Cisco Systems DOC-7814982

7-35

Catalyst 2950 Desktop Switch Software Configuration Guide

78-14982-01

Chapter 7 Adminis tering the Switch Managi ng the System Ti me and Dat e

NTP uses the concept of a stratum to de scri be h ow many NT P ho ps away a device is fro m an

author itative time sourc e. A stratu m 1 time server has a radio or at omic cloc k direct ly atta ched , a

stratum 2 time server receives its time through NTP from a stratum 1 time server, and so on. A device

running NTP automatically chooses as its time source the device with the lowest stratum number with

which it communicates through NTP. This strategy effectively builds a self-organizing tree of NTP

speakers.

NTP avoids synchro nizin g to a device whose tim e migh t not be accura te by never synchronizing to a

device that is not synchronized. NTP also compares the time reported by several devices and does not

synchronize to a device whose time is significantly different than the others, even if its stratum is lower.

The co mmunic ations bet ween devices run ning NTP (k nown as associations) are usually statically

configured; each device is given the IP address of all devices with which it should form associations.

Accurat e t imekee ping is po ssible by exch angi ng NTP messa ges be tw ee n ea ch pa ir o f d evices wi th an

associa tion. However, i n a L AN environment, NTP ca n be c onfigured t o use IP b roadc as t m essage s

instead. This alternative reduces configuration complexity because each device can simply be

configured to send or rece ive broadc ast messa ges. However, in that case, in format ion flow is one-way

only.

The time kept on a device is a critical resource; you should use the security features of NTP to avoid the

accidenta l o r malici ous se tting o f an in corr ec t ti me. Two mec ha nis ms are available: an ac cess list-based

restri ctio n scheme and an en crypte d aut hent icatio n mech anism .

Cisco’s implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio

or atom ic clock. We recommend that the time service for your network b e derived from the public NTP

servers available on the IP Internet. Figure 7-3 show a typical network example using NTP.

If the network is isolated from the Internet, Cisco’s implem entat ion of NTP al lows a device to act as

though it is sy nc hron ized thro ugh N TP, w hen in fact it ha s det ermi ned t he t ime by u s ing othe r me an s.

Other devices the n synchroni ze to that device th rough NTP.

When multiple sources of time are available, NTP is always considered to be more authoritative. NTP

time overrides th e ti me s et by a ny othe r met hod .

Se veral man uf act urer s in clud e NTP software for t heir ho st syst ems, an d a p ublic ly availa ble version f or

systems running UNIX and its various derivatives is also available. This software allows host systems

to be time-synchronized as well.