NTP on Cisco devices




Setup NTP on Cisco devices (Routers, Switches) is very simple.

I strongly recommend you to use one of the servers at NTP Pool Project (http://www.pool.ntp.org/en/). In my case, I'm using the servers a.ntp.br, b.ntp.br and c.ntp.br, that are Brazilian servers participating on this pool.

Router-01#sh run | in ntp
ntp server a.ntp.br
ntp server b.ntp.br
ntp server c.ntp.br

You can select the server you want from this site, or use the recommended address pool.ntp.org - it will usually return IP addresses for servers in or close to your country. For most users this will give the best results.

At least 1 device (like your router) needs to have access to the internet. It is a basic access, I mean, there is no need to do any TCP/UDP port redirection on your network Firewall. NTP uses port 123 UDP and have no problem with NAT.

To verify the status, you can use the commands "show ntp status" and "show ntp associations":

Router-01#sh ntp status 
Clock is synchronized, stratum 3, reference is 200.160.0.8   
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**24
reference time is DE4B054E.D197D56A (22:41:50.818 BRT Wed Mar 7 2018)
clock offset is 114.2714 msec, root delay is 14.53 msec
root dispersion is 127.66 msec, peer dispersion is 2.52 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000003689 s/s
system poll interval is 64, last update was 81 sec ago.


Router-01#sh ntp associations 

  address         ref clock       st   when   poll reach  delay  offset   disp
*~200.160.0.8     200.160.7.186    2     19     64   377 14.316 114.271  2.526
+~200.189.40.8    200.160.7.186    2     26     64   377  6.477 115.987  2.312
x~200.192.232.8   200.160.7.186    2     63     64   377 55.701  89.915  2.163
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

You need also to setup your clock timezone - in my case, I'm using Brazilian Time = GMT -3.

Router-01#sh run | in clock timezone

clock timezone BRT -3 0

This is enough to have your router syncronized with a ntp server. By the way, this is also enough to have this device as a NTP Server to other devices - it's not necessary to type the command ntp master to provide NTP service. This command is only necessary when you don't have internet access and need to manually force a Cisco device to provide NTP sync to other devices.


Comments