CCIE Practical Studies, Volume I

 <  Free Open Study  >  

Lab 34: Configuring NTP Servers, Clients, and Authentication ”Part II

Lab Walkthrough

After completing the physical installation of the LAN and WAN segments, you should establish IP connectivity among all the routers. Before trying to configure NTP, be sure to perform source ping s from each router's Ethernet to verify end-to-end connectivity.

Beginning with the mngt_router, configure the IP address of the Ethernet E0 port and the serial port. This is not the DCE side of the serial link, so no clock rate command is needed. The WAN protocol is HDLC, so you do not need to configure an encapsulation type on this link.

On the client_router, you need to configure an IP address on the E0 port and the S1 port. Because this side is the DCE end, you need to add the clock rate command.

Before moving on to OSPF, be sure that each router can ping the other router's serial port. The WAN is considered a local network, and the remote end should be reachable .

To configure OSPF on the mngt_router, you need to add two network statements and an area subcommand. Example 17-20 lists the relevant IP configuration for the mngt_router as it stands at this point.

Example 17-20 Relevant IP Configuration for the mngt_router

! hostname mngt_router ! interface Ethernet0 ip address 98.10.10.1 255.255.255.0 media-type 10BaseT ! interface Serial0 ip address 98.10.128.1 255.255.255.252 no ip mroute-cache ! router ospf 100 network 98.10.10.1 0.0.0.0 area 0 network 98.10.128.1 0.0.0.0 area 100 area 100 stub

Configuring OSPF on the client_router is similar. Because the entire router exists in a stub area, you can simplify the config by using a wildcard mask on the network statement. Again, you also need the area stub command for Area 100. Example 17-21 lists the relevant IP configuration for the client_router.

Example 17-21 Relevant IP Configuration for the client_router

hostname client_router ! interface Ethernet0 ip address 98.10.16.1 255.255.255.0 ! interface Serial0 no ip address shutdown no fair-queue ! interface Serial1 ip address 98.10.128.2 255.255.255.252 clockrate 2000000 ! router ospf 100 network 98.10.0.0 0.0.255.255 area 100 area 100 stub !

Moving on to the NTP portion of the config, you need to configure the following:

  • NTP master with a stratum level of 5 on the mngt_router

  • MD5 authentication with trusted key of 2 and a password of cns

  • NTP client on the client_router so that its stratum is 6 when synced

  • Time zone of PAC with an offset of “8 from UTC

  • Optionally, daylight saving time across the network, with the name of S-PAC

To configure the NTP on the mngt_router, you need to add the command ntp master 5. The 5 sets the stratum to 6 on the client side when it synchronizes with the client_router. To enable authentication, follow this three-step process:

Step 1. Enable authentication.

Step 2. Define authentication keys.

Step 3. Define trusted keys.

Example 17-22 illustrates performing these commands on the master_router. The exact same authentication commands will be used on the client_router.

Example 17-22 Configure NTP and MD5 Authentication on the mngt_router

mngt_router(config)# ntp master 5 mngt_router(config)# ntp authenticate mngt_router(config)# ntp authentication-key 3 md5 cns mngt_router(config)# ntp trusted-key 3 mngt_router(config)# exit

Configuring the client router is similar to configuring the master, except that you use the ntp server 98.10.128.l command in place of the ntp master command. The authentication portions of the configuration will be identical to those of the mngt_router.

Check the status of NTP synchronization by using the show ntp status and show ntp assoc commands. Performing these commands on the client_router generates the output listed in Example 17-23.

Example 17-23 show ntp status and show ntp assoc Command Output

client_router# show ntp status Clock is synchronized, stratum 6, reference is 98.10.128.1 nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19 reference time is BD19C766.31F0D0F5 (17:07:50.195 UTC Fri Jul 14 2000) clock offset is -0.3234 msec, root delay is 4.46 msec root dispersion is 0.52 msec, peer dispersion is 0.15 msec client_router# client_router# show ntp assoc address ref clock st when poll reach delay offset disp *~98.10.128.1 127.127.7.1 5 59 64 377 4.5 -0.32 0.2 * master (synced), # master (unsynced), + selected, - candidate, ~ configured client_router#

Example 17-23 verifies that the clock is synchronized and that the stratum is set to 6. Also note that the clock has the appropriate reference, which should be the one that you configured.

Finally, you need to set the time and clock in accordance with the time zone and name specified in the lab. To configure this, use the clock timezone PAC “8 command on both the client and the host router. Now when you view the time, the UTC time should be replaced with PAC time and should be offset by 8 hours.

The optional part of the lab consists of adding daylight saving time to the network. This is accomplished by using the clock summer-time S-PAC recurring command on both routers. If you are in daylight saving time, your router will now have output similar to Example 17-24.

Example 17-24 show ntp status While in Daylight Saving Time

client_router# show ntp status Clock is synchronized, stratum 6, reference is 98.10.128.1 nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19 reference time is BD19CA66.316D2935 (10:20:38.193 S-PAC Fri Jul 14 2000) clock offset is -0.5572 msec, root delay is 4.49 msec root dispersion is 0.66 msec, peer dispersion is 0.06 msec client_router#

Example 17-25 shows the configurations for both routers.

Example 17-25 Configurations for the mngt_router and the client_router

hostname client_router ! enable password cisco ! clock timezone PAC -8 clock summer-time S-PAC recurring ! interface Ethernet0 ip address 98.10.16.1 255.255.255.0 ! <<<text omitted>>> ! interface Serial1 ip address 98.10.128.2 255.255.255.252 clockrate 2000000 ! <<<text omitted>>> ! router ospf 100 network 98.10.0.0 0.0.255.255 area 100 area 100 stub ! ip classless ! <<<text omitted>>> ! ntp authentication-key 2 md5 070C2F5F 7 ntp authenticate ntp trusted-key 2 ntp clock-period 17179866 ntp server 98.10.128.1 _____________________________________________________ hostname mngt_router ! enable password cisco ! clock timezone PAC -8 clock summer-time S-PAC recurring ! ! interface Ethernet0 ip address 98.10.10.1 255.255.255.0 media-type 10BaseT ! <<<text omitted>>> ! interface Serial0 ip address 98.10.128.1 255.255.255.252 no ip mroute-cache ! <<<text omitted>>> ! router ospf 100 network 98.10.10.1 0.0.0.0 area 0 network 98.10.128.1 0.0.0.0 area 100 area 100 stub ! ip classless ! <<<text omitted>>> ! ntp authentication-key 2 md5 104D070A 7 ntp authenticate ntp trusted-key 2 ntp master 5

 <  Free Open Study  >  

Категории