We are working on the following network diagram.
In order to properly work with my existing CCIE security lab i needed a valid ntp server in my virtual LAN, i decided to use windows 2003 box as ntp server for my cisco routers, switches and other linux machines running with the help of GNS3, Virtual Box and VMWare workstation creating a full virtual LAN atmosphere.
The issue with the cisco devices and windows machine ntp synchronization is that cisco devices use NTP , however on the other hand windows machines use SNTP as network time protocol. The difference between NTP and SNTP is that NTP has built in accuracy and validity checks however SNTP has no options for these , so in order to properly setup and use NTP on my virual LAN i decided to use 3rd party NTP softwares that run on top of windows , in this league of 3rd party softwares the best that i found is MEINBERG , the installation of Meinberg on windows box is little tricky , these are the steps that i performed to run Meinberg successfully.
- We can find Meinberg here.
- I have added one more network adapter as NAT on my Windows 2003 box running inside VMware workstation 8 to provide internet connection to my machine so that our ntp server can validate its Time from external authorized time source.
- After downloading we need to execute the file named starting from “[email protected]”.
The next screen will provide us to Agree the license term and conditions, press on “I Agree”.
- Choose install location.
- Choose components , leave it as default.
- After clicking next the installation will happen and then it asks for configuration settings. I used it as follows. Define ntp servers according to your current location and do check the box for “Add local clock as last resort reference , stratum 12” , this will make the system inbuilt clock to act as ntp server in case the ntp servers on the internet are not found.
- Verify the generated ntp.conf file and parameters.
- On the next screen “Create a new user account for ntp”. Check all the parameters as below and click on next.
- Create a new user as ntp and give it a password. And click on next to finish the installation.
- Now go to Start>All Programs>Meinberg>Network time protocol>Quick NTP status And verify the status. In my box it is looking like below. There are other options also available on the same section as “start/stop/restart NTP” , documentation and other useful stuffs.
- As of now our windows server 2003 NTP configuration is up and working , next we will go to our cisco devices and do network configuration there.
- NTP configuration on cisco devices are pretty much straight forward. Here for testing purpose my Windows machine and Cisco router both are running on same Vlan 121 and on subnet 126.96.36.199/24.
R1#sh run | i ntp
ntp server 188.8.131.52 source FastEthernet0/0 –>Here 184.108.40.206 is our windows server 2003 box running Meinberg.
R1#sh run | i clock
clock timezone UTC 5 30 –>Set the clock timezone according to your location.
- Now its time to run few Show commands to validate our configuration.
R1#sh ntp status
Clock is synchronized, stratum 4, reference is 220.127.116.11
nominal freq is 250.0000 Hz, actual freq is 250.0003 Hz, precision is 2**18
reference time is D4C2331F.DE8DBBCE (20:24:23.869 UTC Sun Feb 10 2013)
clock offset is -3.9092 msec, root delay is 369.77 msec
root dispersion is 642.85 msec, peer dispersion is 383.04 msec
R1#sh ntp association
address ref clock st when poll reach delay offset disp
*~18.104.22.168 22.214.171.124 3 63 64 77 8.1 -3.91 383.0
* master (synced), # master (unsynced), + selected, – candidate, ~ configured
R1#sh ntp association detail
126.96.36.199 configured, our_master, sane, valid, stratum 3
ref ID 188.8.131.52, time D4C2318B.BCAEE8B8 (20:17:39.737 UTC Sun Feb 10 2013)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 361.66 msec, root disp 256.85, reach 177, sync dist 579.330
delay 8.10 msec, offset -3.9092 msec, dispersion 137.60
precision 2**20, version 3
org time D4C2335F.DB2617C5 (20:25:27.856 UTC Sun Feb 10 2013)
rcv time D4C2335F.DBD4CDBE (20:25:27.858 UTC Sun Feb 10 2013)
xmt time D4C2335F.D5AC17D8 (20:25:27.834 UTC Sun Feb 10 2013)
filtdelay = 24.02 32.07 24.03 8.10 24.31 47.99 56.67 0.00
filtoffset = 9.35 17.93 0.18 -3.91 -3.60 14.16 -1.17 0.00
filterror = 0.02 0.99 1.97 2.94 3.92 4.90 5.87 16000.0
20:25:42.485 UTC Sun Feb 10 2013
We have working NTP server synchronized with external time source and last resort as itself with stratum 12 in case Internet time server stops working or we loose internet connectivity. As NTP is synchronized my next goal is to test CA server on Cisco router.Enjoy 🙂