StudyXY
RegisterLog in

CCNA 200-301 Portable Command Guide 5th Edition 20

Configure and secure NTP for accurate time across your network. Learn NTP design, troubleshooting, clock settings, and timestamps with configuration examples to support SLAs and log accuracy.

Alice Edwards
Contributor
4.8
46
4 months ago
Preview (4 of 12 Pages)
100%
Purchase to unlock

Page 1

CCNA 200-301 Portable Command Guide 5th Edition 20 - Page 1 preview image

Loading page image...

CHAPTER 19Configuring Network TimeProtocol (NTP)This chapter provides information about the following topics:DNTP configurationn NTP designSecuring NTPDVerifying and troubleshooting NTP1Setting the clock on a routern Using time stampsConfiguration example: NTPMost networks today are being designed with high performance and reliability in mind.Delivery of content is, in many cases, guaranteed by service level agreements (SLAs).Having your network display an accurate time is vital to ensuring that you have the bestinformation possible when reading logging messages or troubleshooting issues.NTP ConfigurationEdmonton(config)#ntp server209.165.200.254Configures the Edmonton router to synchro-nize its clock to a public NTP server at address209.165.200.254NOTE:This command makes the Edmontonrouter an NTP client to the external NTP serverNOTE:A Cisco IOS router can be both a clientto an external NTP server and an NTP server toclient devices inside its own internal networkNOTE:When NTP is enabled on a Cisco IOSrouter, it is enabled on all interfacesEdmonton(config)#ntp server209.165.200.234 preferSpecifies a preferred NTP server if multipleones are configuredTIP:It is recommended to configure more thanone NTP serverEdmonton(config-if)#ntp disableDisables the NTP server function on a specificinterface. The interface will still act as an NTPclientTIP:Use this command on interfacesconnected to external networksTechnet24

Page 2

CCNA 200-301 Portable Command Guide 5th Edition 20 - Page 2 preview image

Loading page image...

176NTP ConfigurationEdmonton(config)#ntp masterstratumConfigures the router to be an NTP masterclock to which peers synchronize when noexternal NTP source is available. The stratumis an optional number between 1 and 15. Whenenabled, the default stratum is 8NOTE:A reference clock (for example, anatomic clock) is said to be a stratum-0 device.A??stratum-1 server is directly connected toa stratum-0 device. A stratum-2 server isconnected across a network path to a stratum-1server. The larger the stratum number (movingtoward 15), the less authoritative that server isand the less accuracy it will haveEdmonton(config)#ntp max-associations 200Configures the maximum number of NTPpeer-and-client associations that the router willserve. The range is 0 to 4,294,967,295. Thedefault is 100Edmonton(config)#accesslist 101 permit udp any hosta.b.c.deq ntpCreates an access list statement that will allowNTP communication for the NTP server ataddress a.b.c.d. This ACL should be placed inan inbound directionNOTE:When a local device is configured with thentp mastercommand, it can be iden-tified by a syntactically correct but invalid IP address. This address will be in the form of127.127. x.x. The master will synchronize with itself and uses the 127.127.x.x address toidentify itself. This address will be displayed with theshow ntp associationscommandand must be permitted via an access list if you are authenticating your NTP servers.NTP DesignYou have two different options in NTP design: flat and hierarchical. In a flat design, allrouters are peers to each other. Each router is both a client and a server with every otherrouter. In a hierarchical model, there is a preferred order of routers that are servers andothers that act as clients. You use the ntp peercommand to determine the hierarchy.TIP:Do not use the flat model in a large network, because with many NTP servers itcan take a long time to synchronize the time.Edmonton(config)#ntp peer 172.16.21.1Configures an IOS device to synchronize its softwareclock to a peer at 172.16.21.1Edmonton(config)#ntp peer 172.16.21.1version 2Configures an IOS device to synchronize its softwareclock to a peer at 172.16.21.1 using version 2 of NTP.There are three versions of NTP (versions 2-4)NOTE:Although Cisco IOS recognizes three versions of NTP, versions 3 and 4are most commonly used. Version 4 introduces support for IPv6 and is backwardcompatible with version 3. NTPv4 also adds DNS support for IPv6.NOTE:NTPv4 has increased security support using public key cryptography andX.509 certificates.NOTE:NTPv3 uses broadcast messages. NTPv4 uses multicast messages.

Page 3

CCNA 200-301 Portable Command Guide 5th Edition 20 - Page 3 preview image

Loading page image...

Securing NTP177Edmonton(config)#ntp peer 172.16.21.1source loopback 0Configures an IOS device to synchronize itssoftware clock to a peer at 172.16.21.1. The sourceIP address is the address of interface Loopback 0TIP:Choose a loopback interface as your source forNTP because it will never go down. ACL statementswill also be easier to write as you will require only oneline to allow or deny trafficEdmonton(config)#ntp peer 172.16.21.1source loopback 0 preferMakes this peer the preferred peer that providessynchronizationSecuring NTPYou can secure NTP operation using authentication and access lists.NOTE:Securing NTP is not part of the CCNA (200-301) exam topics.Enabling NTP AuthenticationNTPServer(config)#ntp authentication-key 1md5 NTPpa55wordDefines an NTP authentication key1 = number of authentication key. Can be a numberbetween 1 and 4,294,967,295md5 = using MD5 hash. This is the only optionavailable on Cisco devicesNTPpa55word= password associated with this keyNTPServer(config)#ntp authenticateEnables NTP authenticationNTPServer(config)#ntp trusted-key 1Defines which keys are valid for NTP authentication.The key number here must match the key number youdefined in the ntp authentication-keycommandNTPClient(config)#ntp authentication-key1 md5 NTPpa55wordDefines an NTP authentication keyNTPClient(config)#ntp authenticateEnables NTP authenticationNTPClient(config)#ntp trusted-key 1Defines which keys are valid for NTP authentication.The key number here must match the key number youdefined in the ntp authentication-keycommandNTPClient(config)#ntpserver 192.168.200.1key 1Defines the NTP server that requires authenticationat address 192.168.200.1 and identifies the peer keynumber as key 1NOTE:NTP does not authenticate clients; it only authenticates the source. That meansthat a device will respond to unauthenticated requests. Therefore, access lists shouldbe used to limit NTP access.NOTE:Once a device is synchronized to an NTP source, it will become an NTP serverto any device that requests synchronization.Technet24

Page 4

CCNA 200-301 Portable Command Guide 5th Edition 20 - Page 4 preview image

Loading page image...

178Securing NTPLimiting NTP Access with Access ListsEdmonton(config)#access-list 1 permit10.1.0.0 0.0.255.255Edmonton(config)#ntp access-grouppeer 1Edmonton(config)#ntp access-groupserve 1Defines an access list that permits only packets with asource address of 10.1.x. xCreates an access group to control NTP access and appliesaccess list 1. The peer keyword enables the device toreceive time requests and NTP control queries and tosynchronize itself to servers specified in the access listCreates an access group to control NTP access andapplies access list 1. The serve keyword enables thedevice to receive time requests and NTP control queriesfrom the servers specified in the access list but not tosynchronize itself to the specified serversCreates an access group to control NTP access andapplies access list 1. The serve-only keyword enablesthe device to receive only time requests from serversspecified in the access listCreates an access group to control NTP access andapplies access list 1. The query-onlykeyword enablesthe device to receive only NTP control queries from theservers specified in the access listEdmonton(config)#ntp access-groupserve-only 1Edmonton(config)#ntp access-groupquery-only 1NOTE:NTP access group options are scanned from least restrictive to most restrictivein the following order:peer , serve , serve-only, query-only. However, if NTP matchesa deny ACL rule in a configured peer, ACL processing stops and does not continue tothe next access group option.Verifying and Troubleshooting NTPEdmonton#show ntp associationsEdmonton#show ntp associa-tions detailEdmonton#show ntp statusDisplays the status of NTP associationsDisplays detailed information about each NTPassociationDisplays the status of the NTP. This commandshows whether the router's clock hassynchronized with the external NTP serverChecks to see whether NTP packets arereceived and sentLimits debug output to ACL 1Displays debug output for NTP clock adjustmentsDisplays all NTP debugging outputDisplays all NTP debugging eventsDisplays NTP packet debugging; lets you seethe time that the peer/server gives you in areceived packetDisplays detailed NTP packet dumpDisplays debugging from NTP peer at addressa.b.c.dEdmonton#debug ip packetsEdmonton#debug ip packet 1Edmonton#debug ntp adjustEdmonton#debug ntp allEdmonton#debug ntp eventsEdmonton#debug ntp packetEdmonton#debug ntp packetdetailEdmonton#debug ntp packetpeera.b.c.d
Preview Mode

This document has 12 pages. Sign in to access the full document!

Study Now!

XY-Copilot AI
Unlimited Access
Secure Payment
Instant Access
24/7 Support
Document Chat

Document Details

Subject
Information Technology

Related Documents

View all
Class Notes

DevOps and Its Importance Study Notes

DevOps Overview – Covers culture, performance metrics, CI/CD, CALMS model, automation, continuous testing, and frameworks like Agile, SAFe, and SRE. Ideal for modern IT and DevOps foundation learning.

Past Exams

Veeam Certified Engineer VMCE-V12

Veeam Backup Q&A – Covers Scale-out Backup Repositories, Oracle RMAN plug-in, agent-supported OS, and retention policies. Ideal for IT pros preparing for Veeam certification or data protection roles.

Past Exams

Modules 1 - 3 Basic Network Connectivity and Commu

Modules 1–3: ITN v7.0 Exam Answers on Basic Network Connectivity and Communications. Covers OSI model, IP addressing, protocols, and network devices. Ideal for CCNA exam prep.

Class Notes

Notes CCNA

Set boot file and recover from crash on Cisco switches. Use boot system commands, mode button, and boot loader steps to restore functionality after power loss or software issues.

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 22

Manage traffic using ACLs: Learn to create, apply, and verify standard, extended, named, and IPv6 ACLs. Includes tips, keywords, sequence numbers, and configuration examples.

Class Notes

CCNA 200-301 Portable Command Guide 5th Edition 36

Learn how to subnet IPv4 addresses using binary math, including Class B and C subnetting, binary ANDing, and shortcuts—essential skills for mastering the CCNA 200-301 exam.

Class Notes

Foundations of Novell Networking Section 26

Learn how web servers work and explore installing and configuring the NetWare Enterprise Web Server in NetWare 6, including support for iFolder and iPrint.

Class Presentation

Modulo 7 DHCPv4

Aprende a configurar DHCPv4 para asignar IPs dinámicamente. Ideal para redes grandes o pequeñas, usando servidores dedicados o routers Cisco con IOS como servidor DHCP eficiente.

Class Notes

Build and troubleshooting Integration Challenge

Networking Practice Exam: Configura y soluciona redes con routers y VLANs. Incluye direccionamiento IP detallado, subredes, interfaces y pruebas de conectividad para integración de sistemas.

Class Notes

Entregable 02 Red Hat Kevin Cortez

Red Hat Linux: aprende a usar CLI, administrar archivos, configurar red, gestionar usuarios y seguridad del sistema. Proyecto práctico para dominar tareas clave del SO Linux.