Cisco 1000 Series Connected Grid Routers System Management Software Configuration Guide
Bias-Free Language
The documentation set for this product strives to use bias-free language. For the purposes of this documentation set, bias-free is defined as language that does not imply discrimination based on age, disability, gender, racial identity, ethnic identity, sexual orientation, socioeconomic status, and intersectionality. Exceptions may be present in the documentation due to language that is hardcoded in the user interfaces of the product software, language used based on RFP documentation, or language that is used by a referenced third-party product. Learn more about how Cisco is using Inclusive Language.
- Updated:
- March 26, 2014
Chapter: Configuring NTP
Configuring NTP
This chapter describes how to configure the Network Time Protocol (NTP) on the Cisco 1000 Series Connected Grid Routers (hereafter referred to as the Cisco CG-OS router).
Information About NTP
This section includes the following topics:
NTP Overview
The Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers and clients so that you can correlate events when you receive system logs and other time-specific events from multiple network devices. With the User Datagram Protocol (UDP) as its transport protocol, NTP uses standard Universal Time Coordinated (UTC).
An NTP server usually receives its time from a source such as a radio clock or an atomic clock attached to a time server and then distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of each other.
NTP uses a stratum to describe the distance between a network device and an authoritative time source:
- A stratum 1 time server is directly attached to an authoritative time source (such as an atomic clock).
- A stratum 2 NTP server receives its time through NTP from a stratum 1 NTP server.
Before synchronizing, NTP compares the time reported by several network devices and does not synchronize with one that is significantly different, even if it is a stratum 1.
Because the Cisco CG-OS software cannot connect to a radio or atomic clock and act as a stratum 1 server, Cisco recommends that you use the public NTP servers available on the Internet.
When the network is isolated from the Internet, the Cisco CG-OS software allows you to configure the time as though it were synchronized through NTP, even though it was not.
When the Cisco CG-OS router loses connectivity with the NTP server, the Cisco CG-OS router uses the latest synchronized time it received from the NTP server.
To use the local clock for the Cisco CG-OS router, you will need to delete the NTP client configuration using the no form of the commands (see Configuring an NTP Client).
Prerequisites for NTP
Router must have connectivity to at least one server that is running NTP.
NTP must be configured in the default VDC of the Cisco CG-OS router. No other VDCs are supported on the Cisco CG-OS router.
Guidelines and Limitations
The Cisco CG-OS router supports an NTP client and receives its clock source from an NTP server.
When you have only one NTP server, configure all the devices as clients to that NTP server.
Default Settings
Table 1-1 lists the default settings for NTP parameters.
Configuring NTP
This section includes the following topics:
- Enabling or Disabling the NTP Protocol
- Configuring an NTP Client
- Configuring NTP Authentication
- Configuring NTP Access Restrictions
- Configuring NTP Logging
- Discarding NTP Configuration Changes
Enabling or Disabling the NTP Protocol
You can enable or disable NTP on the Cisco CG-OS router. NTP is enabled by default.
BEFORE YOU BEGIN
Make sure that you are in the default VDC. The Cisco CG-OS router does not support any VDCs beyond the default.
DETAILED STEPS
Configuring an NTP Client
This section addresses how to configure the Cisco CG-OS router to serve as an NTP client.
BEFORE YOU BEGIN
Identify the IP address or DNS name for each NTP server that you want to define as a possible clocking reference for the Cisco CG-OS router.
When defining multiple NTP servers, determine which server will serve as the primary (preferred) NTP server.
Ensure that you are in the default VDC. The Cisco CG-OS router does not support any VDCs beyond the default.
DETAILED STEPS
[no] ntp server { ip-address | dns-name } [key key-id] [maxpoll max-poll] [minpoll min-poll] [prefer] |
Defines the NTP server that provides the clocking source for the Cisco CG-OS router. You can specify multiple server associations. key– Configures a key to use while communicating with the NTP server. The range for the key-id argument is from 1 to 65535. Note : Only configure the key when you want the NTP server to provide authentication for the Cisco CG-OS router. maxpoll, minpoll –Configures the maximum and minimum intervals in which to poll a server. The range for the max-poll and min-poll arguments is from 4 to 17 seconds, and the default values are 6 and 4, respectively. prefer –Assigns the NTP server as the preferred NTP server for the Cisco CG-OS router. Note : When you configure a key for use in communicating with the NTP server, be sure that the key exists as a trusted key on the Cisco CG-OS router. For more information on trusted keys, see Configuring NTP Authentication. |
|
[no] ntp source-interface [ethernet | cellular | wimax] slot/port |
||
Configures the source IP address for the source-interface that will receive all NTP packets. |
||
show ntp statistics { io | local | memory | peer { ipaddr ipv4-addr | name peer-name }} |
||
(Optional) Saves the change by copying the running configuration to the startup configuration. |
EXAMPLE
This example shows how to configure an IPv4 client and assign the NTP server as the preferred clocking reference; and, define the cellular interface as the path to the NTP server.
Configuring NTP Authentication
You can configure the Cisco CG-OS router to authenticate the time sources to which the local clock synchronizes. When you enable NTP authentication, the Cisco CG-OS router synchronizes to a time source only if the source carries one of the authentication keys specified by the ntp trusted-key command. The Cisco CG-OS router drops any packets that fail the authentication check and prevents them from updating the local clock.
By default, NTP authentication is disabled on the Cisco CG-OS router.
BEFORE YOU BEGIN
Configure the NTP server(s) with the authentication keys configured on the Cisco CG-OS router in this procedure.
Ensure that you are in the default VDC. The Cisco CG-OS router does not support any VDCs beyond the default.
DETAILED STEPS
Enables the NTP authentication feature. By default, NTP authentication is disabled on the Cisco CG-OS router. |
||
Defines the authentication key. This key must match the value on the NTP server along with the
ntp trusted-key
number
value of the
The Cisco CG-OS router does not synchronize to the NTP server clocking source unless the The range for authentication keys is from 1 to 65535. For the MD5 string, you can enter up to eight alphanumeric characters. |
||
Specifies one or more keys (defined in Step 3) that a time source (NTP server) must provide in its NTP packets in order for the Cisco CG-OS router to synchronize to it. The range for trusted keys is from 1 to 65535. This command provides protection against accidentally synchronizing the Cisco CG-OS router to a time source (NTP server) that is not trusted. |
||
(Optional) Saves the change by copying the running configuration to the startup configuration. |
EXAMPLE
This example shows how to configure the Cisco CG-OS router to synchronize only to NTP servers that provide authentication key 42 and authentication key 35 in their NTP packets.
Configuring NTP Access Restrictions
You can control access to NTP services by using access groups. Specifically, you can specify the types of requests that the Cisco CG-OS router allows and the servers from which it accepts responses.
When you do not configure any access groups, NTP access is granted to all devices. When you configure any access groups, NTP access is granted only to the remote device whose source IP address passes the access list criteria.
BEFORE YOU BEGIN
Make sure that you are in the default VDC. The Cisco CG-OS router does not support any VDCs beyond the default.
DETAILED STEPS
EXAMPLE
This example shows how to configure the Cisco CG-OS router to allow it to synchronize to a NTP server from access group, accesslist1.
Configuring NTP Logging
You can configure the Cisco CG-OS router to generate significant NTP events to the system log on the Cisco CG-OS router. NTP logging is disabled by default.
BEFORE YOU BEGIN
Make sure that you are in the default VDC. The Cisco CG-OS router does not support any VDCs beyond the default.
DETAILED STEPS
EXAMPLE
This example shows how to enable NTP logging in order to log significant NTP events to the system log on the Cisco CG-OS router.
Discarding NTP Configuration Changes
After making the configuration changes, you can choose to discard the changes instead of committing them. When you discard the changes, the Cisco CG-OS software removes the pending (starting configuration) database changes.
Verifying Configuration
To display the NTP configuration, enter any or all of the following commands.
show ntp statistics { io | local | memory | peer { ipaddr ipv4-addr | name peer-name }} |
|
Displays date and timestamp of last running configuration update. |
Enter the clear ntp session command to clear the NTP sessions.
Enter the clear ntp statistics command to clear the NTP statistics.
Feedback