Published 6月 11, 2018 by with 0 comment

CCNP-ISCW-v5.0 Lab 5-8: Configuring NTP


Lab5-8.net file for Dynamips:

##################################################
#
# CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
# Lab 5.8 Configuring NTP
# By Happy Peter  http://blog.xuite.net/juilin77/happy
#
##################################################

autostart=false
[localhost:7200]
 workingdir = /opt/dynamips/dynagen-0.10.1/UTS/CCNP2/Lab5-8/workingconfig

[[3725]]
# Specify 3725 IOS image on Linux here:
 image = /opt/dynamips/images/c3725-ad.bin
 ram = 256
 idlepc =0x60bf8d58
 mmap = true
 ghostios = true
 confreg = 0x2102

###########################
#
# Define router instances 1
#
###########################
 
[[Router R1]]
 model = 3725
 console = 2001
 slot1 = NM-4T

[[Router R2]]
 model = 3725
 console = 2002
 slot1 = NM-4T
 s1/0 = R1 s1/0
 s1/1 = R3 s1/1

[[Router R3]]
 model = 3725
 console = 2003
 slot1 = NM-4T

Objectives
‧ Configure a router as an NTP master server
‧ Configure an NTP server on a router
‧ Configure an NTP peer
‧ Implement NTP authentication


Scenario:
In this lab, you will configure network time protocol (NTP) in a small topology.


Basic Configuration:
enable
configure terminal
!
no ip domain lookup
!
line console 0
 logging synchronous
 exec-timeout 0 0
!
host R*


Step 1: Configure the Physical Interfaces
R1(config)#interface serial 1/0
R1(config-if)#ip address 192.168.12.1 255.255.255.0
R1(config-if)#clock rate 64000
R1(config-if)#no shutdown

R2(config)#interface serial 1/0
R2(config-if)#ip address 192.168.12.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#interface serial 1/1
R2(config-if)#ip address 192.168.23.2 255.255.255.0
R2(config-if)#clock rate 64000
R2(config-if)#no shutdown

R3(config)#interface serial 1/1
R2(config-if)#ip address 192.168.23.3 255.255.255.0
R3(config-if)#no shutdown


Step 2: Set Up the NTP Master
R1 is the master NTP server in this lab. All other routers learn their time from it, either directly or indirectly.
To set the time on the router, use the clock set time command.
R1#clock set 15:23:00 27 sept 2008
*Sep 27 15:23:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:10:32 UTC Fri Mar 1 2002 to 15:23:00 UTC Sat Sep 27 2008, configured from console by console.
R1#show clock                   
15:23:08.955 UTC Sat Sep 27 2008

Configure R1 as the NTP master using the ntp master stratum command in global configuration mode.
R1(config)#ntp master 5


Step 3: Configure an NTP Client
R2 will become an NTP client of R1.
R2(config)#ntp server 192.168.12.1

After a while, verify that R2 has made an association with R1
R2#show ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
*~192.168.12.1     127.127.7.1       5    25    64  377     3.4    2.52    11.5
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

R2#show ntp associations detail
192.168.12.1 configured, our_master, sane, valid, stratum 5
ref ID 127.127.7.1, time CC88CF2F.F5C56FF0 (15:26:39.960 UTC Sat Sep 27 2008)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 377, sync dist 13.214
delay 3.43 msec, offset 2.5237 msec, dispersion 11.47
precision 2**18, version 3
org time CC88CF6D.EF9D215E (15:27:41.935 UTC Sat Sep 27 2008)
rcv time CC88CF6D.F1A50EEE (15:27:41.943 UTC Sat Sep 27 2008)
xmt time CC88CF6D.EF950A18 (15:27:41.935 UTC Sat Sep 27 2008)
filtdelay =     4.26   29.79   15.81   23.97    3.97   14.80   29.85    3.43
filtoffset =   -5.80    5.29   21.54   25.16   -9.64   -7.24    5.41    2.52
filterror =     0.02    0.03    0.05    0.06    0.08    0.09    0.11    0.12


Step 4: Configure NTP Peers with MD5 Authentication
To avoid a spoofing problem, configure MD5 authentication between the two NTP peers, R2 and R3.
R2(config)#ntp authenticate
R2(config)#ntp authentication-key 1 md5 cisco
R2(config)#ntp trusted-key 1

R3(config)#ntp authenticate
R3(config)#ntp authentication-key 1 md5 cisco
R3(config)#ntp trusted-key 1

Configure the NTP peer on R3. NTP peers have a passive side and an active side. You only have to configure the active side, in this case R3. Do not configure peers on both sides of the peer relationship, or it will not work.
R3(config)#ntp peer 192.168.23.2

It may take a few moments for the relationship to establish.
R1#show ntp status
Clock is synchronized, stratum 5, reference is 127.127.7.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is CC88D7AF.F5BBB905 (16:02:55.959 UTC Sat Sep 27 2008)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec
R1#
R1#show ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
*~127.127.7.1      127.127.7.1       4    55    64  377     0.0    0.00     0.0
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
R1#
R1#show ntp associations detail
127.127.7.1 configured, our_master, sane, valid, stratum 4
ref ID 127.127.7.1, time CC88D7EF.F5BB4FB4 (16:03:59.959 UTC Sat Sep 27 2008)
our mode active, peer mode passive, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 377, sync dist 0.015
delay 0.00 msec, offset 0.0000 msec, dispersion 0.02
precision 2**18, version 3
org time CC88D7EF.F5BB4FB4 (16:03:59.959 UTC Sat Sep 27 2008)
rcv time CC88D7EF.F5BB4FB4 (16:03:59.959 UTC Sat Sep 27 2008)
xmt time CC88D7EF.F5BB33BE (16:03:59.959 UTC Sat Sep 27 2008)
filtdelay =     0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filtoffset =    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filterror =     0.02    0.99    1.97    2.94    3.92    4.90    5.87    6.85
Reference clock status:  Running normally
Timecode:

R2#show ntp status
Clock is synchronized, stratum 6, reference is 192.168.12.1
nominal freq is 250.0000 Hz, actual freq is 249.9993 Hz, precision is 2**18
reference time is CC88D7E4.FC86D3A5 (16:03:48.986 UTC Sat Sep 27 2008)
clock offset is 11.3828 msec, root delay is 3.74 msec
root dispersion is 30.03 msec, peer dispersion is 18.63 msec
R2#
R2#show ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
*~192.168.12.1     127.127.7.1       5     3   128  377     4.1  -17.96    17.7
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
R2#
R2#show ntp associations detail
192.168.12.1 configured, our_master, sane, valid, stratum 5
ref ID 127.127.7.1, time CC88D7EF.F5BB4FB4 (16:03:59.959 UTC Sat Sep 27 2008)
our mode client, peer mode server, our poll intvl 128, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 377, sync dist 19.760
delay 4.06 msec, offset -17.9606 msec, dispersion 17.70
precision 2**18, version 3
org time CC88D824.F4BAA116 (16:04:52.955 UTC Sat Sep 27 2008)
rcv time CC88D824.F9D9269F (16:04:52.975 UTC Sat Sep 27 2008)
xmt time CC88D824.F8CDCFCB (16:04:52.971 UTC Sat Sep 27 2008)
filtdelay =     4.06   20.16   16.14   22.25   15.87   19.99   31.63   24.15
filtoffset =  -17.96    3.63   -4.36   14.40   -0.47    3.54    7.49    9.33
filterror =     0.02    0.99    1.97    2.94    3.92    4.90    5.87    6.85

R3#show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
reference time is 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
R3#
R3#show ntp associations

      address         ref clock     st  when  poll reach  delay  offset    disp
 ~192.168.23.2     0.0.0.0          16     -    64    0     0.0    0.00  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
R3#
R3#show ntp associations detail
192.168.23.2 configured, insane, invalid, unsynced, stratum 16
ref ID 0.0.0.0, time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
our mode active, peer mode unspec, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000
delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00
precision 2**5, version 3
org time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
rcv time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
xmt time C0294F3E.946F6681 (00:52:14.579 UTC Fri Mar 1 2002)
filtdelay =     0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filtoffset =    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00
filterror =  16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

R3#
R3#show clock
*00:53:30.435 UTC Fri Mar 1 2002


Final Configurations
R1:
hostname R1
!
no ip domain lookup
!
interface Serial1/0
 ip address 192.168.12.1 255.255.255.0
 clock rate 64000
 no shutdown
!
line con 0
 exec-timeout 0 0
 logging synchronous
ntp master 5
!
end

R2:
hostname R2
!
no ip domain lookup
!
interface Serial1/0
 ip address 192.168.12.2 255.255.255.0
 no shutdown
!
interface Serial1/1
 ip address 192.168.23.2 255.255.255.0
 clock rate 64000
 no shutdown
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
ntp authentication-key 1 md5 030752180500 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179909
ntp server 192.168.12.1
!
end

R3:
hostname R3
!
no ip domain lookup
!
interface Serial1/1
 ip address 192.168.23.3 255.255.255.0
 no shutdown
!
line con 0
 exec-timeout 0 0
 logging synchronous
!
ntp authentication-key 1 md5 045802150C2E 7
ntp authenticate
ntp trusted-key 1
ntp peer 192.168.23.2
!
end


Reference:
Cisco Networking Academy
http://www.cisco.com/web/learning/netacad/index.html

CCNP Version 5.0: Implementing Secure Converged Wide-Area Networks
Student Lab Manual


最初發表 / 最後更新: 2008.10.07 / 2018.06.11

0 comments:

張貼留言