Basic NTP configuration procedures:

 

NTP:

 

Identify the server that will be the time master

Set it as the time server for the network with the global configuration command:

 

(config)#ntp master (2)        # the optional value of "2" sets its stratum level

(config)#ntp source loopback0  # tells the router to use the loopback as the time source

 

 

The client can then be configured at the global level:

 

(config)#ntp server W.X.Y.Z

 

or

 

(config)#ntp peer W.X.Y.Z

 

Alternatively, on a broadcast link you can configure a specific client interface to use:

 

(config-if)#ntp broadcast client

 

It appears that this will not work if you are using a loopback source, for instance, unless you also configure the NTP server interface on the link to broadcast into the link as shown below:

 

(config-if)#ntp broadcast destination W.X.Y.255

 

 

It will take about a minute or two (or more) for the synchronization to occur and appear in the output of the command:

 

router#show ntp associations

 

 

1.) Don't forget to make sure that the loopback interface is routable

 

2.) Don't forget to make sure that a switch VLAN interface will be able to reach the source interface (i.e., that the VLAN interface has an IP address that can reach an attached router interface, that a route is set to the loopback interface or that the default gateway has been set properly, that the VLAN interface is not shutdown, etc.)

 

 

 

NTP authentication is configured on the server side as follows:

 

(config)#ntp authenticate

(config)#ntp authentication-key 1 md5 password-1

(config)#ntp authentication-key 2 md5 password-2

.

.

.

etc.

(config)#ntp trusted-key 1

(config)#ntp trusted-key 2

.

.

.

etc.

 

 

 

Client 1 is configured for authentication as follows:

 

 

(config)#ntp authenticate

(config)#ntp authentication-key 1 md5 password-1

(config)#ntp trusted-key 1

 

Client 2 is configured for authentication as follows:

 

(config)#ntp authenticate

(config)#ntp authentication-key 2 md5 password-2

(config)#ntp trusted-key 2

 

They will then use separate authentication schemes

 

There is another broadcast authentication process that is applied to the interface if the unsolicited broadcast technique is used and it requires security.