Home > NTP Questions

NTP Questions

January 16th, 2021 Go to comments

Quick review of NTP

NTP uses the concept of a stratum to describe how many NTP hops away a machine is from an authoritative time source, usually a reference clock. A reference clock is a stratum 0 device that is assumed to be accurate and has little or no delay associated with it. Stratum 0 servers cannot be used on the network but they are directly connected to computers which then operate as stratum-1 servers. A stratum 1 time server acts as a primary network time standard.

ntp-stratum.jpg

A stratum 2 server is connected to the stratum 1 server; then a stratum 3 server is connected to the stratum 2 server and so on. A stratum 2 server gets its time via NTP packet requests from a stratum 1 server. A stratum 3 server gets its time via NTP packet requests from a stratum-2 server… A stratum server may also peer with other stratum servers at the same level to provide more stable and robust time for all devices in the peer group (for example a stratum 2 server can peer with other stratum 2 servers).

– NTP is designed to synchronize the time on a network. NTP runs over the User Datagram Protocol (UDP), using port 123 as both the source and destination.
– To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command. An Authoritative NTP Server can distribute time even when it is not synchronized to an existing time server.
– To configure the local device to use a remote NTP clock source, use the command ntp server <IP address>. For example: Router(config)#ntp server 192.168.1.1
– The ntp authenticate command is used to enable the NTP authentication feature (NTP authentication is disabled by default).
– The ntp trusted-key command specifies one or more keys that a time source must provide in its NTP packets in order for the device to synchronize to it. This command provides protection against accidentally synchronizing the device to a time source that is not trusted.
– The ntp authentication-key defines the authentication keys. The device does not synchronize to a time source unless the source has one of these authentication keys and the key number is specified by the ntp trusted-key number command.
– Two most popular commands to display time sources statistics: show ntp status and show ntp associations

Question 1

Explanation

To configure a Cisco device as an Authoritative NTP Server, use the ntp master [stratum] command.

To configure a Cisco device as a NTP client, use the command ntp server <IP address>. For example: Router(config)#ntp server 192.168.1.1. This command will instruct the router to query 192.168.1.1 for the time.

Question 2

Explanation

Below is the output of the “show ntp status” command. From this output we learn that R1 has a stratum of 10 and it is getting clock from 10.1.2.1.

R1#show ntp status
Clock is synchronized, stratum 10, reference is 10.1.2.1
nominal freq is 250.0000 Hz, actual freq is 249.9987 Hz, precision is 2**18
reference time is D5E492E9.98ACB4CF (13:00:25.596 CST Wed Sep 18 2013)
clock offset is 15.4356 msec, root delay is 52.17 msec
root dispersion is 67.61 msec, peer dispersion is 28.12 msec

Question 3

Explanation

To configure authentication, perform this task in privileged mode:

Step 1: Configure an authentication key pair for NTP and specify whether the key will be trusted or untrusted.
Step 2: Set the IP address of the NTP server and the public key.
Step 3: Enable NTP client mode.
Step 4: Enable NTP authentication.
Step 5: Verify the NTP configuration.

Reference: https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4000/8-2glx/configuration/guide/ntp.html

Note: A trusted NTP server may or may not require a secret key so it is not a “must” in this question.

Comments (8) Comments
  1. dotan
    June 15th, 2020

    @9tut
    Hey,
    Regarding question # 3, A and D That is the answer.
    And in other dumps, the answer is D and E.
    Is the answer to your questions well-tested?

    Bg

  2. DAS
    December 28th, 2020

    @9tut please let us know the right answer of question 3

  3. 9tut
    December 29th, 2020

    @dotan, @DAS: We confirm the correct answers of Q.3 are A and D.

  4. enCrypt
    January 24th, 2021

    @dotan @DAS Q3 option E is wrong because you would use the NTP server’s PUBLIC key not its PRIVATE key.
    Only the holder of a private key is supposed to know it…

  5. Anonymous
    August 16th, 2022

    9tut is a best way to pass CCNA EXAME

  6. Anonymous
    August 16th, 2022

    somebody can tell…
    9tut website it is the best way to pass in CCNA EXAME????

  7. N
    March 9th, 2023

    NTP server sims?

  8. meoawa
    October 24th, 2023

    Hi guys someone pass the CCNA by using 9tut? is this really a dumps? or some question is not accurate?

Add a Comment