Warning: session_start(): Cannot send session cookie - headers already sent by (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/wp-file-upload/wordpress_file_upload.php on line 2

Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/circui15/public_html/packetpros.com/index.php:4) in /home/circui15/public_html/packetpros.com/wp-content/plugins/wp-file-upload/wordpress_file_upload.php on line 2
NTP Server & Clients

First determine what device(s) you want to be the NTP Master for your network. Commonly this is your core switches. In this example we’re running a couple of 4500-X’s in VSS.

ntp logging
ntp authentication-key 123 md5 SeCrEtKeY
ntp authenticate
ntp trusted-key 123
ntp master 2
ntp update-calendar
ntp server 64.202.112.75
ntp server 134.84.84.84

Let’s dive into what these commands do.

ntp logging – Logs NTP events
ntp authentication-key 123 md5 SeCrEtKeY – This sets a key string [SeCrEtKeY] to a key variable [123]. Every client will require this password to get time.
ntp authenticate – This enables authentication to the NTP server.
ntp trusted-key – Tells the server what key to use. Yes, you can use multiple keys for multiple host groups.
ntp master 2 – This sets the stratum level for our configured NTP server.
ntp update-calendar – Periodically sends calendar info along with the time.
ntp server 64.202.112.75 – This sets the NTP server our switch will pull time from. We need an NTP source to pull from so we can provide accurate time to our clients.
ntp server 134.84.84.84 – A redundant NTP server to pull time from.

On the client side our configuration will look like this-

ntp authentication-key 123 md5 SeCrEtKeY
ntp authenticate
ntp trusted-key 123
ntp source Vlan255
ntp server 10.8.255.1 key 123 prefer

If we had two switches that were not in VSS, we would just add another ntp server to the client config. NTP traffic is minimal so load balancing between the two switches would not be necessary. You should keep the NTP traffic on your management VLAN since it is not encrypted. There are many other nerd knobs to turn for NTP so check the configuration guide for your version of IOS.