ccie.nyquist.eu
Search…
Table of Contents
Layer 2 Technologies
Ethernet Switching
Layer 2 WAN Protocols
IPv4
IPv4 Addressing
IPv4 Routing
IPv6
IPv6-101
IPv6 Routing
Interconnecting IPv6 and IPv4
MPLS
MPLS 101
MPLS L3 VPN
Multicast
Multicast 101
PIM 101
IGMP 101
Inter Domain Multicast
IPv6 Multicast
Multicast features on switches
Security
NAT 101
NAT for Overlapping Networks
ACLs 101
ACLs 102
Cisco IOS Firewall
Zone Based Firewall
AAA 101
Controlling CLI Access
Control Plane
Switch Security
IPSec VPN 101
DMVPN 101
Network Services
NTP 101
HTTP 101
File Transfer 101 – TFTP & FTP
WCCP 101
QoS
QoS 101
Classification and Marking
Congestion Management
Congestion Avoidance – WRED
Policing and Shaping
Compression and LFI
Frame Relay QoS
RSVP 101
Switching QoS
Network Optimization
NetFlow 101 – TNF – Traditional NetFlow
NetFlow 102 – FNF – Flexible NetFlow
IP SLA 101
IP Accounting 101
Logging 101
SNMP and RMON 101
Cisco CLI Tips and Tricks
AutoInstall
Enhanced Object Tracking
Network Architecture
Hierarchical Network Architecture
Powered By GitBook
NTP 101

Software Clock

Each router has a software clock that is set at initialization according to the hardware clock. The software clock can be updated manually, or automatically using NTP, SNTP or VINES Time Service.
!Manual setup:
R(config)# clock set HH:MM:SS DATE MONTH YEAR
The software clock provides the time for time-based ACLs, logging ande debugging messages, and other router features. The software clock is kept in UTC (GMT) and a timezone can be configured for a more accurate display, as well as the daylight saving time.
R(config)# clock timezone ZONE HOURS-OFFSET [MIN-OFFSET]
! Recurring summer time:
R(config)# clock summer-time ZONE recurring [WEEK DAY MONTH HH:MM WEEK DAY MONTH HH:MM] [OFFSET]
! Absolute summer time:
R(config)# clock summer-time ZONE date DAY MONTH YEAR HH:MM DAY MONTH YEAR HH:MM [offset]
To check the clock, use:
R# show clock [detail]

NTP

NTP is a protocol that runs on UPD and offers time accuracy of a milisecond. Stratum represent the number of hops away a machine is from an authoritative time source. A Stratum 1 clock is a radio clock an atomic clock or a GPS clock, while a Stratum 2 clock receives clock information from a Stratum 1 clock, and so on. To set an NTP server as an authoritative source, use:
R(config)# ntp master [STRATUM]
NTP can work in 2 modes:

Poll-Based NTP Association

In this mode, we have 2 methods of association: Client mode and Symmetric Active Mode. In client mode, the client polls the server for time information, while in symmetric active mode, a device can poll for time information, but can also respond to NTP polls.
! Client mode:
R(config)# ntp server IP-ADDR [version VER | key KEY | source INTERFACE | prefer]
! Symmetric Active Mode
R(config)# ntp peer IP-ADDR [normal-sync] [version VER | key KEY | source INTERFACE | prefer]

Broadcast-Based NTP Association

In this mode, the hosts listen to NTP broadcasts from the server. This is a less accurate method and it is recommended in environments with more than 20 clients.
!On the server
R(config-if)# ntp broadcast [version VER]
! On the client
R(config-if)# ntp broadcast client

NTP Access Group

R(config)# ntp access-group {peer|serve|serve-only|query-only} ACL [kod]
! kod = Sends a "Kiss of Death" packet to the source of an unmatched packet
When a host receives KoD packets, they indicate that the NTP server dropped their packets. They should take appropriate measures, like running sanity checks or rate limiting their NTP outgoing packets.
If the source IP address matches the ACL for more than one type, the first type is granted. They are scanned in the following order:
  1. 1.
    peer – Allows time requests and NTP control queries and allows the system to synchronize itself to a system whose address passes the access list criteria
  2. 2.
    serve – Allows time requests and NTP control queries, but does not allow the system to synchronize itself to a system whose address passes the access list criteria
  3. 3.
    serve-only – Allows only time requests from a system whose address passes the access list criteria
  4. 4.
    query-only – Allows only NTP control queries from a system whose address passes the access list criteria

Authentication

NTP provides MD5 authentication, but it is used to authenticate the NTP Server on the NTP Clients. To enable authentication, follow these steps:
! 1. Enable authentication:
R(config)# ntp authenticate
! 2. Configure the MD5 key:
R(config)# ntp authentication-key KEY-NUMBER md5 KEY
! 3. Configure the key as trusted. Only NTP packets from servers that use the trusted keys will be accepted
R(config)# ntp trusted-key KEY-NUMBER
! 4. On clients only, define the key for each server.
R(config)# ntp server IP-ADDRESS key KEY-NUMBER

Hardware Clock

R(config)# calendar set HH:MM:SS DAY MONTH YEAR
! sets the hardware clock
R(config)# clock read-calendar
! sets the software clock according to the hardware clock
R(config)# clock update-calendar
! sets the hardware clock according to the software clock
R(config)# ntp update-calendar
! Syncs the hardware clock with NTP
R# show calendar
By default, the time maintained on the software clock is not considered to be reliable and will not be synchronized with NTP or VINES time service. To set the hardware clock as a valid time source, use this command:
R(config)# clock calendar-valid
Security - Previous
DMVPN 101
Next - Network Services
HTTP 101
Last modified 10mo ago
Copy link
On this page
Software Clock
NTP
Poll-Based NTP Association
Broadcast-Based NTP Association
NTP Access Group
Authentication
Hardware Clock