Setting up NTP services on Cisco IOS
Setting Up NTP Services On Cisco IOS
Quick reference guide for engineers
This is meant as a quick guide for configuring NTP services on a device using Cisco IOS. For a wider guide to Cisco configuration please see this document.
The best NTP time server address to use for UK customers is uk.pool.ntp.org
For a list of addresses for other countries and regions visit: https://support.ntp.org/bin/view/Servers/NTPPoolServers
IOS should be set up to look up DNS names (using the ‘ip domain-lookup’ command)
IOS will require a route to the Internet (using either a default gateway or a default route)
To configure the router for use within the UK in a standard Greenwich Mean Time time zone, get the router into enable mode then use the following:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp server uk.pool.ntp.org
Router(config)#clock timezone GMT 0
A deeper look at important IOS NTP commands
The best and easiest configuration for small to medium sized networks, a central server setup involves one or two centralised NTP servers configured to use the Internet to synchronise their time. All clients on the network are then told to synchronise their times in line with those servers.
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp server uk.pool.ntp.org
Additional timeservers can be added for redundancy purposes simply by repeating the same command with additional IP or DNS addresses of other NTP servers.
A router synchronised with an Internet NTP server will then automatically provide time synchronisation for other devices on the LAN. Simply configure the internal servers and systems to use that router as its NTP server. As a result of this feature, it is important to use authentication and access lists to avoid providing time synchronisation service to the entire Internet.
If your router has an internal clock chip (most modern Cisco routers have one), once you have NTP configured it, you can use it to synchronize the time of the internal clock with the ntp update-calendar command.
WARNING:Â After configuring a router to act as an NTP server, it may take five to ten minutes before that router becomes synchronised with other time sources. Until the router is synchronised, it does not provide time synchronisation for other systems. This is important to remember so you can avoid troubleshooting problems that don’t exist.
Time Zones
NTP uses Universal Coordinated Time for all time synchronisations so it is not affected by different time zones. To have your router report the time in your local time zone, you need to use the clock timezone and clock summer-time commands. The clock timezone command needs to be followed by the time zone abbreviation and the time zone offset. For example, to set your routers’ local time zone to Greenwich Mean Time, enter:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#clock timezone GMT 0
A list of the time zones and their offsets is available here:
https://www.cisco.com/en/US/docs/video/cds/cda/is/3_0/command_reference/timezone.html
To enable daylight saving time, the clock summer-time command requires the daylight savings time abbreviation of your time zone followed by the keyword recurring. Configuring Central European Time would require:
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#clock summer-time CET recurring
Viewing Status
The show ntp status command tells you that you are synchronised, the stratum level of your router, and the IP of the server to which you are synchronised.
For example, a show ntp status on a system synchronised to 193.219.61.110 shows:
Router#show ntp status Clock is synchronized, stratum 3, reference is 193.219.61.110 nominal freq is 250.0000 Hz, actual freq is 249.9961 Hz, precision is 2**16 reference time is BF454660.7CCA9683 (22:37:36.487 EDT Sat Sep 8 2001) clock offset is 4.3323 msec, root delay is 136.28 msec root dispersion is 37.69 msec, peer dispersion is 1.14 msec
The show ntp associations command lists all the NTP servers to which the router is configured to synchronise. An example show ntp associations would display:
Router#show ntp associations
address   ref clock st when poll reach delay offset disp
| *~128.249.2.2 | 192.5.41.40 | 2 | 4 | 64 | 377 | 76.9 | 5.49 | 0.4 |
| -~130.218.100. | 198.72.72.10 | 3 | 33 | 128 | 377 | 7.1 | 13.13 | 0.6 |
| +~129.237.32.2 | 192.43.244.18 | 2 | 16 | 64 | 377 | 44.8 | 3.05 | 0.9 |
| +~128.118.25.3 | 128.118.25.12 | 2 | 48 | 64 | 377 | 39.7 | 5.50 | 1.4 |
* master (synced), # master (unsynced), + selected, – candidate, ~ configured
The asterisk (*) next to the 128.249.2.2 address indicates that the router is synchronised to this server. It is very important that at least one address have an asterisk by it. NTP dictates that a server cannot synchronise another system unless the server itself is synchronised.