packet that is sent to a receiving client. Once a packet is received by a client, its cryptographic checksum key
is decrypted and checked against a list of trusted keys. If the packet contains a matching authentication key,
the time-stamp information that is contained within the packet is accepted by the receiving client. NTP
synchronization packets that do not contain a matching authenticator key are ignored.
In large networks, where many trusted keys must be configured, the Range of Trusted Key Configuration
feature enables configuring multiple keys simultaneously.
Note
It is important to note that the encryption and decryption processes used in NTP authentication can be very
CPU-intensive and can seriously degrade the accuracy of the time that is propagated within a network. If your
network setup permits a more comprehensive model of access control, you should consider the use of the
access list-based form of control.
After NTP authentication is properly configured, your networking device will synchronize with and provide
synchronization only to trusted time sources.
NTP Services on a Specific Interface
Network Time Protocol (NTP) services are disabled on all interfaces by default. NTP is enabled globally
when any NTP commands are entered. You can selectively prevent NTP packets from being received through
a specific interface by using the ntp disable command in interface configuration mode.
Source IP Address for NTP Packets
When the system sends an NTP packet, the source IP address is normally set to the address of the interface
through which the NTP packet is sent. Use the ntp source interface command in global configuration mode
to configure a specific interface from which the IP source address will be taken.
This interface will be used for the source address for all packets sent to all destinations. If a source address is
to be used for a specific association, use the source keyword in the ntp peer or ntp server command.
NTP Implementation
Implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic
clock. We recommend that the time service for your network be derived from the public NTP servers available
on the IP Internet.
Figure 2: Typical NTP Network Configuration
The following figure shows a typical network example using NTP. Switch A is the primary NTP, with the
Switch B, C, and D configured in NTP server mode, in server association with Switch A. Switch E is configured
System Management Configuration Guide, Cisco IOS XE Amsterdam 17.2.x (Catalyst 9500 Switches)
6
Administering the Device
NTP Services on a Specific Interface
To Next Page
Loading...
Need help?
General
