CCNA 200-301 Chapter 4 IP Services Lab 041 Configure and Verify Network Time Protocol – NTP

Watch Full Demo on YouTube:

Lab Objective:

In this lab, we’ll explore Network Time Protocol (NTP), which is essential for keeping network devices in sync.

This protocol ensures accurate timekeeping across all devices, which is critical for maintaining consistent logging, troubleshooting events, and securing network communications.

By the end of this lab, you will be able to:

• Understand the basics of NTP and its significance in networking.
• Configure a Cisco router to act as an NTP server.
• Configure additional devices as NTP clients to synchronize with the NTP server.
• Verify and troubleshoot NTP configuration to ensure proper synchronization.

Lab Topology:

Equipment Required:

• 4 x Cisco Router (e.g., Cisco ISR4331/K9)
• 1 x Cisco Switch (e.g. Catalyst 3750)
• Console Cable
• Ethernet Cable for connections between devices
• Computer with Terminal emulation software e.g. PuTTY

IPv4 Address Table:

A. IPv4 Address Table:

Device Name	Interface ID	IP Address	Subnet-Mask
R1	Gig0/0/0	10.1.1.1	255.255.255.248
R2	Gig0/0/0	10.1.1.2	255.255.255.248
R3	Gig0/0/0	10.1.1.3	255.255.255.248
R4	Gig0/0/0	10.1.1.4	255.255.255.248
NTP Server	N/A	10.1.1.1	N/A

List of Command Summary:

Command	Command Description
enable	enters privileged EXEC mode.
configure terminal	enters global configuration mode from privileged EXEC mode.
hostname [hostname]	assign a device name to router.
show interfaces status	provides a summary of the current status of all interfaces on a Cisco switch. This command displays important information about each interface, including: Port: The interface identifier (e.g., Gi1/0/1). Name: The name or description assigned to the interface, if any. Status: The operational status of the interface (e.g., connected, notconnect, err-disabled). Vlan: The VLAN that the interface is assigned to. Duplex: The duplex mode of the interface (e.g., full, half, auto). Speed: The speed of the interface (e.g., 10, 100, 1000 Mbps, auto). Type: The type of interface (e.g., 10/100/1000BaseTX, SFP). This command is useful for quickly assessing the operational state and configuration details of all interfaces on the switch.
clock set [hh:mm:ss  Current Time] [Day of the month] [MONTH] [Year]	used on Cisco routers and switches to manually set the system clock to a specific time
ntp master [Act as NTP master clock]	used on Cisco routers or switches to configure the device as an NTP (Network Time Protocol) master clock. When a device is set to be the NTP master, it will act as a time source for other devices in the network
clock timezone UTC [Hours offset from UTC]	used to set the time zone on a Cisco device, and it helps adjust the device’s internal clock to match the correct local time zone. This command is followed by the time zone’s name and an offset from UTC (Coordinated Universal Time)
ntp authentication-key [Key number] md5 [Authentication key]	used to configure an authentication key for NTP (Network Time Protocol) to enhance security. By enabling authentication, you ensure that only devices with the correct key can synchronize with the NTP serve
show ntp status	provides detailed information about the current status of the NTP (Network Time Protocol) synchronization process. This output is useful for verifying whether a device is synchronized with an NTP server and troubleshooting any issues related to time synchronization
show ntp associations	used to display detailed information about the current NTP associations, which indicates the status of NTP servers that the device is synchronized with or attempting to synchronize to. This command helps you monitor the NTP servers the device is using and verify the synchronization status
show clock	used to display the current time and date on the device. It shows the system clock, which is important for troubleshooting and ensuring accurate logging, time-based configurations (like ACLs), and synchronization with external time sources
ntp server [IP address of peer]	used on Cisco devices to configure an NTP (Network Time Protocol) server. When executed, it tells the router or switch to use the specified IP address as an NTP server to synchronize its clock. This ensures that the device’s system time stays accurate by syncing it to a more reliable external time source, which is critical for tasks like logging, time-based access control lists (ACLs), and event scheduling
ntp authenticate	enable NTP authentication, which secures the time synchronization process by ensuring that the NTP server is trusted before the device synchronizes its time
ntp trusted-key [Key number]	used in Cisco devices to specify which NTP authentication keys are trusted for synchronizing the device’s clock. When you enable NTP authentication, you must configure which keys are considered valid by using this command. The trusted key tells the NTP client to trust the server that uses the matching key
ping [ip-address] -n 100	used to send a series of Internet Control Message Protocol (ICMP) Echo Request packets to a specified IP address, with the option to specify the number of packets to send.
description “DESCRIPTION OF SOME SORT”	used to assign a descriptive text label to a network interface on a device such as a router or switch. This description helps administrators to identify the purpose or details of the interface more easily when managing and troubleshooting the network.
show ip interface brief | include lan	used on Cisco devices to display a summarized list of all IP interfaces configured on the device and filter the output to only show interfaces that contain the keyword “lan” in their configuration. This command is helpful for quickly identifying and troubleshooting interfaces related to LAN (Local Area Network) configurations within the device’s network environment
ipconfig /all	used in Windows operating systems to display detailed information about all network interfaces and their configurations.
no shutdown	enables an interface.
show running-config	save the running configuration to the startup-configuration file.
show running-config | section interface GigabitEthernet0/*	used to display the configuration details of a specific GigabitEthernet interface (interface GigabitEthernet0/) within the running configuration of a Cisco device. This command allows you to view the configuration settings related to the specified interface only, filtering out other configuration sections. It provides a focused view of the configuration parameters associated with the specified interface, including its IP address, VLAN membership, trunking settings, and any other relevant configuration details. The asterisk (*) is a wildcard character that matches any character or sequence of characters. In this context, it is used to match any subinterface under GigabitEthernet0.
show running-config | section interface FastEthernet0/1$	The “show running-config | section interface FastEthernet0/1$” command is similar to the previous one, but it focuses specifically on the FastEthernet0/1 interface. The “$” symbol at the end of the interface name indicates that the command will match only the interface that ends with “FastEthernet0/1”. This command is helpful when you want to view the configuration details of a specific FastEthernet interface without displaying configurations for other interfaces.
copy running-config startup-config	used to save the currently running configuration (stored in the RAM) to the startup configuration (stored in the NVRAM)
end	exit configuration mode.
exit	exits one level in the menu structure command.

Lab Task:

1. Basic Configuration – Configure IP Addresses on all Routers:
   1. On each Router you need to configure interface Gig0/0/0 with the appropriate IPv4 addresses. Include an interface description and enable the interfaces.
   2. Initiate a ping from R1 to R2, R3 and R4 to check connectivity.
   3. Perform in-flight checks.
2. NTP Server Configuration on R1:
   1. Set the clock on Router 1 (you can adjust it to a specific time for testing if you wish).
   2. Enable NTP service on R1 and set it as the NTP server and set the stratum level to 3.
   3. Configure R1 to use Universal Time Coordinated (UTC) as its time zone and set the internal clock to reflect your local time zone.
   4. Enable NTP authentication on R1 to secure time synchronization. Please use this password IEE_NTP_PASS and use key 1.
   5. Perform in-flight checks.
3. NTP Client Configurations on R2, R3 and R4:
   1. Set up the device to synchronize its time with an NTP server at IP address 10.1.1.1.
   2. Enable NTP authentication for secure time synchronization
   3. Configure an MD5 authentication key with an ID of 1 and a password of IEE_NTP_PASS
   4. Make the device trust the NTP server’s key ID.
   5. After completing these steps, verify that the configuration has been applied correctly and check the device’s NTP status. If NTP didn’t synchronize then troubleshoot and try again.
4. Save your configurations.

Lab Solution:

1- Basic Configuration – Configure IP Addresses on all Routers:
a. On each Router you need to configure interface Gig0/0/0 with the appropriate IPv4 addresses. Include an interface description and enable the interfaces.

On R1:
R1#configure terminal
R1(config)#interface gigabitEthernet 0/0/0
R1(config-if)#description “Link to Switch1”
R1(config-if)#ip address 10.1.1.1 255.255.255.248
R1(config-if)#no shutdown
R1(config-if)#end
R1#

On R2:
R2#configure terminal
R2(config)#interface gigabitEthernet 0/0/0
R2(config-if)#description “Link to Switch1”
R2(config-if)#ip address 10.1.1.2 255.255.255.248
R2(config-if)#no shutdown
R2(config-if)#end
R2#

On R3:
R3#configure terminal
R3(config)#interface gigabitEthernet 0/0/0
R3(config-if)#description “Link to Switch3”
R3(config-if)#ip address 10.1.1.3 255.255.255.248
R3(config-if)#no shutdown
R3(config-if)#end
R3#

On R4:
R4#configure terminal
R4(config)#interface gigabitEthernet 0/0/0
R4(config-if)#description “Link to Switch3”
R4(config-if)#ip address 10.1.1.4 255.255.255.248
R4(config-if)#no shutdown
R4(config-if)#end
R4#

b. Initiate a ping from R1 to R2, R3 and R4 to check connectivity.

c. Perform in-flight checks.

2- NTP Server Configuration on R1:
a. Set the clock on Router 1 (you can adjust it to a specific time for testing if you wish).

R1#clock set 09:00:00 10 Nov 2024

b. Enable NTP service on R1 and set it as the NTP server and set the stratum level to 3.

R1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
R1(config)#ntp master 3
R1(config)#

c. Configure R1 to use Universal Time Coordinated (UTC) as its time zone and set the internal clock to reflect your local time zone.

R1(config)#clock timezone UTC 0
R1(config)#

d. Enable NTP authentication on R1 to secure time synchronization. Please use this password IEE_NTP_PASS and use key 1.

R1(config)#ntp authentication-key 1 md5 IEE_NTP_PASS
R1(config)#end
R1#

e. Perform in-flight checks.

We can issue the following commands:
1) show ntp status
2) show ntp associations
3) show clock

The show ntp status command output provides information about the NTP (Network Time Protocol) synchronization status of router R1. Here’s a breakdown of each line of the output:
1> Clock is synchronized, stratum 3, reference is 127.127.1.1:

• Clock is synchronized: Indicates that R1’s clock is synchronized with an NTP server.
• Stratum 3: Shows the stratum level of the time source. Stratum levels indicate the distance from an authoritative time source (stratum 1). In this case, R1 is synchronized to a stratum 3 device.
• Reference is 127.127.1.1: Displays the reference clock, which is the IP address of the NTP server R1 is using. Here, 127.127.1.1 is a loopback address, meaning the router might be using its own internal clock.
  2> Nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2^24:
• Nominal freq and actual freq: Show the nominal (intended) frequency and the actual measured frequency of the system’s clock. A small discrepancy here is normal.
• Precision: Expressed as 2^24, this value reflects the level of accuracy the system can achieve.
  3> Reference time is EAACD117.00000206 (9:4:23.518 UTC Sun Nov 10 2024):
• This line shows the last time (in hexadecimal and human-readable format) when R1’s clock synchronized with the reference clock.
  4> Clock offset is 0.00 msec, root delay is 0.00 msec:
• Clock offset: Displays the difference between R1’s clock and the NTP server’s clock. Here, it is precisely aligned with the server (0.00 ms offset).
• Root delay: Indicates the total round-trip time (RTT) delay to the root time source in milliseconds.
  5> Root dispersion is 0.00 msec, peer dispersion is 0.24 msec:
• Root dispersion: The maximum error relative to the primary reference source, showing the accuracy of the time.
• Peer dispersion: Shows the variance in time from the connected peer, which is low here at 0.24 ms, meaning the time source is stable.
  6> Loopfilter state is ‘CTRL’ (Normal Controlled Loop), drift is -0.000001193 s/s:
• Loopfilter state: Indicates the status of the control loop that keeps R1’s clock in sync. CTRL (Controlled Loop) shows the system is actively maintaining synchronization.
• Drift: Shows how much the clock naturally drifts over time, in seconds per second (s/s). Here, the drift is very small.
  7> System poll interval is 5, last update was 30 sec ago:
• System poll interval: Indicates the frequency at which R1 queries the NTP server. An interval of 5 corresponds to about 32 seconds.
• Last update: Shows the last time R1’s clock was updated, which was 30 seconds ago.

The show ntp associations command output on router R1 provides a snapshot of the NTP (Network Time Protocol) associations, displaying details about each NTP server or peer R1 communicates with for time synchronization. Here’s an explanation of each column and symbol:
1> Address (127.127.1.1)

• This is the IP address of the NTP server that R1 is synchronized to. In this case, 127.127.1.1 represents the local clock, meaning R1 is using its internal clock as the time source.
  2> Ref Clock (.LOCL.)
• The reference clock shows the type of time source the NTP server is using. Here, .LOCL. is an indication of a local clock source, meaning R1 has no external NTP servers and is syncing to its own clock.
  3> Stratum (st) (2)
• This is the stratum level of the NTP server, indicating how close it is to an authoritative time source. Stratum 2 means this server is directly connected to a stratum 1 time source (the most accurate).
  4> When (5)
• This field shows the time (in seconds) since R1 last queried this NTP server. A low number here indicates recent communication with the server.
  5> Poll (64)
• This is the polling interval in seconds, specifying how often R1 queries the NTP server for time updates. Here, 64 seconds is the polling interval.
  6> Reach (377)
• The reach field is an octal representation (from 0 to 377) showing the success of the last eight NTP queries to this server. A value of 377 means all attempts in the last eight intervals were successful, indicating stable communication with the time source.
  7> Delay (0.00)
• Delay measures the round-trip time in milliseconds to reach the NTP server. Here, a delay of 0.00 ms suggests either minimal latency or that R1 is synchronizing to its own clock.
  8> Offset (0.00)
• Offset represents the difference in time (in milliseconds) between R1’s clock and the NTP server’s clock. An offset of 0.00 ms shows no discrepancy, meaning R1’s clock is perfectly in sync with the server.
  9> Dispersion (0.24)
• Dispersion is a measure of the maximum error between R1’s clock and the NTP server’s clock. Here, a low dispersion (0.24 ms) indicates high accuracy and minimal time drift.

Symbols Explanation
1) * (asterisk): Indicates that the server is the “sys.peer,” meaning it’s the primary NTP source currently used for time synchronization.
2) ~ (tilde): Represents that the NTP server is configured on the router.

3- NTP Client Configurations on R2, R3 and R4:
a. Set up the device to synchronize its time with an NTP server at IP address 10.1.1.1.

On R2:
R2#configure terminal
R2(config)#ntp server 10.1.1.1

On R3:
R3#configure terminal
R3(config)#ntp server 10.1.1.1

On R4:
R4#configure terminal
R4(config)#ntp server 10.1.1.1

b. Enable NTP authentication for secure time synchronization

On R2:
R2(config)#ntp authenticate

On R3:
R3(config)#ntp authenticate

On R4:
R4(config)#ntp authenticate

c. Configure an MD5 authentication key with an ID of 1 and a password of IEE_NTP_PASS

On R2:
R2(config)#ntp authentication-key 1 md5 IEE_NTP_PASS

On R3:
R3(config)#ntp authentication-key 1 md5 IEE_NTP_PASS

On R4:
R4(config)#ntp authentication-key 1 md5 IEE_NTP_PASS

d. Make the device trust the NTP server’s key ID.

On R2:
R2(config)#ntp trusted-key 1

On R3:
R3(config)#ntp trusted-key 1

On R4:
R4(config)#ntp trusted-key 1

e. After completing these steps, verify that the configuration has been applied correctly and check the device’s NTP status. If NTP didn’t synchronize then troubleshoot and try again.

We can issue the commands that we used in the previous step:
1) show clock

2) show ntp status

3) show ntp association

4- Save your configurations.

Troubleshooting steps:

1. Verify Network Connectivity
   1. Ping the NTP Server: Ensure the NTP client device can reach the NTP server by pinging the server IP.
   2. Traceroute: Use traceroute to check for any routing issues or delays that may prevent the device from accessing the server.
2. Check NTP Configuration
   1. NTP Server Settings: Confirm that the NTP server IP is correctly configured on the client.
   2. Authentication: If using authentication, verify that the keys match on both the NTP client and server. Ensure the authentication key ID and password are correctly configured.
   3. NTP Access Control: Some NTP servers use access control lists (ACLs) to restrict which devices can synchronize with them. Check that the client IP is allowed.
3. Confirm Time Zone and Offset Settings
   1. Ensure the time zone and UTC offset settings on the client match the intended configuration. Misconfigured time zones can lead to the appearance of incorrect times even when synchronization occurs.
4. Verify NTP Status and Logs
   1. NTP Association Status: Use commands like show ntp status or show ntp associations to check if the device has associated with the server and if synchronization is successful.
   2. Logs and Debugging: Enable debugging for NTP (debug ntp events) to check for any error messages that may indicate configuration issues or synchronization failures.
5. Check NTP Server Status
   1. Confirm that the NTP server itself is operational and synchronized to a valid time source, especially if using an external server. The server’s time source might be down, which would prevent it from providing accurate time to clients.
6. Ensure Port Access
   1. Firewall Rules: NTP uses UDP port 123. Check that any firewall or network security device along the path allows traffic on this port.
7. Check for System Clock Issues
   1. Some devices may have hardware clock problems that prevent them from syncing correctly. Check system logs for any indications of hardware clock or battery issues, especially if the device frequently loses time.

If these steps don’t resolve the issue, verifying with an alternative NTP server or consulting the device’s specific NTP documentation can provide additional guidance.

Conclusion:

Configuring NTP is a foundational skill for network management and is vital for ensuring accurate event logging, troubleshooting, and security. This lab provided hands-on experience in setting up a Cisco router as an NTP server and synchronizing other devices to it, along with useful verification and troubleshooting techniques. Proper time synchronization is crucial for maintaining network integrity and reliability.

Packet Tracer Lab (Pre/Post configuration):

Download the file below and open the word document to access the Packet Tracer labs.