Cisco IOS Secure NTP Configuration

Synchronize Cisco IOS device clock with trusted and authenticated NTP servers. <p>The <%NTP KEY%> must be the same on both the router and the NTP servers.</p> <p>NOTE: Only the peer and serve-only ACL's are set here, you may wish to change to query-only or serve.</p> <p> - peer, Allows time requests and NTP control queries and allows the system to synchronize to the remote system.</br> - query-only, Allows only NTP control queries. See RFC 1305 (NTP version 3).</br> - serve, Allows time requests and NTP control queries, but does not allow the system to synchronize to the remote system.</br> - serve-only, Allows only time requests.</br> </p>

cstubbs
July 8, 2012
Network address

Wildcard against network address

Specific interface if required, or use loop0 if you have one.

Key ID (number)

Plain text key

IP address

IP address

!
access-list 15 remark NTP Peer Only ACL
access-list 15 permit host %{NTP_SERVER_PRIMARY}%
access-list 15 permit host %{NTP_SERVER_SECONDARY}%
access-list 15 deny any log
!
access-list 16 remark NTP Serve Only ACL
access-list 16 permit %{CLIENT_NETWORK}% %{CLIENT_WILDCARD}%
access-list 16 deny any log
!
ntp source %{NTP_SOURCE_INT}%
!
ntp authentication-key %{NTP_KEY_ID}% md5 %{NTP_KEY}%
ntp trusted-key %{NTP_KEY_ID}%
ntp authenticate
!
ntp access-group peer 15
ntp access-group serve-only 16
!
ntp server %{NTP_SERVER_PRIMARY}% key %{NTP_KEY_ID}% prefer
ntp server %{NTP_SERVER_SECONDARY}% key %{NTP_KEY_ID}%
!
ntp logging
ntp max-associations 4
!