Basic NTP configuration procedures: NTP: Identify the server that will be the
time master Set it as the time server for the
network with the global configuration command: (config)#ntp master (2) # the optional
value of "2" sets its stratum level (config)#ntp source loopback0 # tells the router to use
the loopback as the time source The client can then be configured at the
global level: (config)#ntp server W.X.Y.Z or (config)#ntp peer W.X.Y.Z Alternatively, on a broadcast link you can
configure a specific client interface to use: (config-if)#ntp broadcast client It appears that this will not work if
you are using a loopback source, for instance, unless you also configure the
NTP server interface on the link to broadcast into the link as shown below: (config-if)#ntp broadcast destination W.X.Y.255 It will take about a minute or two (or
more) for the synchronization to occur and appear in the output of the
command: router#show ntp associations 1.) Don't forget to make sure that the
loopback interface is routable 2.) Don't forget to make sure that a
switch VLAN interface will be able to reach the source interface (i.e., that
the VLAN interface has an IP address that can reach an attached router
interface, that a route is set to the loopback interface or that the default
gateway has been set properly, that the VLAN interface is not shutdown, etc.) NTP authentication is configured on the
server side as follows: (config)#ntp authenticate (config)#ntp authentication-key 1 md5 password-1 (config)#ntp authentication-key 2 md5 password-2 . . . etc. (config)#ntp trusted-key 1 (config)#ntp trusted-key 2 . . . etc. Client 1 is configured for
authentication as follows: (config)#ntp authenticate (config)#ntp authentication-key 1 md5 password-1 (config)#ntp trusted-key 1 Client 2 is configured for
authentication as follows: (config)#ntp authenticate (config)#ntp authentication-key 2 md5 password-2 (config)#ntp trusted-key 2 They will then use separate
authentication schemes There is another broadcast
authentication process that is applied to the interface if the unsolicited
broadcast technique is used and it requires security. |