Cisco Router – Configuring NTP Client and Server

Doc: Great Scott! Jennifer could conceivably encounter her future self! The consequences of that could be disastrous!
Marty: Doc, what do you mean?
Doc: I foresee two possibilities. One, coming face to face with herself 30 years older would put her into shock and she’d simply pass out. Or two, the encounter could create a time paradox, the results of which could cause a chain reaction that would unravel the very fabric of the space time continuum, and destroy the entire universe! Granted, that’s a worse case scenario. The destruction might in fact be very localized, limited to merely our own galaxy.
Marty: Well, that’s a relief.

– Back to the Future Part II
– Robert Zemeckis and Bob Gale

NTP Server and NTP client

NTP Server and NTP client

Configuring a Cisco router as an NTP Client

To view the system time on a router, use the show clock detail command:

Marty>
Marty>en
Marty#show clock detail
*00:00:50.151 UTC Mon Mar 1 1993
No time source

The asterisk in front of the time indicates that the time value is not authoritative. A time of March 1 1993 is the default time value when you turn on a router that has neither NTP configured, nor a manually-configured time.

So let’s set up Marty as an NTP client with the ntp server command:

Marty#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Marty(config)#ntp server 8.8.8.1

To view the NTP associations, use show ntp associations command:

Marty#show ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
 ~8.8.8.1          0.0.0.0          16     -    64    0     0.0    0.00  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

No ref clock and reach(ability) value of 0 usually means the NTP server is not responding to our NTP client. We have not set up an NTP server yet, so that’s probably why the NTP client isn’t getting a response.

To view more details about the NTP associations, use the show ntp associations detail command:

Marty#show ntp associations detail
8.8.8.1 configured, insane, invalid, unsynced, stratum 16
ref ID 0.0.0.0, time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000
delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00
precision 2**5, version 3
org time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
rcv time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
xmt time AF3BD180.285DEA34 (00:04:16.157 UTC Mon Mar 1 1993)
filtdelay =     0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filtoffset =    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filterror =  16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

Yep, “insane” and “invalid” and a ref time of 1900 means our NTP server has not responded. The clock on the NTP client has not changed, even though it now says that its time source is NTP. And there is an asterisk before the time value, indicating that the time is not authoritative:

Marty#show clock detail
*00:02:16.051 UTC Mon Mar 1 1993
Time source is NTP

Now let’s switch over to the NTP server and set it up.

Configuring a Cisco router as an NTP Server

On the router that is going to be our NTP master, the out put from show clock detail shows that it is using a user-configured time:

DocBrown#show clock detail
22:08:45.951 PST Thu Nov 12 2015
Time source is user configuration

To make it an NTP master server, use the ntp master command.

DocBrown(config)#ntp master

Verifying the connection from the NTP Client

Now let’s go back to our NTP client and see if it has picked up the time from the NTP master:

Marty#show clock
*00:03:52.959 UTC Mon Mar 1 1993
Marty#show ntp asso d
8.8.8.1 configured, insane, invalid, unsynced, stratum 16
ref ID 0.0.0.0, time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000
delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00
precision 2**5, version 3
org time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
rcv time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
xmt time AF3BD180.285DEA34 (00:04:16.157 UTC Mon Mar 1 1993)
filtdelay =     0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filtoffset =    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filterror =  16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

No joy. the NTP client is still stuck in 1993. Maybe the NTP server is unreachable?

Marty#ping 8.8.8.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
Marty#sh ip int b
Interface                  IP-Address      OK? Method Status                Protocol
Ethernet0                  88.88.88.2      YES NVRAM  up                    up
Serial0                    unassigned      YES NVRAM  administratively down down

The NTP server does not respond to my ping. Oh for fecks sake, I have configured the NTP client with the wrong IP address for the NTP server. Of course it cannot get a time if it is trying to contact the wrong IP address. So let’s change the NTP client to use the correct IP address:

Marty#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Marty(config)#no ntp server 8.8.8.1
Marty(config)#ntp server 88.88.88.1
Marty(config)#exit
Marty#ping 88.88.88.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 88.88.88.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 4/12/28 ms

Now the NTP client is configured with the correct IP address for the NTP server. So let’s check its clock:

Marty#show clock detail
06:13:06.605 UTC Fri Nov 13 2015
Time source is NTP

Yep, Marty has picked up the time from Doc Brown. And there is no longer an asterisk in front of the time value, meaning that the time on Marty is now authoritative.

Marty#sh ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
*~88.88.88.1       127.127.7.1       8     4    64  377     7.0   12.34     0.1
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
Marty#sh ntp associations detail
88.88.88.1 configured, our_master, sane, valid, stratum 8
ref ID 127.127.7.1, time D9EFFDD5.E89DD4AA (06:12:37.908 UTC Fri Nov 13 2015)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 377, sync dist 3.571
delay 6.97 msec, offset 12.3388 msec, dispersion 0.06
precision 2**18, version 3
org time D9EFFDFA.3E4C8002 (06:13:14.243 UTC Fri Nov 13 2015)
rcv time D9EFFDFA.3C089F3E (06:13:14.234 UTC Fri Nov 13 2015)
xmt time D9EFFDFA.3A316B5A (06:13:14.227 UTC Fri Nov 13 2015)
filtdelay =     7.03    6.97    6.97    6.96    7.03    6.99    7.00    7.03
filtoffset =   12.37   12.34   12.37   12.36   12.39   12.39   12.40   12.41
filterror =     0.02    0.03    0.05    0.06    0.08    0.09    0.11    0.12

One more thing. Marty is displaying time in UTC, whereas DocBrown is configured for PST. Not a problem if the two routers are in different timezones, but it makes for easier for log analysis if all the devices on a network are set to the same timezone. During, or after an incident, you’re looking for a picture of what is happening (or, has happened) on the network. You want to check logs on different machines, and it makes for easier correlation of this-happened-then-that-happened if you do not have to mentally adjust the timestamps on different devices.

So, let’s move Marty to PST as well.

Marty(config)#clock timezone PST -8 
Marty(config)#exit
Marty#show clock detail
22:27:48.883 PST Thu Nov 12 2015
Time source is NTP

Additional Information:

clock set command in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2

clock timezone command in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2

show clock command in the Cisco IOS Configuration Fundamentals Command Reference, Release 12.2

This entry was posted in geek, mecha, v4vendetta and tagged , , . Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

3 Comments

  1. Posted September 23, 2017 at 7:35 am | Permalink

    You are so awesome! I do not think I’ve truly read through
    a single thing like this before. So wonderful to find another person with a few genuine thoughts on this
    subject. Seriously.. many thanks for starting this up.

    This site is something that’s needed on the internet, someone with some originality!

  2. Posted September 24, 2017 at 2:10 pm | Permalink

    Hi,I read your blog named “Cisco Router – Configuring NTP Client and Server” like every week.Your humoristic style is witty, keep up the good work! And you can look our website about proxy list.

  3. Arpit Arora
    Posted October 11, 2017 at 4:29 am | Permalink

    Nice article , Can you also explain how the NTP master is getting time and also if we configured multiple NTP Master server reference on a NTP client

7 Trackbacks

Post a Comment

Your email is never published nor shared. Required fields are marked *

You may use these HTML tags and attributes <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

*
*