- NTP Authenticate
- NTP Authentication Key
- NTP Commands
- clock set
- clock timezone
- ntp
- ntpdate
- ntp authenticate
- ntp authentication-key
- ntp peer disable
- ntp peer keyID
- ntp peer version
- ntp server disable
- ntp server keyID
- ntp server-role disable
- ntp server trusted-enable
- ntp server version
- ntp trusted-key
- show clock
- show ntp
- show ntp configured
- show ntp keys
NTP and Clock
Network Time Protocol (NTP) is a networking protocol for clock synchronization between computer systems over variable-latency data networks. NTP is intended to synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC) and is designed to mitigate the effects of variable network latency. NTP can usually maintain time to within tens of milliseconds over the public Internet, and can achieve better than one millisecond accuracy in local area networks under ideal conditions.
When authentication of incoming NTP packets is enabled, the gateway ensures that they come from an authenticated time source before using them for time synchronization on the gateway. Authentication keys are created and added to the trusted list.
To add a key to be used for authentication, take the following steps.
Create the key.
gateway (config)# ntp authentication-key
1md5 password
Add the key to the trusted list.
gateway (config)# ntp trusted-key
1
Assign the key to the server/peer.
gateway (config)# ntp server
10.34.
1.1keyID
1
An authentication key may be created and used to authenticate incoming NTP packets. For the key to be used, make sure the following is in place.
It should be shared with the NTP server/peer sending the NTP packet.
It should be added to the trusted list.
NTP authenticate should be enabled on the system
clock set
clock set <hh:mm:ss> [<yyyy/mm/dd>]
Sets the time and date.
Syntax Description
hh:mm:ss
Time
yyyy/mm/dd
Date
Default
N/A
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # clock set 23:23:23 2010/08/19
If not specified, the date will be left the same.
clock timezone
clock timezone [<zone-word> [<zone-word> [<zone-word>] [<zone-word>]]]
no clock timezone
Sets the system time zone. The time zone may be specified in one of three ways:
The no form of the command resets time zone to its default (GMT).
Syntax Description
zone-word
Possible forms this could take include: continent, city, continent, country, city, continent, region, country, city, ocean, and/or island.
Default
GMT
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # clock timezone America North United_States Other New_York
ntp
ntp {disable | enable | {peer | server} <IP address> [version <number> | disable]}
no ntp {disable | enable | {peer | server} <IP address> [version <number> | disable]}
Configures NTP.
The no form of the command negates NTP options.
Syntax Description
disable
Disables NTP.
enable
Enables NTP.
peer | server
Configures an NTP peer or server node.
IP address
IPv4 or IPv6 address.
version <number>
Specifies the NTP version number of this peer.
Possible values: 3 or 4
Default
NTP is enabled
NTP version number is 4
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # no ntp peer 192.168.10.24 disable
ntpdate
ntpdate <ip-address>
Configures the system clock using the specified SNTP server.
Syntax Description
ip-address
IP address of SNTP server.
Default
N/A
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntpdate 192.168.10.10
This is a one-time operation and does not cause the clock to be kept in sync on an ongoing basis. It will generate an error if SNTP is enabled since the socket it requires will already be in use.
ntp authenticate
ntp authenticate
no ntp authenticate
Enables NTP authentication.
The no form of the command disables NTP authentication.
Syntax Description
N/A
Default
Disabled
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp authenticate
ntp authentication-key
ntp authentication-key <key-id> <encrypt-type> [<password>]
no ntp authentication-key <key-id>
Enables NTP authentication.
The no form of the command disables NTP authentication.
Syntax Description
key-id
Specifies a key ID, whether existing or a new one to be added.
Range: 1-65534
encrypt-type
Specifies encryption type to use (md5, or sha1)
password
Password string
Default
Disabled
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp authentication-key 123 md5 examplepass
If a password is not entered, a prompt appears requiring that a password is introduced.
ntp peer disable
ntp peer <ip-address> disable
no ntp peer <ip-address> disable
Temporarily disables this NTP peer.
The no form of the command enables this NTP peer.
Syntax Description
ip-address
IP address of the peer.
Default
Disabled
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp peer 10.10.10.10 disable
ntp peer keyID
ntp peer <ip-address> keyID <key-id>
no ntp peer <ip-address> keyID <key-id>
Specifies the KeyID of the NTP peer.
The no form of the command removes key ID configuration from the NTP peer.
Syntax Description
ip-address
IP address of the peer.
key-id
Range: 1-65534
Default
Disabled
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp peer 10.10.10.10 keyID 120
ntp peer version
ntp peer <ip-address> version <ver-num>
no ntp peer <ip-address> version <ver-num>
Specifies the NTP version number of this peer.
The no form of the command defaults NTP to version 4.
Syntax Description
ip-address
IP address of the peer.
ver-num
NTP version.
Possible values: 3 or 4
Default
4
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp peer 10.10.10.10 version 4
ntp server disable
ntp server <ip-address> disable
no ntp server <ip-address> disable
Temporarily disables this NTP server.
The no form of the command enables this NTP server.
Syntax Description
ip-address
IP address of the peer.
Default
Disabled
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp server 10.10.10.10 disable
ntp server keyID
ntp server <ip-address> keyID <key-id>
no ntp server <ip-address> keyID <key-id>
Specifies the KeyID of the NTP server.
The no form of the command removes key ID configuration from the NTP server.
Syntax Description
ip-address
IP address of the peer.
key-id
Range: 1-65534
Default
Disabled
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp server 10.10.10.10 keyID 120
ntp server-role disable
ntp server-role disable
no ntp server-role disable
Disables the gateway's default ability to function as an NTP server.
The no form of the command restores the gateway's ability to function as an NTP server.
Syntax Description
N/A
Default
N/A
Configuration Mode
Configure terminal
History
8.0.0100
Role
Admin
Example
|
gateway (config) # ntp server-role disable
show ntp
This command is configurable.
ntp server trusted-enable
ntp server <ip-address> trusted-enable
no ntp server <ip-address> trusted-enable
Trusts this NTP server; if authentication is configured this will additionally force all time updates to only use trusted servers.
The no form of the command removes trust from this NTP server.
Syntax Description
ip-address
IP address of the peer.
Default
N/A
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp server 10.10.10.10 trusted-enable
ntp server version
ntp server <ip-address> version <ver-num>
no ntp server <ip-address> version <ver-num>
Specifies the NTP version number of this server.
The no form of the command defaults NTP to version 4.
Syntax Description
ip-address
IP address of the peer.
ver-num
NTP version.
Possible values: 3 or 4
Default
4
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp server 10.10.10.10 version 4
ntp trusted-key
ntp trusted-key <key(s)>
no ntp trusted-key <key(s)>
Adds one or more keys to the trusted key list.
The no form of the command removes keys from the trusted key list.
Syntax Description
key(s)
Range: 1-65534
Default
Disabled
Configuration Mode
config
History
8.0.0100
Example
|
gateway (config) # ntp trusted-key 1,3,5
gateway (config) # ntp trusted-key 1-5
Keys may be separated with commas without any space, or they may be set as a range using a hyphen.
show clock
show clock
Displays the current system time, date and time zone.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
8.0.0100
Example
|
gateway (config) # show clock
Time: 02:48:41
show ntp
show ntp
Displays the current NTP settings.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
8.0.0100
Example
|
gateway (config)# show ntp
NTP is administratively : enabled
show ntp configured
show ntp configured
Displays NTP configuration.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
8.0.0100
Example
|
gateway (config) # show ntp configured
NTP enabled: yes
show ntp keys
show ntp configured
Displays NTP keys.
Syntax Description
N/A
Default
N/A
Configuration Mode
Any command mode
History
8.0.0100
Example
|
gateway (config) # show ntp keys
NTP Key 1
