Skip to main content
Cisco SD-WAN
Support
Product Documentation
Viptela Documentation

ntp

system ntp—Configure Network Time Protocol (NTP) servers and MD5 authentication keys for the NTP servers.

Configuring NTP on a Viptela device allows that device to contact NTP servers to synchronize time. Other devices are allowed to ask a Viptela device for the time, but no devices are allowed to use the Viptela device as an NTP server.

vManage Feature Template

For all Viptela devices:

Configuration ► Templates ► NTP

Command Hierarchy

system
  ntp
    keys
      authentication key-id md5 md5-key
      trusted key-id
  ​  server (dns-server-address | ipv4-address)
      key key-id
      prefer
      source-interface interface-name
  ​    version number  ​    
      vpn vpn-id

Options

Interface for NTP To Use
source-interface interface-name
Configure outgoing NTP packets to use a specific interface to reach the NTP server. The interface must be located in the same VPN as the NTP server. If it is not, the configuration is ignored. This option establishes the identify of outgoing packets, but has no effect on how the packets are routed to the NTP server. The actual interface used to reach the server is determined solely by a routing decision made in the software kernel.
Location of NTP Server
server (dns-server-address | ipv4-address)
Configure the location of an NTP server, either by specifying its IPv4 address or the address of a DNS server that knows how to reach the NTP server. You can configure up to four NTP servers. The software uses the server at the highest stratum level.
MD5 Authentication
authentication key-id md5 md5-key
trusted key-id
key key-id
Enable MD5 authentication for NTP servers. Each MD5 key is identified by a key-id, which can be a number from 1 through 65535. For md5-key, enter either a cleartext or an AES-encrypted key.
To designate an MD5 authentication key as trustworthy, specify the key in the trusted command.
To associate an MD5 authentication key with a server, specify the key in the key command. For the key to work, you must mark it as trusted.
NTP Version
version number
Version of the NTP protocol software.
Range: 1 through 4
Default: 4
Prefer an NTP Server
prefer
If you configure multiple NTP servers, the software chooses the one with the highest stratum level. If more than one server is at the same stratum level, you can prefer that server by configuring it as prefer.
VPN to Reach NTP Server
vpn vpn-id
VPN to use to reach the NTP server, or VPN in which the NTP server is located. vpn-id can be from 0 through 65530. If you configure multiple NTP servers, they must all be located or reachable in the same VPN.
Range: 0 through 65530
Default: VPN 0

Example

Configure three NTP servers, including one that uses an NTP server provided by the NTP Pool Project at the Network Time Foundation. The local NTP servers use MD5 authentication.

vEdge# show running-config system ntp
system
 ntp
  keys
   authentication 1001 md5 $4$KXLzYT9k6M8zj4BgLEFXKw==
   authentication 1002 md5 $4$KXLzYTxk6M8zj4BgLEFXKw==
   authentication 1003 md5 $4$KXLzYT1k6M8zj4BgLEFXKw==
   trusted 1001 1002
  !
  server 192.168.15.243
   key     1001
   vpn     512
   version 4
  exit
  server 192.168.15.242
   key     1002
   vpn     512
   version 4
  exit
  server us.pool.ntp.org
   vpn     512
   version 4
  exit
 !
!

vEdge# show ntp peer | table

INDEX  REMOTE           REFID              ST  TYPE  WHEN  POLL  REACH  DELAY   OFFSET  JITTER
----------------------------------------------------------------------------------------------
1      +192.168.15.243  17.253.6.253       2   u     57    64    377    0.126   -3.771  0.740
2      192.168.15.242  .INIT.              16  u     -     64    0      0.000   0.000   0.000
3      *69.50.231.130  216.218.254.202     2  u      60    64    377    14.694  0.239   2.174

vEdge# show ntp associations | table
                                                           LAST
IDX  ASSOCID  STATUS  CONF  REACHABILITY  AUTH  CONDITION  EVENT     COUNT
--------------------------------------------------------------------------
1    18345    f41a    yes   yes           ok    candidate  sys_peer  1
2    18346    eb5a    yes   no            bad   reject     2         2
3    18347    961a    yes   yes           none  sys.peer   sys_peer  1

Release Information

Command introduced in Viptela Software Release 14.1.​
Support for up to four NTP servers, MD5 authentication, and configuring the source interface added in Release 15.4.

Additional Information

See the Configuring Time and Location article for your software release.
allow-service

  • Was this article helpful?