NTP

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

Stratums: Default NTP Server Stratum Level

8

NTP Master Configuration

ntp master Starts ntp, Synchronizes itself to its own clock ntp source fa0/1 Sets fa0/1 as the port that it sends NTP packets out of. Other NTP clients will use this IP address in the "ntp server ipaddress" commands

NTP Client Configuration

ntp server 10.10.10.1 Synchronizes its clock to the ntp master at 10.10.10.1

Stratums: Stratum Range

1 - 15

NTP peers

Allows other devices to sync to it and will also sync to other devices

NTP servers

Allows other devices to sync to it, but does not sync to other devices

sh ntp associations: #

An IP address of an NTP master that the router is configured to synchronize with and has begun the process of syncing with, but is not yet synchronized with. (Usually due to some issue arising during synchronization such as when an NTP server/peer is not synchronized using an authoritative time source such as NTP or if that server/peer's time is significantly different from other servers/peers) Known as master (unsynched)

sh ntp associations: *

An IP address of an NTP master that the router is configured to synchronize with and the router is synchronized with the master. Known as our_master

sh ntp associations: +

An IP address of an NTP master that the router is configured to synchronize with, but is currently not because the synchronization process has not yet begun. If our_master fails or the router loses sync with our_master then this will be chosen for possible synchronization. Known as "selected"

sh ntp associations: ~

An IP address that was manually configured. Known as "configured"

NTPv3

Cryptographic authentication Does not provide privacy (confidentiality)

sh ntp associatons

Displays all CONFIGURED ntp peers and will also display which one of those peers the router is SYNCHRONIZED to Shows the IP address and status of configured NTP servers/peers Shows information about the NTP server or peer, not the local device that the command was run on Reference clock IP address is the IP address of the timing source the NTP server/peer uses for itself

Cryptographic Authentication

Has a "shared secret" that it uses to create a hash of the NTP update that it sends with the update The NTP client also has the "shared secret" and uses it to create a hash of the NTP update it receives with the update. If the hashed update matches the one it receives in the update, it has authenticated the update and knows that it is legitimate. Note: This only provides authentication and does NOT provide privacy

NTPv4

IPv6 support Prevents GET_MONLIST requests that have been used in DDOS amplification attacks

Configured vs Synchronized

With NTP you are "CONFIGURED" to a lot of various time sources, but are only "SYNCHRONIZED" with the one you actually use for your time.

Cryptographic Authentication Configuration: Server

ntp authentication-key 1 md5 passwordForAuthentication ntp authenticate Enables ntp cryptographic authentication

Cryptographic Authentication Configuration: Client

ntp authentication-key 1 md5 passwordForAuthentication ntp trusted-key 1 Assigns key 1 as a "trusted" key ntp authenticate ntp server 10.10.10.1 key 1 Specifies that trusted key 1 is to be used with the connection to the ntp server at 10.10.10.1

sh ntp status

Shows information about the local device NOT the NTP server The stratum display in sh ntp status will be 1 higher than the stratum displayed in sh ntp associations for the synchronized NTP master (*) since sh ntp status shows information about the local device whereas sh ntp associations shows information about the remote device. Reference IP is the IP of the NTP master that the local device has synced to

sh clock: *

The device does not use a timing source (such as NTP) Test Language: Time is not authoritative

sh clock: .

The device is configured to use a timing source (such as NTP) but is not synchronized with that source Test Language: Time is authoritative, but NTP is not synchronized (because the NTP process has lost contact with its servers)

sh clock: No symbols (Blank)

The device uses a timing source (such as NTP) and is in-sync with that source Test Language: Time is authoritative

Stratums

Used to describe how far away (in NTP hops) a machine is from an authoritative time source where stratum 1 would be a time server that is directly connected to an atomic clock. 1 to 15 Stratum level 8 is the default NTP server stratum level Devices that synchronize with an NTP server will choose a stratum level 1 above the server's because the server it is synchronizing to is going to be closer to the authoritative time source. A device configured to use NTP will use the peer/server with the lowest stratum number (Unless that peer/server has a time that is significantly different than the other peers/servers)


Ensembles d'études connexes

Chapter 43 Care of the Patient with an Integumentary Disorder

View Set

Pathology Review: Airflow Pathway Story

View Set

GRE Quantitative: Arithmetic/Algebra

View Set

Financial Accounting Final Review

View Set