Cisco devices support versions 2, 3 & 4 of the Network Time Protocol. Version 4 adds support for IPv6, DNS and public key authentication. Version 4 uses multicast whereas version 3 uses broadcast.
To configure a router as NTP master:
# 8 is the stratum that goes from 0 for atomic clocks to 15
R1(config)# ntp master 8
.
# max NTP clients the router will serve
R1(config)# ntp max-associations 200
To configure a router as NTP client:
# preferred NTP server
R1(config)# ntp server 201.145.145.14 prefer
R1(config)# ntp server 201.145.146.14
R1(config)# ntp server 201.145.147.14
To configure a server as peer (we should always use a loopback):
R1(config)# ntp peer 172.16.20.14 source loopback 0 version 3
R1(config)# ntp peer 172.16.21.14 source loopback 0 version 3
To disable NTP on all those interfaces that should not use it:
R1(config-if)# ntp disable
To secure access to the local NTP service:
# create ACL with authorised IP range
R1(config)# access-list 120 permit 10.1.0.0 0.0.255.255
.
# create ACL with authorised IP range
R1(config)# access-list 121 permit 10.0.0.0 0.128.255.255
.
# create ACL with authorised IP range
R1(config)# access-list 122 permit 10.0.0.0 0.192.255.255
.
# create ACL with authorised IP range
R1(config)# access-list 123 permit 10.1.0.0 0.255.255.255
.
# enables time & control requests plus syncing to other peers
R1(config)# ntp access-group peer 120
.
# enables time & control requests but not syncing to other peers
R1(config)# ntp access-group serve 121
.
# enables only time requests
R1(config)# ntp access-group serve-only 122
.
# enables only control requests
R1(config)# ntp access-group query-only 123
To enable NTP authentication:
# creates authentication key with given password
R1(config)# ntp authentication-key 1 md5 password123
.
# enables use of given key for authentication
R1(config)# ntp trusted-key 1
.
# enables authentication
R1(config)# ntp authenticate
.
# hookup to given NTP server and use key to authenticate
R1(config)# ntp server 10.1.2.3 key 1
To get NTP related status, statistics or debugging info:
# display generic ntp status
R1# show ntp status
.
# display ntp association traffic
R1# show ntp associations
.
# display ntp association traffic in detail
R1# show ntp associations detail
.
# display ntp clock adjustments
R1# debug ntp adjust
.
# display all ntp traffic
R1# debug ntp all
.
# display ntp events
R1# debug ntp events
.
# display ntp packets
R1# debug ntp packet
.
# display ntp packets with detail
R1# debug ntp packet detail
.
# display ntp packets from/to peer
R1# debug ntp packet peer 10.11.12.13
To set the date:
# show current datetime
R1# show calendar
.
# show current time
R1# show clock
.
# show current time plus summer time settings
R1# show clock detail
.
# explicitly set the date
R1# clock set 22:57:35 20 June 2021
.
# sets the software clock to the datetime of the hardware clock
R1# clock read-calendar
.
# sets the hardware clock to the datetime of the software clock
R1# clock update-calendar
.
# sets the software clock as an authoritative time source
R1(config)# clock calendar-valid
.
# set timezone to “zone” ± “offset”
R1(config)# clock timezone PST – 8
Additionally: