Example: Configure NTP as a Single Time Source for Router and Switch Clock Synchronization
We strongly recommend using the Network Time Protocol (NTP) to synchronize the system clocks of routers, switches, and other network equipment. This topic lists a sample configuration.
Debugging and troubleshooting are much easier when the timestamps in the log files of all the routers or switches are synchronized, because events that span the network can be correlated with synchronous entries in multiple logs. We strongly recommend using the Network Time Protocol (NTP) to synchronize the system clocks of routers, switches, and other network equipment.
By default, NTP operates in an entirely unauthenticated manner. If a malicious attempt to influence the accuracy of a router or switch’s clock succeeds, it could have negative effects on system logging, make troubleshooting and intrusion detection more difficult, and impede other management functions.
The following sample configuration synchronizes all the routers or switches in the network to
a single time source. We recommend using authentication to make sure that the NTP peer is
trusted. The boot-server statement identifies the server from which the
initial time of day and date is obtained when the router boots. The server
statement identifies the NTP server used for periodic time synchronization. The
source-address statement enables you to specify one source address per
family for each routing instance, The authentication-key statement specifies
that an HMAC-Message Digest 5 (MD5) scheme should be used to hash the key value for
authentication, which prevents the router or switch from synchronizing with an attacker’s host
posing as the time
server.
[edit]
system {
ntp {
authentication-key 2 type md5 value "$ABC123"; # SECRET-DATA
boot-server 10.1.4.1;
server 10.1.4.2 key 2;
source-address 10.1.4.3 routing-instance ntp-instance;
trusted key 2;
}
}