NTP Server & Clients

First determine what device(s) you want to be the NTP Master for your network. Commonly this is your core switches. In this example we’re running a couple of 4500-X’s in VSS.

Let’s dive into what these commands do.

ntp logging – Logs NTP events
ntp authentication-key 123 md5 SeCrEtKeY – This sets a key string [SeCrEtKeY] to a key variable [123]. Every client will require this password to get time.
ntp authenticate – This enables authentication to the NTP server.
ntp trusted-key – Tells the server what key to use. Yes, you can use multiple keys for multiple host groups.
ntp master 2 – This sets the stratum level for our configured NTP server.
ntp update-calendar – Periodically sends calendar info along with the time.
ntp server 64.202.112.75 – This sets the NTP server our switch will pull time from. We need an NTP source to pull from so we can provide accurate time to our clients.
ntp server 134.84.84.84 – A redundant NTP server to pull time from.

On the client side our configuration will look like this-

If we had two switches that were not in VSS, we would just add another ntp server to the client config. NTP traffic is minimal so load balancing between the two switches would not be necessary. You should keep the NTP traffic on your management VLAN since it is not encrypted. There are many other nerd knobs to turn for NTP so check the configuration guide for your version of IOS.

Leave a Reply

Your email address will not be published.

Time limit is exhausted. Please reload CAPTCHA.