Configuring NTP On A Cisco Router

Network Time Protocol (NTP) is a vital service not only for Cisco devices but almost every network device. Any computer-based device needs to be accurately synchronised with a reliable time source such as an NTP server.
When it comes to Cisco routers, obtaining the correct time is extremely important because a variety of services depend on it. The logging service shows each log entry with the date and time - very critical if you're trying to track a specific incident or troubleshoot a problem.
Generally, most Cisco routers have two clocks (most people are unaware of this!): a battery-powered hardware clock, referenced as the 'calendar' in the IOS CLI, and a software clock, referenced as the 'clock' in the IOS CLI.
The software clock is the primary source for time data and runs from the moment the system is up and running. The software clock can be updated from a number of sources:
• NTP Server
• SNTP (Simple NTP)
• VINES Time Source
• Hardware clock (built into the router)
Because the software clock can be configured to be updated from an external source, it is considered more accurate in comparison to the hardware clock. The hardware clock can be configured to be updated from the software clock.

Example Scenario
This article will show you how to configure your Cisco router to synchronise its software clock from external sources such as NTP servers. We will also show you how to configure your router to act as an NTP server for your internal network devices, ensuring all devices are synchronised.
First example involves setting up the router to request NTP updates and synchronise itself from a public NTP server. This will ensure the router's time is constantly synchronised, however it will not act as an NTP server for internal hosts:

We'll need to configure the router to resolve FQDN using our ISP's name server:

Now we instruct our Cisco router to obtain its updates from the public NTP server.

As soon we issue the command, the router will resolve the FQDN into an ip address and begin its synchronisation. Right after issuing the command, we can verify the router is correctly configured and awaiting synchronisation:

The 'show ntp associations' command shows that the system is configured (~) to synchronise with our selected NTP server, however, it is not yet synchronised. When it is, expect to see the star (*) symbol in front of the tilde (~). The 'ref. clock' column shows the IP address of the NTP server from which our public server (1.gr.pool.ntp.org) is synchronising.
It is also worth noting the column named 'st' which is equal to two (2). This represents the stratum level. The higher the stratum, the closer to the Atomic clock source we are. As a general rule, always try to synchronise with a server that has a low stratum.
The 'show ntp status' command confirms that we are yet to be synchronised with the NTP server as it clearly states that the 'clock is unsynchronised' and also shows us the current system time: 1st of Jan. 1900.
After a couple of minutes, we re-visit the CLI prompt and re-issue the commands with the following results:

Looking at the new output, we can see that our Cisco router is now synchronising with the configured peer (*) - public NTP server. Polling of the public NTP server will occur every 64 seconds, as shown in the command output.
The 'show ntp status' command also confirms the synchronisation, however, notice that the router has set its stratum level to 3. This is expected as the reference is stratum 2. The time is now correctly shown (01:17:15.562 Athens Sun Apr 19 2009).

Synchronising Software clock and Hardware clock
Here we'll see how in fact the software and hardware clocks on a Cisco router can have different times and how we can synchronise them between each other.
The following two commands show the difference in time between the two clocks on our Cisco router:

While the difference is small, we want to keep everything in our network synchronised as precisely as possible.
Keep in mind that 'show clock' refers to the software clock and 'show calendar' refers to the hardware clock.
To synchronise the two clocks all we need to do is issue the following command:

The 'ntp update-calendar' forces the hardware clock to synchronise with the system's software clock. After a couple of minutes, we check to see if the two clocks have synchronised:

We can see now that both clocks are accurately synchronised.

Configuring The System as an Authoritative NTP Server
If you want your system to become an authoritative NTP server from which other internal routers or machines can synchronise, you can achieve this with the following command:

The router now acts as an NTP server and is able to respond to internal clients NTP requests. Checking the 'ntp association' will reveal that the router is obtaining its time synchronisation from itself:

Troubleshooting and Monitoring NTP Status
Troubleshooting NTP messages and events is important when you are trying to verify everything is working correctly. You might notice that your Cisco router is not able to create a peer connection with a configured NTP server or your internal LAN clients might not be able to synchronise with your Cisco router; In any case, knowing how to troubleshoot NTPs is something every engineer must be aware of.
Thankfully Cisco provides a number of options that allow you to troubleshoot many aspects of your NTP service.

The most useful debug commands are the 'debug ntp events', 'debug ntp adjust' and 'debug ntp core'. These three commands provide enough debugging to help you troubleshoot problems you might encounter.
Closing, if you would like more information on the ntp associations created by your router you can try the following command:

The 'show ntp associations detail' command will provide much information on the association created with the NTP servers. This is most helpful when you see you are unable to create an association with an NTP server.

Article Summary
This article provided an insight to NTP configuration on Cisco routers. We analysed why the NTP service is important and how it can be used to keep every node in a network synchronised. We examined different methods of NTP synchronisation and provided a fairly in-depth analysis.
If you have found the article useful, we would really appreciate you sharing it with others by using the provided services on the top left corner of this article. Sharing our articles takes only a minute of your time and helps Firewall.cx reach more people through such services.