NTP Server/Master (Sample Config?) [7:789]
I need to setup a 3600 to update it's clock, then supply it's time to the rest of a internal network. I've seen this in done in about 4 lines, but can't find it now on CCO. Anyone have a sample config they can post? Second question, Can a pix be a NTP Master/Server? Thanks in advance, -- Michael Snyder NOC Engineer CCNP-Security, MCSE,CCDP,CCIE-Written [EMAIL PROTECTED] ICQ#17424414 WAMS 273 E. Hacienda Ave Campbell, CA 95008 (408) 341-1530 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=789&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
ntp server a.b.c.d ! where a.b.c.d is your external clock source ntp source ethernet0 ! where ethernet0 is the interface that you use to feed time to the rest of the network It automatically generates ntp clock-period. I don't remember the PIX supporting even taking time from an NTP server, much less being an NTP Master -e- - Original Message - From: "Michael Snyder" To: Sent: Monday, April 16, 2001 9:40 AM Subject: NTP Server/Master (Sample Config?) [7:789] > I need to setup a 3600 to update it's clock, then supply it's time to the > rest of a internal network. > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > Anyone have a sample config they can post? > > > > Second question, Can a pix be a NTP Master/Server? > > > Thanks in advance, > > -- > Michael Snyder > NOC Engineer > CCNP-Security, MCSE,CCDP,CCIE-Written > [EMAIL PROTECTED] > ICQ#17424414 > > WAMS > 273 E. Hacienda Ave > Campbell, CA 95008 > (408) 341-1530 > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=795&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NTP Server/Master (Sample Config?) [7:789]
/fcprt3/fcgenral.htm#xtocid1345017 Watch the wrap. > -Original Message- > From: Michael Snyder [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 16, 2001 11:41 AM > To: [EMAIL PROTECTED] > Subject: NTP Server/Master (Sample Config?) [7:789] > > > I need to setup a 3600 to update it's clock, then supply it's > time to the > rest of a internal network. > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > Anyone have a sample config they can post? > > > > Second question, Can a pix be a NTP Master/Server? > > > Thanks in advance, > > -- > Michael Snyder > NOC Engineer > CCNP-Security, MCSE,CCDP,CCIE-Written > [EMAIL PROTECTED] > ICQ#17424414 > > WAMS > 273 E. Hacienda Ave > Campbell, CA 95008 > (408) 341-1530 > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct > and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=802&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
On Mon, 16 Apr 2001, Michael Snyder wrote: > I need to setup a 3600 to update it's clock, then supply it's time to the > rest of a internal network. > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > Anyone have a sample config they can post? I would look into the IOS configuration guide(s). Relevant section is probably called "Configuring NTP" or something close. Exact URL left to the reader as an exercise. > Second question, Can a pix be a NTP Master/Server? Hmm, why do you want your PIX to skin that racoon? Without any specific figures, I'm going on a limb there, but it seems unlikely that the money value of the added risk is worth the few grands that a peecee running a free Unix, coupled to a receiver for a radio time source, eg GPS, would cost you. -- "Someone approached me and asked me to teach a javascript course. I was about to decline, saying that my complete ignorance of the subject made me unsuitable, then I thought again, that maybe it doesn't, as driving people away from it is a desirable outcome." --Me Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=810&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
"Hmm, why do you want your PIX to skin that racoon? Without any specific figures, I'm going on a limb there, but it seems unlikely that the money value of the added risk is worth the few grands that a peecee running a free Unix, coupled to a receiver for a radio time source, eg GPS, would cost you". I got four segments (different subnets) coming from the pix. I can make the router upstream of the pix the ntp master, but it's the same difference to me if the pix could do it. No problem. Thanks for your response. ""ElephantChild"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Mon, 16 Apr 2001, Michael Snyder wrote: > > > I need to setup a 3600 to update it's clock, then supply it's time to the > > rest of a internal network. > > > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > > > Anyone have a sample config they can post? > > I would look into the IOS configuration guide(s). Relevant section is > probably called "Configuring NTP" or something close. Exact URL left to > the reader as an exercise. > > > Second question, Can a pix be a NTP Master/Server? > > Hmm, why do you want your PIX to skin that racoon? Without any specific > figures, I'm going on a limb there, but it seems unlikely that the money > value of the added risk is worth the few grands that a peecee running a > free Unix, coupled to a receiver for a radio time source, eg GPS, would > cost you. > > -- > "Someone approached me and asked me to teach a javascript course. I was > about to decline, saying that my complete ignorance of the subject made > me unsuitable, then I thought again, that maybe it doesn't, as driving > people away from it is a desirable outcome." --Me > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=818&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: NTP Server/Master (Sample Config?) [7:789]
Michael, I am doing exactly that with a 3640 now. router(config)# ntp server x.x.x.x (internet stratus 1 clock server) router(config)# ntp master router(config)# ntp source intx/x (interface that supplies other NTP clients) set other routers ntp server to ip address of 3640 interface specified by ntp source command check synch and status with show ntp status and/or show ntp assoc Scott -Original Message- From: Michael Snyder [mailto:[EMAIL PROTECTED]] Sent: Monday, April 16, 2001 15:54 To: [EMAIL PROTECTED] Subject: Re: NTP Server/Master (Sample Config?) [7:789] "Hmm, why do you want your PIX to skin that racoon? Without any specific figures, I'm going on a limb there, but it seems unlikely that the money value of the added risk is worth the few grands that a peecee running a free Unix, coupled to a receiver for a radio time source, eg GPS, would cost you". I got four segments (different subnets) coming from the pix. I can make the router upstream of the pix the ntp master, but it's the same difference to me if the pix could do it. No problem. Thanks for your response. ""ElephantChild"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > On Mon, 16 Apr 2001, Michael Snyder wrote: > > > I need to setup a 3600 to update it's clock, then supply it's time to the > > rest of a internal network. > > > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > > > Anyone have a sample config they can post? > > I would look into the IOS configuration guide(s). Relevant section is > probably called "Configuring NTP" or something close. Exact URL left to > the reader as an exercise. > > > Second question, Can a pix be a NTP Master/Server? > > Hmm, why do you want your PIX to skin that racoon? Without any specific > figures, I'm going on a limb there, but it seems unlikely that the money > value of the added risk is worth the few grands that a peecee running a > free Unix, coupled to a receiver for a radio time source, eg GPS, would > cost you. > > -- > "Someone approached me and asked me to teach a javascript course. I was > about to decline, saying that my complete ignorance of the subject made > me unsuitable, then I thought again, that maybe it doesn't, as driving > people away from it is a desirable outcome." --Me > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=823&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
The PIX doesn't support NTP (either to poll from or server). You'll want to have your external router polling a few outside sources, and have it provide clock for the inside. NTP uses udp/123, so if you right a tight firewall that's what you have to open up to that outside router. Also, lower end IOS/older routers don't support the full NTP protocol, but often do support SNTP. I'd also suggestion setting your logging to use localtime, and establishing your timezone: service timestamps debug uptime service timestamps log datetime msec localtime show-timezone clock timezone PST -8 clock summer-time PDT recurring ! full NTP support ntp master ntp server 63.192.96.2 ntp server 63.172.195.4 ntp server 132.239.254.5 I suggest first setting the servers, then make sure that you can sync, and then set the master (otherwise it may sync with itself if the others don't work, but say "syncronized" even though it isn't sync'd to anything external). Check it out with: show ntp associations show ntp status ! sntp only server: sntp server 63.192.96.2 sntp server 63.172.195.4 sntp server 132.239.254.5 >From here you only get: show sntp -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""EA Louie"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > ntp server a.b.c.d ! where a.b.c.d is your external clock source > ntp source ethernet0 ! where ethernet0 is the interface that you use to feed > time to the rest of the network > > It automatically generates ntp clock-period. > > I don't remember the PIX supporting even taking time from an NTP server, > much less being an NTP Master > > -e- > ----- Original Message - > From: "Michael Snyder" > To: > Sent: Monday, April 16, 2001 9:40 AM > Subject: NTP Server/Master (Sample Config?) [7:789] > > > > I need to setup a 3600 to update it's clock, then supply it's time to the > > rest of a internal network. > > > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > > > Anyone have a sample config they can post? > > > > > > > > Second question, Can a pix be a NTP Master/Server? > > > > > > Thanks in advance, > > > > -- > > Michael Snyder > > NOC Engineer > > CCNP-Security, MCSE,CCDP,CCIE-Written > > [EMAIL PROTECTED] > > ICQ#17424414 > > > > WAMS > > 273 E. Hacienda Ave > > Campbell, CA 95008 > > (408) 341-1530 > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=824&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: NTP Server/Master (Sample Config?) [7:789]
Oh, and also the public NTP server list is handy. Use stratum 2 servers since the Cisco box isn't ever going to be accurate enough to need stratum 1. http://www.eecis.udel.edu/~mills/ntp/servers.htm Also, never copy the 'ntp clock-period ' command. That is set automatically by the router as it detects "drift" from it's clock and the external servers (in an attempt to fix the "drift"). It's always unique to each router, and they'll figure it out on their own. Worst case, they'll fix it anyway, but I just recommend against it. -- Jason Roysdon, CCNP+Security/CCDP, MCSE, CNA, Network+, A+ List email: [EMAIL PROTECTED] Homepage: http://jason.artoo.net/ ""Davis, Scott [ISE/RAC]"" wrote in message [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > Michael, > > I am doing exactly that with a 3640 now. > router(config)# ntp server x.x.x.x (internet stratus 1 clock server) > router(config)# ntp master > router(config)# ntp source intx/x (interface that supplies other NTP > clients) > > set other routers ntp server to ip address of 3640 interface specified by > ntp source command > > check synch and status with show ntp status and/or show ntp assoc > > Scott > > -Original Message----- > From: Michael Snyder [mailto:[EMAIL PROTECTED]] > Sent: Monday, April 16, 2001 15:54 > To: [EMAIL PROTECTED] > Subject: Re: NTP Server/Master (Sample Config?) [7:789] > > > "Hmm, why do you want your PIX to skin that racoon? Without any specific > figures, I'm going on a limb there, but it seems unlikely that the money > value of the added risk is worth the few grands that a peecee running a > free Unix, coupled to a receiver for a radio time source, eg GPS, would > cost you". > > I got four segments (different subnets) coming from the pix. I can make the > router upstream of the pix the ntp master, but it's the same difference to > me if the pix could do it. > > No problem. Thanks for your response. > > > ""ElephantChild"" wrote in message > [EMAIL PROTECTED]">news:[EMAIL PROTECTED]... > > On Mon, 16 Apr 2001, Michael Snyder wrote: > > > > > I need to setup a 3600 to update it's clock, then supply it's time to > the > > > rest of a internal network. > > > > > > I've seen this in done in about 4 lines, but can't find it now on CCO. > > > > > > Anyone have a sample config they can post? > > > > I would look into the IOS configuration guide(s). Relevant section is > > probably called "Configuring NTP" or something close. Exact URL left to > > the reader as an exercise. > > > > > Second question, Can a pix be a NTP Master/Server? > > > > Hmm, why do you want your PIX to skin that racoon? Without any specific > > figures, I'm going on a limb there, but it seems unlikely that the money > > value of the added risk is worth the few grands that a peecee running a > > free Unix, coupled to a receiver for a radio time source, eg GPS, would > > cost you. > > > > -- > > "Someone approached me and asked me to teach a javascript course. I was > > about to decline, saying that my complete ignorance of the subject made > > me unsuitable, then I thought again, that maybe it doesn't, as driving > > people away from it is a desirable outcome." --Me > > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: > http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] > FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=828&t=789 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
