4 Replies Latest reply: Nov 15, 2010 5:08 AM by Keith Barker - CCIE RS/Security, CISSP RSS

    NTP client server configuration

    Nouman Khan

      Hi,

       

      I will be thankful if someone can expalin the difference between " ntp server " and "ntp peer" commands.

      Lets say i have two routers R1 and R2 - R2 needs to syncronize with R1. I have two configurations both of them work but i need to find the difference.

       

      R1----10.0.0.1-----------------------------10.0.0.2---------R2

       

      CONFIG 1

       

      R1

       

      ntp authentication-key 1 md5 cisco
      ntp authenticate
      ntp trusted-key 1
      ntp server 10.0.0.1
      ntp master 1

       

      R2

       

      ntp authentication-key 1 md5 cisco
      ntp authenticate
      ntp trusted-key 1
      ntp peer 10.0.0.2 key 1

       

      CONFIG 2

       

      ntp authentication-key 1 md5 cisco
      ntp authenticate
      ntp trusted-key 1
      ntp master 1

       

      R2

       

      ntp authentication-key 1 md5 cisco
      ntp authenticate
      ntp trusted-key 1
      ntp server 10.0.0.1

       

       

      Thanks

         
        • 1. Re: NTP client server configuration
          Erick

          Hiya.

           

          The NTP server command is used to synchronize with another NTP time source.  You are defining the server.  However the server is not allowed to synchronize their time with you.  The NTP peer command says that "I will synchronize my time with you and you may synchronize your time with me."  I would think it's most commonly used in a NTP cluster situation.

           

          Erick

          • 2. Re: NTP client server configuration
            Krunal

            I also want to know the "ntp trust-key " command is required in NTP servers or not. From DOC CD it says it only requires on client but I have seen in somesituation without trust key on NTP server server always use key 0 for authenticatoin. As soon as you put ntp trust-key on server NTP client gets sync with NTP server.

            • 3. Re: NTP client server configuration
              Yuan Yao

              Hi

               

              You can find the difference just from the word "server" and "peer".You see the word "server" and "client",it means the server's level is higher than the client's.And "peer" means you two's level is just equal .

               

              Put it on NTP, if on the router (we just use R1) ,we use cmd "ntp server x.x.x.x" (the other one we use R2).R2 can send its time to sync R1,but R1 can not do it reversely.

              that means R1 can not send its time to sync R2.But if R1 use "ntp peer x.x.x.x" this time R1 can send its time to sync R2.I think the C/S mode is used more universally

              • 4. Re: NTP client server configuration
                Keith Barker - CCIE RS/Security, CISSP

                Krunal wrote:

                 

                I also want to know the "ntp trust-key " command is required in NTP servers or not. From DOC CD it says it only requires on client but I have seen in somesituation without trust key on NTP server server always use key 0 for authenticatoin. As soon as you put ntp trust-key on server NTP client gets sync with NTP server.

                 

                 

                Hello Krunal -

                 

                The "trusted-key" command should not be required on the NTP server, only on the client.   The key itself would need to be on both client and server if it is being used.

                 

                I have seen it work.  I have also seen some versions of IOS 12.4T in several CCIE practice labs, where NTP would NOT work, unless the "trusted-key" command was also on the server, and it was treated like a bug, knowing that it shouldn't be required, but wouldn't work without it. 

                 

                You may want to consider initiating a new question in the CLN to ensure your question is seen. 

                 

                Best wishes,

                 

                Keith