NTP protocol and configuration examples

Others 2020-03-29 14:51:35 views: null

NTP network time protocol Network Time Protocol
is a protocol used to synchronize time of a computer, allows the computer to do its server synchronization or clock source, it can provide a high registration accuracy time correction (on its LAN Standard is less than 1 millisecond, the WAN tens of milliseconds)
sometimes, we need to do on a Cisco device or a number of policy-based access control time, so that these policies take effect or control within a specific period of time, so the equipment must exist accurate time .
However, if the manual to the device with a good time, after system reboot for some reason, the time will be refreshed time to the factory, thus affecting the policy or service we do.
Then we need time on the device by means of a remote time server to synchronize your local time for the device during normal operation, the local time of a remote time server and time consistent.
Local time and equipment even if the remote server can synchronize time, there will millisecond error, and if they remote time server, and then re-synchronize themselves to others, it means someone else's time error may be greater.
Here, there will be a level of accuracy of time, NTP Cisco equipment to such a level of precision called stratum, if the stratum value is greater, it means the worse the precision, accuracy stratum smaller the value, the better.
Cisco equipment is available as an NTP client, namely himself and remote time server, but also as an NTP server, namely other equipment to provide their time, so that other equipment and their own time synchronization if the Cisco equipment as NTP server, the default stratum is 8, it means that the remote device and synchronize itself, is stratum 9.
Configuration Time
(1) is a device configuration zone:
when R1 (config) #clock timezone GMT +8 8 Eastern time zone is configured to zone
(2) for the device configuration time:
R1 # clock set 20:00:00 1 oct 2008
configuration time, 2008 at 20:00 on October 1 whole
(3) R1 # show clock
Configure Server NTP
(1) Configure NTP server:
Note: The configuration master and stratum (the default is . 8)
Rl (config) #ntp Stratum 5 5 Master
configure the source address of the NTP packets (2):
Note: the source address when the address data is sent, it does not affect the NTP time synchronization
R1 (config) #ntp source Loopback0
configuration client the STP
(. 1) NTP server address designated
R2 (config) # NTP server 10.1.1.1
(2) arranged TimeZone Clock
R2 (config) # Clock TimeZone GMT +8
(. 3) R2 # Show Clock
NTP authentication
server and the client inter can use MD5 to provide secure authentication, only the two sides in the same password, the time to synchronize.
NTP server authentication configuration
(1) open authentication
Rl (config) # NTP the authenticate
(2) configure a password
Rl (config) # authentication-NTP Cisco Key MD5. 5
(. 3) use a password
R1 (config) #ntp trusted-key 5
NOTE: In the case where only one key, can not qualified
configure client authentication
(1) open authentication
R2 (config) # NTP the authenticate
(2) configure a password
R2 (config) # ntp authentication- 20 is MD5 Cisco Key
(. 3) using a password
R2 (config) #ntp Trusted Key-20 is
(. 4) to open password to the server, so that data transmitted to the server carries the password
R2 (config) #ntp server 10.1.1.1 key 20
case configuration topology
Here Insert Picture Description
case configuration requirements
1, the Internet is IP / 24, Loopback IP 0 to XXXX, where X oriented device ID, Y for the remote device ID;
2, among R1, R2, R3 used as the IGP OSPF routing;
3, provided R1 is an NTP server, time accuracy grade is 2, NTP update source to the Loopback 0;
. 4, provided R3 is an NTP server, time accurate rating of 8, NTP update source to the Loopback 0;
. 5, provided R2 the NTP server R1, and R2 is set to R3 Use the peer NTP NTP server as a backup;
6, by arranging such that R2 be synchronized NTP server for authentication required to R1, Cisco password;

Case Configuration Roadmap
1. Configure IP routers on 3:
2, running OSPF on the 3 routers;
Here Insert Picture Description
3, configure NTP server on R1:

ntp source Loopback0					/设置NTP更新源为loopback 0/
ntp master 2							/设置本设备为NTP服务器,准确等级为2/

4, arranged on the NTP server R3:

ntp source Loopback0					/设置NTP更新源为loopback 0/
ntp master							    /设置本设备为NTP服务器,默认准确等级为8/

5, arranged on the NTP R2:

ntp server 1.1.1.1 						/指定NTP server为1.1.1.1/
ntp peer 3.3.3.3							/指定NTP peer 为3.3.3.3/

6, disposed on R2 (client) authentication the NTP:

ntp authentication-key 1 md5 cisco		/创建NTP密钥1/
ntp trusted-key 1						/设置NTP客户端信任的密钥/
ntp server 1.1.1.1 key 1					/设置NTP客户端发送的密钥/
ntp authenticate						/开启NTP认证/

7, disposed on R1 (server) the NTP authentication:

ntp authentication-key 1 md5 cisco
ntp authenticate

Case test results
1, the configuration is complete, view the status of NTP on R2:

R2#show ntp status 
Clock is synchronized, stratum 3, reference is 1.1.1.1
nominal freq is 250.0000 Hz, actual freq is 249.9999 Hz, precision is 2**18
reference time is D34A4DDB.25D40F1E (11:56:11.147 UTC Tue May 1 2012)
clock offset is -9.7613 msec, root delay is 11.66 msec
root dispersion is 18.63 msec, peer dispersion is 8.83 msec
R2#

2, the configuration is complete, view the NTP contact form on R2:

R2#show ntp associations 

      address         ref clock     st  when  poll reach  delay  offset    disp
 ~3.3.3.3          127.127.7.1       8    23    64    2    20.3  402546  15875.
*~1.1.1.1          127.127.7.1       2    22    64  377    11.7   -9.76     6.0
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
R2#

3, when R1 fails, see the NTP status and NTP contact form on R2:

R2#show ntp status 
Clock is synchronized, stratum 9, reference is 3.3.3.3
nominal freq is 250.0000 Hz, actual freq is 250.0001 Hz, precision is 2**18
reference time is D34AEE7C.D8DF775C (23:21:32.847 UTC Tue May 1 2012)
clock offset is 2.0047 msec, root delay is 24.11 msec
root dispersion is 7880.60 msec, peer dispersion is 7878.57 msec
R2#show ntp ass
      address         ref clock     st  when  poll reach  delay  offset    disp
*~3.3.3.3          127.127.7.1       8     0    64    7    24.1    2.00  3887.5
 ~1.1.1.1          0.0.0.0          16     -    64    0     0.0    0.00  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

Summary and other
1, NTP provides time synchronization service for the device function;
2, when the device is set to become a server, you can choose the exact level of time (default is 8), the more accurate the smaller the level representatives;
3, when NTP client configuration, you can set the client's NTP peer or server for an IP, so that clients will be able to learn from the server the NTP;
4, when setting the NTP peer, if at the end of also doing the same set, the two devices are synchronized with each other, who the more precise temporal level, who is synchronized;
5, the NTP client for time synchronization when the server may require authentication (only supports MD5), certification initiated by the client, the client wants to set up a trusted key and sent key;
6, case sensitive to local authentication user name and password, to be used in the local-case parameters;

half ~summer
Published 231 original articles · won praise 222 · views 20000 +
Private letter concerns

Guess you like

Origin blog.csdn.net/qinshangwy/article/details/104756182
Recommended
微软回应中国区AI团队“打包赴美”传闻
Ranking
How to use ChatGPT to write 100,000+ hot articles for public accounts (includes prompt words)
sudo echo command execution Permission denied
ADO: Using Transactions to Operate Oracle Database
[Java] [Class and Object] equals, hashCode, clone methods
Linux virtual host function
Порт управления rabbitmq открыт
on,where
jQuery WeUI
How can there be a weed pilot in Hangzhou?
tcp / ip model four
Daily
More
2024-05-15(5)
2024-05-14(9)
2024-05-13(8)
2024-05-12(28)
2024-05-11(32)
2024-05-10(34)
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)

Code World

© 2018 codetd.com