Thursday, 17 April 2008

Configuring Basic NTP Service

NTP or Network Time Protocol is designed for two reason really to keep your network all running on the same time so that programs such as emails have the correct dates and more importantly so that the logging and encryption on your network is accurate because without it you have no security or way of telling the true time something happened for establishing a time line of events so today we'll look at the Windows model for this.

Its quite simple really in as much as you have triangle hierarchy.

Ideally you should use something like or as your time keeping, as you'll need a service that syncs with the atomic clock, its a simple process to set the time server in your domain from the root server or Primary Domain Controller goto a command prompt and enter the following string as an example.

net time /setsntp:""

However remember that this server must be able to use NTP ports to the external time server, the standard ports for this are UDP 123 for both NTP and SNTP.

Now your domain controllers and workstation should sync with the time on the PDC however if your times on the firewall and routers are not the same as your Domain then the logs from them are not of much use so next I'll show you how to do that.

To set up a Cisco router to participate in an NTP network, simply designate one or more NTP servers.

There are two steps to configuring a Cisco router to be a simple NTP client: first, set the NTP source interface, second, designate one or more NTP servers. The NTP source interface is the network connection from which the NTP control messages will be sent; use the network interface on the same network as the designated server in 90 percent of cases this is your LAN interface, or the one that is the fewest number of network hops distant from the servers.

To add an NTP server use the ntp server command with the source qualifier. The example below shows how to configure the router to use as its NTP server, however if IP Domain-lookup and set some DNS server then you can use FQDN too.

(config)#ip domain-lookup
(config)#ip name-server
(config)#ip name-server
(config)#interface eth0/0
(config-if)#no ntp disable
(config)#ntp server source eth0/0
(config)#ntp server source eth0/0

One finial note is that your domain will have to sync all the PC's this in large domain can take up to 24 hours and by large I mean 600 and more servers with global sites.

Now you should have all your workstations, servers and routers with the same time.

No comments: