.. |
(config)#ntp server 10.1.1.1 vrf management | Configure ntp server ip address. |
(config)#ntp authenticate vrf management | Enable NTP Authenticate. NTP authentication is disabled by default. |
(config)#ntp authentication-key 1234 md5 text vrf management | Configure ntp authentication key along with md5 value. |
(config)#ntp trusted-key 1234 vrf management | Configure trusted key <1-65535> |
(config)#exit | Exit from the Configure Mode. |
Validation Commands
#show ntp authentication-status
Authentication enabled
#show ntp authentication-keys
--------------------------
Auth Key MD5 String
--------------------------
1234 SWWX
#show ntp trusted-keys
Trusted Keys:
1234