Configure and Verify Network Time Protocol (NTP)

Exam: Cisco 200-301 - Cisco Certified Network Associate (CCNA)

  • NTP master, client, version 3, version 4
  • NTP authentication

Network Time Protocol (NTP) is a networking protocol designed to time-synchronize device with in a network. NTP time server works within the TCP/IP suite and uses User Datagram Protocol (UDP) port 123 as its transport protocol. An NTP network usually receives its time from an authoritative time resource, such as an atomic clock or a radio clock attached to a time server and distributes this time across the network.

NTP servers are normally dedicated NTP devices that use a single time reference to which they can synchronize a network. This time reference is a Coordinated Universal Time (UTC) source, a global time scale distributed by atomic clocks over the internet. The dedicated NTP servers are required for Security, Accuracy, Protection, Legality, and Control.

NTP Master

NTP master is the Authoritative NTP server that is configured as a Network Time Protocol (NTP) master clock to which peers synchronize themselves, when an external NTP server is not available.

NTP uses the concept of a stratum to describe how many NTP hops away a machine is from an authoritative time source. This stratum is a number between 1 and 15 that indicates how far isa server is from a reference clock. To configure router as a NTP master use following commands:

Enable the privilege mode

Router > enable

Enter the global configuration mode

Router# config t

Configure router as NTP master also called authoritative NTP server. Number 6 shows stratum level.

Router(config)# ntp master 6

Disables the master clock function

Router(config)# no ntp

Returns to privileged EXEC mode

Router(config)# end

If the system has ntp master configured, and it cannot reach any clock with a lower stratum number, the system will claim to be synchronised at the configured stratum number, and other systems will be willing to synchronize to it via NTP. The software clock must have been set from source, including manually, before the ntp master command will have any effect. This protects against distributing erroneous time after the system is restarted.

NTP Client

A network device operating in client mode polls its assigned time serving hosts for the current time and then picks a host from all the polled time servers to synchronize. A client sends a request to the server and expects a reply at some future time. This is also described as poll operation in which the client polls the time and authentication data from server. To configure a switch in client mode use following commands:

Enable the privilege mode

Router > enable

Enter the global configuration mode

Router# config t

Configure a router as NTP server with an IP addressexample: 192.168.5.8 as the preferred clocking reference

Router(config)# ntp server 192.168.5.8 prefer

Configure a key having example value 35 and IP address 192.168.5.6 while communicating with NTP server. Thevalue of key should be any number existing in the range of 1 - 65535

Router(config)# ntp server 192.168.5.6 key 35

Configure the Router’s interface as source interface using ntp source-interface command. Source interface is the path used to reach the NTP server. Value eth 2/4 is used as source interface.

Router(config)# ntp source-interface eth 2/4

Returns to privileged EXEC mode

Router(config)# end

NTP version 3

The Network Time Protocol (NTP) version 3 specified in RFC 1305 is widely used to synchronize computer clocks in global internet. NTPv3 provides comprehensive mechanismto organise the time-synchronization subnet and adjust the local clock in each participating subnet peer.

NTP version 3 is the latest released version which runs very stable on many operating systems and is a default version of NTP. In NTP version 3 the local clock algorithm has been overhauled to improve stability and accuracy. Here is an example shows how NTP version 3is configured on a router.

Enable the privilege mode

Router > enable

Enter the global configuration mode

Router# config t

Configure a router to synchronize its system clock with the clock of the peer at an IP address 10.1.1.6 using NTP version 3

Router(config)# ntp server 10.1.1.6 version 3

Returns to privileged EXEC mode

Router(config)# end

NTP version 4

NTP version 4 is defined in RFC 5905 has some improvements over NTP version 3 and has better support for some operating systems.NTPv4 is the extension of NTPv3 where it supports both IPv4 and IPv6 by enabling NTP time synchronization possible over IPv6. NTP version 4 uses enhanced security i.e. Symmetric Key Authentication which provides a strong cryptographic authentication mechanism which efficiently prevents the local router from being wrongly updated with incorrect time by any intruder.

NTPv4 feature synchronize the local system clock in the device with the Coordinated Universal Time (UTC) source. The synchronization is achieved by maintaining a loop-free timing topology computed as a shortest path spanning tree routed on the primary server. A time server located anywhere in the world can provide synchronization to a client located anywhere else in the world. It allows client to use different time zone and daylight saving properties. Configuration of router with NTP version 4 is:

Enable the privilege mode

Router > enable

Enter the global configuration mode

Router# config t

Configure a Router with NTPversion 4 having an IP address 10.1.5.10. The number 123 represents the key number.

Router(config)# ntp server 10.1.5.10 prefer version 4 key 123

Returns to privileged EXEC mode

Router(config)# end

NTP Authentication

Network Time Protocol (NTP) authentication is used to prevent tampering with the timestamps on the logs generated by devices. A hacker would make their rouge host appear to be a valid NTP server to implement an attack on NTP. Therefore the NTP authentication is used to authenticate the time source.

User can configure the router to authenticate the time source to which the local clock synchronizes. Whenever NTP authentication is enabled, the network device synchronizes to a time source only if the source carries one of the authentication keys specified by ntp trusted-key command. Here is an example, how NTP authentication is configuring on Cisco Router.

Enable the privilege mode

Router > enable

Enter the global configuration mode

Router# config t

Enable ntp authentication

Router(config)# ntp authenticate

Configures the authentication keyon router using command ntp authentication-key.Number 55 represents the authentication key number and my key is the name of md5 string.

Router(config)# ntp authentication-key 55 md5 mykey

Configures the Router with ntp trusted-key command. Number 55 is the trusted key number. Trusted-key and authentication key must match and also both match to the value configured on NTP server.

Router(config)# ntp trusted-key 55

Returns to privileged EXEC mode

Router(config)# end

Verification of Network Time Protocol

While configuring Network Time Protocol user can face different kind of issues like NTP packets are not received, packets are received, but are not processed by NTP process or packet data cause loss of synchronisation. For that there are number of verification commands that a user can use to verify the configuration.

Display the NTP access group configuration

Show ntp access-groups

Display the configured NTP source IP address

Show ntp source

Display the configured NTP source interface

Show ntp source-interface

Display all the NTP servers

Show ntp peers

Display status of NTP server

Show ntp peer-status

Display internal NTP information

Show ntp internal

Display the configured NTP authentication keys

Show ntp authentication-keys

Display the status of NTP authentication

Show ntp authencation-status

Display the configured NTP trusted keys

Show ntp trusted-keys

Display date and timestamp of last running configuration update

Show running-config ntp

Exam Question

You have two NTP servers 10.10.10.4 & 10.10.10.5 and you want to configure a router to use 10.10.10.5 as its NTP server before falling back to 10.10.10.4. Which command will you use?

  1. ntp server 10.10.10.4 ntp server 10.10.10.5
  2. ntp server 10.10.10.4 ntp server 10.10.10.5 prefer
  3. ntp server 10.10.10.4 ntp server 10.10.10.5 primary
  4. ntp server 10.10.10.4 fallback ntp server 10.10.10.5

Answer: B

Explanation: A router can be configured to prefer an NTP source over another. A preferred server’s responses are discarded only if they vary dramatically from the other time source. Preferred server are usually specified when they are known to be extremely accurate.

Related IT Guides

  1. 200-301 practice test
  2. Configure and verify ACLs in a network environment
  3. Configure and verify an ACLs to limit telnet and SSH access to the router
  4. Configure and verify Cisco NetFlow
  5. Configure and verify DHCP (IOS Router)
  6. Configure and verify EtherChannels
  7. Configure and verify initial switch configuration including remote access management
  8. Configure and verify interVLAN routing (Router on a stick)
  9. Configure and Verify IP SLA
  10. Configure and verify IPv4 Network Address Translation (NAT)
  11. Configure And Verify Manual and Autosummarization With Any Routing Protocol
  12. Configure and verify PPP
  13. Configure and verify static routing
  14. Configure and verify VLANs
  15. Configure And Verify VRF Lite
  16. Describe IP operations
  17. Describe the types, features, and applications of ACLs
  18. Identify and correct common network problems
  19. Recognize proposed changes to the network
  20. Select the appropriate media, cables, ports, and connectors to connect switches to other network devices and hosts
  21. Select the Components Required to Meet a Network Specification
  22. Troubleshoot Layer 2 protocols
  23. Troubleshoot passive interfaces
  24. Verify network status and switch operation using basic utilities
100% Money Back

How to Claim the Refund / Exchange?

In case of failure your money is fully secure by BrainDumps Guarantee Policy. Before claiming the guarantee all downloaded products must be deleted and all copies of BrainDumps Products must be destroyed.


Under What Conditions I can Claim the Guarantee?

Full Refund is valid for any BrainDumps Testing Engine Purchase where user fails the corresponding exam within 30 days from the date of purchase of Exam. Product Exchange is valid for customers who claim guarantee within 90 days from date of purchase. Customer can contact BrainDumps to claim this guarantee and get full refund at support@braindumps.com. Exam failures that occur before the purchasing date are not qualified for claiming guarantee. The refund request should be submitted within 7 days after exam failure.


The money-back-guarantee is not applicable on following cases:

  1. Failure within 7 days after the purchase date. BrainDumps highly recommends the candidates a study time of 7 days to prepare for the exam with BrainDumps study material, any failures cases within 7 days of purchase are rejected because in-sufficient study of BrainDumps materials.
  2. Wrong purchase. BrainDumps will not entertain any claims once the incorrect product is Downloaded and Installed.
  3. Free exam. (No matter failed or wrong choice)
  4. Expired order(s). (Out of 90 days from the purchase date)
  5. Retired exam. (For customers who use our current product to attend the exam which is already retired.)
  6. Audio Exams, Hard Copies and Labs Preparations are not covered by Guarantee and no claim can be made against them.
  7. Products that are given for free.
  8. Different names. (Candidate's name is different from payer's name.)
  9. The refund option is not valid for Bundles and guarantee can thus not be claimed on Bundle purchases.
  10. Guarantee Policy is not applicable to CISSP, EMC, HP, Microsoft, PMI, SAP and SSCP exams as www.braindumps.com provides only the practice questions for these.
  11. Outdated Exam Products.
Close
Get 10% Discount on Your Purchase When You Sign Up for E-mail

This is a ONE TIME OFFER. You will never see this Again

Instant Discount

Braindumps Testing Engine

10% OFF

Enter Your Email Address to Receive Your 10% OFF Discount Code Plus... Our Exclusive Weekly Deals

A confirmation link will be sent to this email address to verify your login.

* We value your privacy. We will not rent or sell your email address.
Close
Your 10% Discount on Your Purchase

Save 10%. Today on all IT exams. Instant Download

Braindumps Testing Engine

Use the following Discount Code during the checkout and get 10% discount on all your purchases:

SignUp10OFF

Start Shopping