Example NTP DeploymentsWAN Time Distribution NetworkIn the diagram below, a corporate autonomous system (AS) obtainstime information from three public time servers. The corporate AS isshown as Area 0 and Area 1 time servers. In this example, the NTPhierarchy follow the Open Shortest Path First (OSPF) hierarchy.However, OSPF is not a prerequisite for NTP. It is only used as anillustrative example. NTP may be deployed along other logicalhierarchical boundaries such as an Enhanced Interior Gateway RoutingProtocol (EIGRP) hierarchy or the standard Core/Distribution/Accesshierarchy.
The following is the Cisco IOS configuration for device A0-R1 in the above diagram.
The following is the Cisco IOS configuration for device A0-R1 in the above diagram.
clock timezone CST -5
clock summer-time CDT recurring
!--- This router has a hardware calendar.
!--- To configure a system as an
!--- authoritative time source for a network
!--- based on its hardware clock (calendar),
!--- use the clock calendar-valid global
!--- configuration command. Notice later that
!--- NTP will be allowed to update the calendar
!--- and Cisco IOS will be configured to be an
!--- NTP master clock source.
!--- Cisco IOS will then obtain its clock from
!--- the hardware calendar.
clock calendar-valid
!--- This allows NTP to update the hardware
!--- calendar chip.
ntp update-calendar
!--- Configures the Cisco IOS software as an
!--- NTP master clock to which peers synchronize
!--- themselves when an external NTP source is
!--- not available. Cisco IOS will obtain the
!--- clock from the hardware calendar based on
!--- the previous line. This line will keep the
!--- whole network in Sync even if Router1 loses
!--- its signal from the Internet. Assume, for
!--- this example, that the Internet time servers
!--- are stratum 2.
ntp master 3
!--- When the system sends an NTP packet, the
!--- source IP address is normally set to the
!--- address of the interface through which the
!--- NTP packet is sent.
!--- Change this to use loopback0.
ntp source Loopback0
!--- Enables NTP authentication.
ntp authenticate
ntp authentication-key 1234 md5 104D000A0618 7
ntp trusted-key 1234
!--- Configures the access control groups for
!--- the public servers and peers for additional
!--- security.
access-list 5 permit <I-TS-1>
access-list 5 permit <I-TS-2>
access-list 5 permit <I-TS-3>
access-list 5 permit <A0-R2>
access-list 5 permit <A0-R3>
access-list 5 deny any
!--- Configures the access control groups for the
!--- clients to this node for additional security.
access-list 6 permit <A1-R1>
access-list 6 permit <A1-R2>
access-list 6 permit <A1-R3>
access-list 6 deny any
!--- Restricts the IP addresses for the peers
!--- and clients.
ntp access-group peer 5
ntp access-group serve-only 6
!--- Fault tolerant configuration polling for 3 NTP
!--- public servers, peering with 2 local servers.
ntp server <I-TS-1>
ntp server <I-TS-2>
ntp server <I-TS-3>
ntp peer <A0-R2>
ntp peer <A0-R3>
扫一扫
2256
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
