Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated: 1 00:00:03,330 --> 00:00:06,750 This is a free, complete course for the CCNA. 2 00:00:06,750 --> 00:00:10,529 If you like these videos, please subscribe\n 3 00:00:10,529 --> 00:00:15,218 Also, please like and leave a comment, and\n 4 00:00:18,679 --> 00:00:22,870 In this video we will cover NTP, Network Time\nProtocol. 5 00:00:22,870 --> 00:00:27,520 All computers have an internal clock, including\nnetwork devices. 6 00:00:27,519 --> 00:00:31,339 For a variety of reasons that we will cover\n 7 00:00:31,339 --> 00:00:35,689 devices have an accurate clock that is synchronized\n 8 00:00:38,448 --> 00:00:44,908 NTP is covered in exam topic 4.2, which says\n 9 00:00:44,908 --> 00:00:49,588 NTP operating in client and server mode. 10 00:00:49,588 --> 00:00:53,628 Over the next section of the course I will\n 11 00:00:56,210 --> 00:00:58,370 This video on NTP will be the first. 12 00:00:58,369 --> 00:01:02,718 Here’s what we’ll cover in this video. 13 00:01:02,719 --> 00:01:07,290 First I’ll briefly explain why time is important\n 14 00:01:07,290 --> 00:01:13,049 Then I’ll show you how to manually configure\n 15 00:01:13,049 --> 00:01:17,900 Then we’ll cover the basics of NTP, Network\nTime Protocol. 16 00:01:17,900 --> 00:01:22,368 Finally I’ll show you how to configure NTP\non Cisco devices. 17 00:01:22,368 --> 00:01:26,539 Make sure to watch until the end of the video\n 18 00:01:29,049 --> 00:01:34,420 ExSim practice exams simulate the style and\n 19 00:01:36,438 --> 00:01:39,879 I used them myself, and I highly recommend\nthem. 20 00:01:39,879 --> 00:01:44,560 If you want to get Boson ExSim, follow the\n 21 00:01:44,560 --> 00:01:51,340 First, let me briefly introduce time on network\n 22 00:01:51,340 --> 00:01:53,590 All devices have an internal clock. 23 00:01:53,590 --> 00:01:58,618 That includes routers, switches, your PC,\n 24 00:01:58,618 --> 00:02:02,909 In Cisco IOS, you can view the time with the\nSHOW CLOCK command. 25 00:02:05,108 --> 00:02:12,009 So, I used this command at 12:16 AM, 0 seconds,\n 26 00:02:12,009 --> 00:02:15,280 On Saturday, December 26th 2020. 27 00:02:15,280 --> 00:02:18,599 The time zone is the default of UTC. 28 00:02:18,599 --> 00:02:24,250 Remember that, the default time zone is UTC,\n 29 00:02:24,250 --> 00:02:29,770 If you use the SHOW CLOCK DETAIL command you\n 30 00:02:29,770 --> 00:02:34,390 In this case it is using the hardware calendar\n 31 00:02:34,389 --> 00:02:38,518 The hardware calendar is the built-in internal\n 32 00:02:38,519 --> 00:02:40,620 This is the time source by default. 33 00:02:40,620 --> 00:02:43,879 However, notice this asterisk here. 34 00:02:43,879 --> 00:02:47,439 It means that this time is not considered\nauthoritative. 35 00:02:47,439 --> 00:02:51,259 The device isn’t confident that this time\nis accurate. 36 00:02:51,259 --> 00:02:55,969 The internal hardware clock of a device will\n 37 00:02:56,969 --> 00:03:01,439 Now, why is it important to have an accurate\ntime source? 38 00:03:01,439 --> 00:03:07,009 From a CCNA perspective, or really the perspective\n 39 00:03:07,009 --> 00:03:13,459 reason to have accurate time on a device is\n 40 00:03:13,460 --> 00:03:18,820 Devices keep logs of various events that occur,\n 41 00:03:18,819 --> 00:03:24,590 OSPF neighbor relationships being formed or\n 42 00:03:24,590 --> 00:03:30,610 Syslog, the protocol used to keep device logs,\n 43 00:03:32,318 --> 00:03:36,699 But let’s take a quick look at some device\nlogs now. 44 00:03:36,699 --> 00:03:40,188 The command to view a device’s logs is SHOW\nLOGGING. 45 00:03:40,188 --> 00:03:46,078 Let’s say I’m a network admin and I got\n 46 00:03:47,959 --> 00:03:52,900 So, to investigate I log into one of the devices\n 47 00:03:52,900 --> 00:03:57,849 Here’s a portion of the output from one\nof the devices, R2. 48 00:03:57,848 --> 00:04:02,209 Notice this series of messages about OSPF\n 49 00:04:02,209 --> 00:04:07,489 There are multiple messages about neighbor\n 50 00:04:09,229 --> 00:04:14,619 You can see the timestamps here, indicating\n 51 00:04:16,910 --> 00:04:21,560 Note that I will cover these log messages\n 52 00:04:21,560 --> 00:04:23,290 don’t worry about the details for now. 53 00:04:23,290 --> 00:04:25,840 I just want to show why time is important. 54 00:04:25,839 --> 00:04:32,508 Anyway, I then checked the device’s clock\n 55 00:04:35,029 --> 00:04:41,969 Then I log into R2’s neighbor 10.0.0.6,\n 56 00:04:41,970 --> 00:04:45,250 Here’s some of the output from SHOW LOGGING. 57 00:04:45,250 --> 00:04:49,720 You can see those same messages about an OSPF\n 58 00:04:49,720 --> 00:04:53,970 states, and also some messages about an interface\n 59 00:04:53,970 --> 00:04:59,340 However, the timestamps show a totally different\n 60 00:04:59,339 --> 00:05:06,719 After checking the clock I realize that R3\n 61 00:05:06,720 --> 00:05:11,520 This is going to make it much more difficult\n 62 00:05:11,519 --> 00:05:14,049 In this case, it’s a fairly simple issue. 63 00:05:14,050 --> 00:05:18,720 We can see that an interface going down caused\n 64 00:05:19,810 --> 00:05:23,839 But when you have to troubleshoot more complex\n 65 00:05:23,839 --> 00:05:30,469 of messages, it gets much more difficult and\n 66 00:05:30,470 --> 00:05:34,370 So let’s see how to manually configure the\ntime on a device. 67 00:05:34,370 --> 00:05:38,750 You can manually configure the time on the\n 68 00:05:42,899 --> 00:05:47,879 I entered CLOCK SET and used the question\n 69 00:05:47,879 --> 00:05:52,490 Using the format of hours, minutes, seconds,\nI entered the time. 70 00:05:52,490 --> 00:05:56,310 The next option is either the day of the month\n 71 00:05:56,310 --> 00:05:58,410 You can enter them in either order. 72 00:05:58,410 --> 00:06:01,639 I entered the day first, and then the month. 73 00:06:03,610 --> 00:06:07,509 I entered the year, 2020, and checked the\noptions. 74 00:06:07,509 --> 00:06:12,849 CR, carriage return, basically means press\n 75 00:06:15,019 --> 00:06:20,039 After entering the time I checked with SHOW\n 76 00:06:21,740 --> 00:06:26,500 The time source also has changed to ‘user\nconfiguration’. 77 00:06:26,500 --> 00:06:30,170 Notice that all of these commands are done\n 78 00:06:31,569 --> 00:06:35,170 These clock configurations aren’t part of\n 79 00:06:36,420 --> 00:06:40,560 Here’s one more point a lot of people might\nnot be aware of. 80 00:06:40,560 --> 00:06:45,550 Although the hardware calendar (the built-in\n 81 00:06:45,550 --> 00:06:50,110 clock and software clock are separate and\n 82 00:06:50,110 --> 00:06:54,259 So let’s see how to configure the hardware\nclock. 83 00:06:54,259 --> 00:06:58,490 You can manually configure the hardware clock\n 84 00:06:58,490 --> 00:07:03,519 So, from now on I will use the term ‘clock’\n 85 00:07:03,519 --> 00:07:07,258 device, and ‘calendar’ to refer to the\nhardware clock. 86 00:07:07,259 --> 00:07:13,720 So, the command syntax is the same as CLOCK\n 87 00:07:13,720 --> 00:07:16,340 Set the time, and then either the day or the\nmonth. 88 00:07:16,339 --> 00:07:21,429 I set the day, and then the month, and the\n 89 00:07:21,430 --> 00:07:26,629 Then I set the year, and then used the command\n 90 00:07:26,629 --> 00:07:29,800 Typically you want to synchronize the clock\nand calendar. 91 00:07:29,800 --> 00:07:32,720 I can’t think of a good reason not to sync\nthem. 92 00:07:32,720 --> 00:07:37,990 Use the command CLOCK UPDATE-CALENDAR to sync\n 93 00:07:37,990 --> 00:07:40,848 The calendar will update its time to match\nthe clock. 94 00:07:40,848 --> 00:07:46,969 Or, use the command CLOCK READ-CALENDAR to\n 95 00:07:46,970 --> 00:07:50,850 In this case the clock will update its time\n 96 00:07:53,620 --> 00:07:56,590 First let me demonstrate CLOCK UPDATE-CALENDAR. 97 00:07:56,589 --> 00:08:03,250 I viewed R2’s clock, and the time was about\n 98 00:08:05,689 --> 00:08:07,589 However the calendar was about 12:00AM. 99 00:08:07,589 --> 00:08:11,719 So, I used the CLOCK UPDATE-CALENDAR command. 100 00:08:11,720 --> 00:08:16,610 And now you can see the calendar has been\n 101 00:08:16,610 --> 00:08:21,310 Next let’s see the opposite situation, when\n 102 00:08:23,259 --> 00:08:27,960 The clock says it’s about 12AM on September\n6th 1993. 103 00:08:27,959 --> 00:08:33,340 The calendar has the correct time of 2:55PM\n 104 00:08:33,340 --> 00:08:37,440 So, I used the command CLOCK READ-CALENDAR. 105 00:08:37,440 --> 00:08:42,330 And the clock updated its time to match the\ncalendar’s time. 106 00:08:42,330 --> 00:08:45,009 Next let’s see how to configure the timezone. 107 00:08:45,009 --> 00:08:48,799 You can configure the time zone with the CLOCK\nTIMEZONE command. 108 00:08:50,889 --> 00:08:56,220 First I used the DO SHOW CLOCK command to\n 109 00:08:58,720 --> 00:09:03,800 Notice I used DO SHOW CLOCK from global config\n 110 00:09:04,799 --> 00:09:08,839 That’s because the timezone is configured\n 111 00:09:08,840 --> 00:09:10,769 the running config of the device. 112 00:09:10,769 --> 00:09:14,649 So, here’s the CLOCK TIMEZONE command. 113 00:09:14,649 --> 00:09:17,329 The first option is the name of the time zone. 114 00:09:17,330 --> 00:09:21,070 This is just a word, the device doesn’t\n 115 00:09:22,070 --> 00:09:28,460 So, I configured JST for Japan Standard Time,\n 116 00:09:30,340 --> 00:09:37,129 JST is 9 hours ahead of UTC, so I entered\n 117 00:09:37,129 --> 00:09:42,509 For JST I don’t have to enter the minutes\n 118 00:09:47,389 --> 00:09:52,600 Notice the time zone has changed from UTC\n 119 00:09:54,529 --> 00:09:58,750 This is because the previous time configurations\n 120 00:09:58,750 --> 00:10:04,480 When changing the time zone to JST, 9 hours\n 121 00:10:04,480 --> 00:10:10,600 But currently the time actually is about 3:15\n 122 00:10:10,600 --> 00:10:14,519 and now it displays the correct time in the\ncorrect time zone. 123 00:10:14,519 --> 00:10:20,259 The time zone is important because, as you’ll\n 124 00:10:20,259 --> 00:10:23,569 adjust each device to the correct time zone. 125 00:10:23,570 --> 00:10:28,540 There’s one more aspect of manual time configuration\nto cover. 126 00:10:28,539 --> 00:10:33,689 That is daylight saving time, also known as\n 127 00:10:33,690 --> 00:10:38,790 Not all countries do this, but in many countries\n 128 00:10:40,789 --> 00:10:43,879 You can configure Cisco devices to do that\nautomatically. 129 00:10:43,879 --> 00:10:49,169 Now, I live in Japan at the moment and Japan\n 130 00:10:49,169 --> 00:10:52,360 use my home country of Canada as an example. 131 00:10:52,360 --> 00:10:56,930 In most parts of Canada we set the clocks\n 132 00:10:56,929 --> 00:11:03,379 at 2AM, and then set the clocks back one hour\n 133 00:11:03,379 --> 00:11:09,710 The command to configure this is CLOCK SUMMER-TIME,\n 134 00:11:09,710 --> 00:11:12,759 The first option is the name of the time zone. 135 00:11:12,759 --> 00:11:19,210 My time zone back in Canada is EST, but during\n 136 00:11:21,500 --> 00:11:26,590 Then we can set a specific date to change\n 137 00:11:26,590 --> 00:11:30,090 but the more useful option is the second one,\nRECURRING. 138 00:11:30,090 --> 00:11:34,920 This makes summer time start and end on the\n 139 00:11:34,919 --> 00:11:39,319 After recurring, we specify which week in\n 140 00:11:39,320 --> 00:11:44,520 In Canada it starts on the second Sunday of\n 141 00:11:44,519 --> 00:11:47,309 Next is the weekday, so I entered Sunday. 142 00:11:47,309 --> 00:11:51,259 After that it’s the Month, March for Canada. 143 00:11:51,259 --> 00:11:53,580 Finally the time, I entered 2AM. 144 00:11:53,580 --> 00:11:56,420 Okay, so that’s all for the start time. 145 00:11:56,419 --> 00:11:59,370 Now we enter the end of daylight saving time\nin the same order. 146 00:11:59,370 --> 00:12:05,879 1 for the first week, the weekday, Sunday,\n 147 00:12:07,389 --> 00:12:12,019 Optionally you can specify the offset, but\n 148 00:12:12,019 --> 00:12:13,689 what most countries use by default. 149 00:12:13,690 --> 00:12:16,820 So, that’s all for the command. 150 00:12:18,620 --> 00:12:22,950 This command is a little long, too long for\n 151 00:12:22,950 --> 00:12:27,600 some of the output is cut off and can’t\n 152 00:12:30,509 --> 00:12:36,330 CLOCK SUMMER-TIME, the time-zone name, RECURRING,\n 153 00:12:36,330 --> 00:12:38,240 and the end of daylight saving time. 154 00:12:38,240 --> 00:12:41,480 Okay, that’s the CLOCK SUMMER-TIME command. 155 00:12:41,480 --> 00:12:45,950 So, that’s all for manual time configuration. 156 00:12:45,950 --> 00:12:48,350 Here are the time commands we just looked\nat. 157 00:12:48,350 --> 00:12:53,000 The CLOCK SUMMER-TIME command is a little\n 158 00:12:53,000 --> 00:12:58,269 Just remember that for the ‘start’ and\n 159 00:12:59,759 --> 00:13:04,059 Okay, let’s move on to the next topic. 160 00:13:04,059 --> 00:13:10,319 And the next topic is the main topic of this\n 161 00:13:10,320 --> 00:13:13,580 Manually configuring the time on devices is\nnot scalable. 162 00:13:13,580 --> 00:13:18,850 In a large network, manually configuring the\n 163 00:13:18,850 --> 00:13:24,360 PC, phone, etc, would be a huge task and a\nhuge waste of time. 164 00:13:24,360 --> 00:13:29,800 Not only that, the manually configured clocks\n 165 00:13:29,799 --> 00:13:35,789 NTP allows automatic syncing of time over\n 166 00:13:35,789 --> 00:13:40,919 The device you’re using to watch this video\n 167 00:13:40,919 --> 00:13:46,449 For example, on my Windows 10 PC you can see\n 168 00:13:49,179 --> 00:13:52,500 That is an NTP server somewhere on the Internet. 169 00:13:52,500 --> 00:13:54,480 And actually, you can configure this. 170 00:13:54,480 --> 00:14:00,409 So, for example, if I wanted my PC to synchronize\n 171 00:14:03,909 --> 00:14:09,240 This point is separate from the topic, but\n 172 00:14:09,240 --> 00:14:13,000 resolved to IP addresses using the protocol\nDNS. 173 00:14:13,000 --> 00:14:18,480 DNS will be covered in a future video, it’s\n 174 00:14:18,480 --> 00:14:25,409 In the CLI of my Windows PC, I used the command\n 175 00:14:25,409 --> 00:14:30,040 It contacted the DNS server I’m using, which\n 176 00:14:32,830 --> 00:14:35,320 Then Google’s server gave me the answer. 177 00:14:35,320 --> 00:14:39,910 The actual IP address of the Windows NTP server\nis 20.43.94.199. 178 00:14:39,909 --> 00:14:46,909 I tried the same with Google’s NTP server,\n 179 00:14:46,909 --> 00:14:54,449 Again, my PC asked the Google DNS server for\n 180 00:14:56,000 --> 00:15:01,629 You can see four IPv6 addresses and four IPv4\n 181 00:15:01,629 --> 00:15:07,419 Anyway, DNS will be covered in detail in another\n 182 00:15:11,450 --> 00:15:17,500 So, NTP clients request the time from NTP\n 183 00:15:19,289 --> 00:15:24,240 It’s possible for a device to be an NTP\n 184 00:15:24,240 --> 00:15:29,060 So, it will sync its time to a server, and\n 185 00:15:30,490 --> 00:15:35,879 These are rough numbers, they can vary, but\n 186 00:15:35,879 --> 00:15:41,409 millisecond if the NTP server is in the same\n 187 00:15:41,409 --> 00:15:45,679 to the NTP server over a WAN or the Internet. 188 00:15:45,679 --> 00:15:47,769 Some NTP servers are ‘better’ than others. 189 00:15:47,769 --> 00:15:53,689 The ‘distance’ of an NTP server from the\n 190 00:15:53,690 --> 00:15:57,920 The farther away from the reference clock,\n 191 00:15:57,919 --> 00:16:02,659 If the stratum level of a server is high,\n 192 00:16:02,659 --> 00:16:07,819 NTP uses UDP port 123 to communicate. 193 00:16:07,820 --> 00:16:14,220 Remember that one, in addition to the ones\n 194 00:16:14,220 --> 00:16:17,100 Let me briefly introduce those reference clocks. 195 00:16:17,100 --> 00:16:22,889 A reference clock is usually a very accurate\n 196 00:16:24,690 --> 00:16:28,850 Reference clocks are stratum 0 within the\nNTP hierarchy. 197 00:16:28,850 --> 00:16:33,470 They are as close to the time source as possible,\n 198 00:16:33,470 --> 00:16:38,029 NTP servers directly connected to reference\n 199 00:16:38,029 --> 00:16:41,850 You’ll see more about this NTP hierarchy\nin the next slide. 200 00:16:41,850 --> 00:16:48,480 Here’s an example of a reference clock,\n 201 00:16:48,480 --> 00:16:52,681 Cisco devices aren’t able to get their time\n 202 00:16:52,681 --> 00:16:58,230 like this, but they can get their time from\n 203 00:16:58,230 --> 00:17:01,850 This diagram demonstrates the NTP hierarchy. 204 00:17:01,850 --> 00:17:06,690 These reference clocks are stratum 0, they\n 205 00:17:06,690 --> 00:17:09,620 Navy clock we saw in the last slide. 206 00:17:09,619 --> 00:17:14,349 The servers directly connected to those reference\n 207 00:17:14,349 --> 00:17:18,939 Then, stratum 2 NTP servers get their time\n 208 00:17:18,940 --> 00:17:22,210 And stratum 3 servers get their time from\nstratum 2 servers. 209 00:17:22,210 --> 00:17:25,140 That’s how the NTP hierarchy works. 210 00:17:25,140 --> 00:17:28,410 However, stratum 15 is the maximum. 211 00:17:28,410 --> 00:17:34,370 Anything above that is considered unreliable\n 212 00:17:34,369 --> 00:17:39,429 Another aspect of NTP shown in this diagram\nis NTP peering. 213 00:17:39,430 --> 00:17:44,170 Devices can peer with devices at the same\n 214 00:17:44,170 --> 00:17:49,759 This also acts as a backup, in case they lose\n 215 00:17:49,759 --> 00:17:52,680 This mode is called ‘symmetric active’\nmode. 216 00:17:52,680 --> 00:17:56,799 So, Cisco devices can operate in three NTP\nmodes. 217 00:17:56,799 --> 00:18:00,819 Server mode, Client mode, and symmetric active\nmode. 218 00:18:00,819 --> 00:18:04,859 They can be in all three of those modes at\nthe same time, too. 219 00:18:04,859 --> 00:18:09,409 And finally, an NTP client can sync to multiple\nservers. 220 00:18:09,410 --> 00:18:13,970 For example, in this diagram this stratum\n 221 00:18:15,920 --> 00:18:18,930 Here’s some extra terminology you should\nknow. 222 00:18:18,930 --> 00:18:23,890 NTP servers which get their time directly\n 223 00:18:25,140 --> 00:18:30,060 They sync their time directly to a reference\n 224 00:18:30,059 --> 00:18:35,679 NTP servers which get their time from other\n 225 00:18:35,680 --> 00:18:39,420 They operate in server mode and client mode\nat the same time. 226 00:18:39,420 --> 00:18:44,519 So, servers with stratum 2 or above are secondary\nservers. 227 00:18:44,519 --> 00:18:48,549 Okay I think that’s enough lecturing, let’s\n 228 00:18:48,549 --> 00:18:52,990 more aspects of NTP as we configure it on\nsome Cisco routers. 229 00:18:52,990 --> 00:18:56,769 Here’s the network topology I’ll be using\n 230 00:18:56,769 --> 00:19:02,230 I’m showing you an actual screenshot of\n 231 00:19:04,160 --> 00:19:08,670 Through this Internet cloud in GNS3, these\n 232 00:19:08,670 --> 00:19:14,390 the real Internet, and in this demonstration\n 233 00:19:16,450 --> 00:19:21,600 This is a cool part of GNS3 that isn’t available\n 234 00:19:21,599 --> 00:19:27,000 Now, you might be wondering why this point-to-point\n 235 00:19:29,539 --> 00:19:33,759 That’s just how this cloud is configured\nby default in GNS3. 236 00:19:33,759 --> 00:19:38,609 For a real point-to-point connection to an\n 237 00:19:41,920 --> 00:19:45,330 So let’s configure R1 to sync to Google’s\nNTP servers. 238 00:19:45,329 --> 00:19:50,389 Once again, here’s the NSLOOKUP I did for\nGoogle’s NTP servers. 239 00:19:50,390 --> 00:19:55,740 I’ll be configuring all four of these IPv4\n 240 00:19:57,630 --> 00:20:01,750 NTP SERVER, followed by the server IP address. 241 00:20:01,750 --> 00:20:03,569 The order of these doesn’t matter. 242 00:20:03,569 --> 00:20:09,359 R1 will ask all of them for the time and select\n 243 00:20:09,359 --> 00:20:13,599 And the one it selects to sync to might change\n 244 00:20:13,599 --> 00:20:16,889 start slowing down or it stops responding\naltogether. 245 00:20:16,890 --> 00:20:22,730 So, it’s best to specify multiple NTP servers\n 246 00:20:23,980 --> 00:20:28,690 Now, if you want to manually make the device\n 247 00:20:28,690 --> 00:20:31,059 can add PREFER to the end of the command. 248 00:20:31,059 --> 00:20:39,299 So, this would make 216.239.35.0 the preferred\n 249 00:20:39,299 --> 00:20:43,730 But for this demonstration, I didn’t use\n 250 00:20:43,730 --> 00:20:47,799 we’ll see which of these NTP servers was\nselected as the best. 251 00:20:47,799 --> 00:20:54,480 Here’s a very important SHOW command for\n 252 00:20:54,480 --> 00:20:57,900 It shows all of the NTP servers we just configured. 253 00:20:59,130 --> 00:21:03,500 Now, you don’t have to understand all of\n 254 00:21:05,549 --> 00:21:12,399 Notice the asterisk next to 216.239.35.0,\nmeaning ‘sys.peer’. 255 00:21:12,400 --> 00:21:17,590 This means that this is the NTP server that\n 256 00:21:17,589 --> 00:21:22,449 This plus sign next to the other servers means\n 257 00:21:24,910 --> 00:21:29,160 The tilde next to all of the servers simply\n 258 00:21:29,160 --> 00:21:33,529 in the previous slide with the NTP SERVER\ncommand. 259 00:21:33,529 --> 00:21:39,149 If you see an NTP server marked as an ‘outlyer’\n 260 00:21:39,150 --> 00:21:44,240 sync to that server, for example R1 might\n 261 00:21:44,240 --> 00:21:48,549 The details of these states are beyond the\n 262 00:21:48,549 --> 00:21:52,940 Here you can see the reference clock of each\nNTP server. 263 00:21:52,940 --> 00:21:57,180 All of these servers are using Google’s\n 264 00:21:57,180 --> 00:22:02,370 That is a stratum 0 reference clock, so here\n 265 00:22:02,369 --> 00:22:06,779 four of these servers have a stratum level\nof 1. 266 00:22:06,779 --> 00:22:15,450 I used the SHOW NTP ASSOCIATIONS command again,\n 267 00:22:15,450 --> 00:22:17,980 as the server it wants to sync to. 268 00:22:17,980 --> 00:22:22,640 This will constantly change as R1 continues\n 269 00:22:25,170 --> 00:22:29,529 Now let’s look at another useful NTP SHOW\ncommand. 270 00:22:29,529 --> 00:22:32,399 That command is SHOW NTP STATUS. 271 00:22:32,400 --> 00:22:36,301 There’s a lot of information here that you\n 272 00:22:38,170 --> 00:22:40,430 Clock is synchronized, that’s good. 273 00:22:40,430 --> 00:22:45,250 It means that at least one of the NTP servers\n 274 00:22:46,950 --> 00:22:49,720 Stratum 2, this is R1’s stratum. 275 00:22:49,720 --> 00:22:55,000 Because R1 is synchronizing its time to Google’s\n 276 00:22:55,000 --> 00:22:59,349 server itself with a stratum level 1 higher\n 277 00:22:59,349 --> 00:23:03,459 So, that’s why R1’s stratum level is 2. 278 00:23:03,460 --> 00:23:06,279 Finally you can see the address of the reference\nclock. 279 00:23:06,279 --> 00:23:13,819 This time it’s not 216.239.35.0 or .4, it’s\n.12. 280 00:23:13,819 --> 00:23:16,929 Now let’s check R1’s clock and calendar\nagain. 281 00:23:19,789 --> 00:23:23,230 The time is correct, however the time zone\nis not. 282 00:23:23,230 --> 00:23:27,170 NTP uses only the UTC time zone. 283 00:23:27,170 --> 00:23:30,130 You must configure the appropriate time zone\non each device. 284 00:23:30,130 --> 00:23:34,350 I haven’t configured R1’s time zone yet,\nso I’ll do that. 285 00:23:34,349 --> 00:23:38,069 I also used the DO SHOW CALENDAR command. 286 00:23:38,069 --> 00:23:41,089 Notice that the time is not synced up with\nthe software clock. 287 00:23:41,089 --> 00:23:46,490 NTP doesn’t update the calendar by default,\n 288 00:23:47,490 --> 00:23:52,109 So, I configured my time zone of JST here\non R1. 289 00:23:52,109 --> 00:23:55,369 Then I used the NTP UPDATE-CALENDAR command. 290 00:23:55,369 --> 00:23:59,949 This configures the router to update the hardware\n 291 00:24:01,930 --> 00:24:06,440 So I checked the clock and the calendar again,\n 292 00:24:06,440 --> 00:24:09,890 You might be wondering why you would want\n 293 00:24:09,890 --> 00:24:14,620 The hardware clock tracks the date and time\n 294 00:24:16,480 --> 00:24:21,110 When the system is restarted, the hardware\n 295 00:24:21,109 --> 00:24:25,349 So, it’s a good idea to keep the hardware\n 296 00:24:28,140 --> 00:24:33,470 Now we’re going to move on to R2 and configure\n 297 00:24:33,470 --> 00:24:37,400 Usually in a small network like this you’d\n 298 00:24:37,400 --> 00:24:40,550 to public NTP servers like Google’s. 299 00:24:40,549 --> 00:24:46,720 But for the purpose of this lesson I’ll\n 300 00:24:46,720 --> 00:24:51,519 But before doing that, I’ll configure a\n 301 00:24:51,519 --> 00:24:56,410 Note that I’ve configured OSPF in this network\n 302 00:24:56,410 --> 00:24:59,720 including the route to R1’s loopback interface. 303 00:24:59,720 --> 00:25:06,009 I also instructed R1 to use loopback0 as the\n 304 00:25:07,859 --> 00:25:14,359 So, any NTP messages it sends will come from\n 305 00:25:14,359 --> 00:25:16,319 Why configure a loopback interface? 306 00:25:16,319 --> 00:25:24,990 Well, let’s say I configured R2 to use 10.0.0.1,\n 307 00:25:24,990 --> 00:25:30,180 In normal situations it would be able to send\n 308 00:25:31,819 --> 00:25:34,279 But what if the interface failed for some\nreason? 309 00:25:34,279 --> 00:25:41,829 R2 would suddenly lose its NTP server, because\n 310 00:25:41,829 --> 00:25:45,759 on the status of R1’s G0/1 interface. 311 00:25:45,759 --> 00:25:52,599 But what if we configure this loopback interface\n 312 00:25:54,849 --> 00:26:01,480 Even if the closest path to R1, via R2’s\n 313 00:26:01,480 --> 00:26:08,000 a route to 10.1.1.1 to R2 and therefore R2\n 314 00:26:10,390 --> 00:26:17,090 I gave a similar demonstration of why loopback\n 315 00:26:17,089 --> 00:26:20,480 Basically they are useful because they provide\n 316 00:26:20,480 --> 00:26:25,480 it which isn’t dependent on the status of\n 317 00:26:25,480 --> 00:26:35,210 Okay, so on R2 I configured NTP SERVER 10.1.1.1,\n 318 00:26:35,210 --> 00:26:41,380 Notice the asterisk next to 10.1.1.1, that\n 319 00:26:41,380 --> 00:26:44,500 R1’s reference clock is displayed here. 320 00:26:44,500 --> 00:26:48,980 This is the IP address of one of Google’s\n 321 00:26:51,519 --> 00:26:54,829 And here R1’s stratum level of 2 is displayed. 322 00:26:54,829 --> 00:27:02,250 Google’s reference clock is stratum 0, Google’s\n 323 00:27:04,970 --> 00:27:08,819 I checked with DO SHOW NTP STATUS. 324 00:27:08,819 --> 00:27:14,710 R2’s stratum is 3, because it got its time\n 325 00:27:14,710 --> 00:27:20,990 R2’s reference of 10.1.1.1, R1, is displayed\nalso. 326 00:27:20,990 --> 00:27:25,911 As a reminder, remember to use the NTP SOURCE\n 327 00:27:25,911 --> 00:27:32,490 as the source of NTP packets on R1, if you\n 328 00:27:35,420 --> 00:27:38,450 Finally I configured NTP on R3. 329 00:27:40,619 --> 00:27:46,479 By the way, I configured a loopback interface\n 330 00:27:46,480 --> 00:27:52,150 I configured both R1 and R2 as NTP servers\n 331 00:27:52,150 --> 00:28:00,590 Between R1, 10.1.1.1, and R2, 10.2.2.2, which\n 332 00:28:03,289 --> 00:28:06,750 R1 is the preferred NTP server. 333 00:28:07,790 --> 00:28:09,799 It’s because of the stratum levels. 334 00:28:09,799 --> 00:28:13,928 NTP servers with lower stratum levels are\n 335 00:28:14,929 --> 00:28:17,970 So, they are considered more accurate. 336 00:28:17,970 --> 00:28:24,180 Okay, so I’ve shown you how to make a Cisco\n 337 00:28:25,589 --> 00:28:30,178 For the next few concepts I’ll use a different\n 338 00:28:30,179 --> 00:28:35,400 If a device is already syncing to an NTP server,\n 339 00:28:35,400 --> 00:28:40,220 acts as an NTP server too and other devices\ncan sync to it. 340 00:28:40,220 --> 00:28:43,329 But what if there is no NTP server to sync\nto? 341 00:28:43,329 --> 00:28:47,699 You probably still want the devices in the\n 342 00:28:47,700 --> 00:28:50,900 is slightly inaccurate compared to the actual\ntime. 343 00:28:50,900 --> 00:28:56,400 So, how can you manually configure a Cisco\n 344 00:28:56,400 --> 00:28:59,620 it isn’t synced to another NTP server? 345 00:29:03,069 --> 00:29:07,899 As the description says it makes the device\n 346 00:29:07,900 --> 00:29:13,460 So, on R1 I used the NTP MASTER command. 347 00:29:13,460 --> 00:29:16,840 Notice that I can specify the stratum of R1. 348 00:29:16,839 --> 00:29:20,759 However I chose to just enter the command,\n 349 00:29:27,660 --> 00:29:33,410 The address of R1’s NTP server is now 127.127.1.1. 350 00:29:36,819 --> 00:29:45,339 Remember, the entire 127.0.0.0/8 address range\n 351 00:29:45,339 --> 00:29:49,629 Loopback addresses and loopback interfaces\n 352 00:29:49,630 --> 00:29:52,870 are similar, so don’t confuse the terms. 353 00:29:52,869 --> 00:29:57,409 Loopback interfaces are virtual interfaces\n 354 00:29:57,410 --> 00:30:01,040 to other devices using OSPF etc. 355 00:30:01,039 --> 00:30:05,509 Loopback addresses are a totally different\n 356 00:30:05,509 --> 00:30:09,339 to the local device and can’t be reached\nby other devices. 357 00:30:09,339 --> 00:30:14,009 Basically, R1 is using itself as its reference\nclock. 358 00:30:14,009 --> 00:30:17,429 Anyway, the stratum level of this server is\n7. 359 00:30:17,429 --> 00:30:20,880 So, what is the actual stratum level of R1? 360 00:30:20,880 --> 00:30:25,510 I used SHOW NTP STATUS to check, and the answer\nis 8. 361 00:30:25,509 --> 00:30:31,809 So, remember that the default stratum of the\n 362 00:30:31,809 --> 00:30:36,059 And I configured R2 and R3 to use R1 as their\nNTP server. 363 00:30:36,059 --> 00:30:40,799 We’ve already covered that enough so let’s\n 364 00:30:43,359 --> 00:30:47,759 So let’s configure symmetric active mode\nbetween R2 and R3. 365 00:30:47,759 --> 00:30:52,799 They both have a stratum level of 9, so they\n 366 00:30:52,799 --> 00:30:57,589 They can become peers and help each other\n 367 00:30:57,589 --> 00:31:00,730 case they lose contact with R1. 368 00:31:00,730 --> 00:31:05,680 The command to configure symmetric active\n 369 00:31:06,680 --> 00:31:10,160 So, I configured R3 as R2’s peer. 370 00:31:10,160 --> 00:31:15,200 And here is the entry for R3 in R2’s NTP\nassociation table. 371 00:31:15,200 --> 00:31:18,980 R3’s reference clock is R1, 10.0.12.1. 372 00:31:18,980 --> 00:31:23,089 Its stratum level is 9, because R1’s is\n8. 373 00:31:23,089 --> 00:31:28,259 I did the same configurations on R3, specifying\nR2 as the peer. 374 00:31:28,259 --> 00:31:35,230 Again, the reference clock is R1 and the stratum\nlevel is 9. 375 00:31:35,230 --> 00:31:39,279 Okay the final topic for today is NTP authentication. 376 00:31:39,279 --> 00:31:44,259 I can’t say for sure if this is on the exam\n 377 00:31:45,769 --> 00:31:49,119 But I recommend learning these few commands\n 378 00:31:49,119 --> 00:31:53,789 NTP authentication on the CCNA exam. 379 00:31:53,789 --> 00:31:57,539 NTP authentication can be configured, but\nit is optional. 380 00:31:57,539 --> 00:31:59,789 You don’t need to configure it. 381 00:31:59,789 --> 00:32:03,779 It allows NTP clients to ensure that they\n 382 00:32:03,779 --> 00:32:08,420 They will check that the server is using the\n 383 00:32:09,929 --> 00:32:16,009 Here’s how you configure NTP authentication\n 384 00:32:17,779 --> 00:32:23,750 First, enable NTP authentication with the\n 385 00:32:23,750 --> 00:32:27,230 Then you create the authentication key or\nkeys. 386 00:32:27,230 --> 00:32:31,589 You can create multiple keys, but don’t\n 387 00:32:31,589 --> 00:32:36,759 So, for the ‘key-number’ field just use\n 388 00:32:39,269 --> 00:32:42,359 Then you have to specify which key or keys\nare trusted. 389 00:32:44,079 --> 00:32:51,769 Creating the key uses one command, NTP AUTHENTICATION-KEY,\n 390 00:32:55,160 --> 00:32:59,250 Finally you must specify which key to use\nfor each server. 391 00:32:59,250 --> 00:33:02,609 This command isn’t needed on the server\nitself. 392 00:33:02,609 --> 00:33:09,169 Now let’s look at these configurations on\nR1, R2, and R3. 393 00:33:11,179 --> 00:33:18,460 On all three routers I used NTP AUTHENTICATE,\n 394 00:33:18,460 --> 00:33:23,329 of jeremysitlab, and NTP TRUSTED-KEY 1. 395 00:33:23,329 --> 00:33:31,079 Then on the clients R2 and R3 only, I used\n 396 00:33:31,079 --> 00:33:36,990 So, they will use key number 1, which is jeremysitlab,\n 397 00:33:36,990 --> 00:33:44,500 I also did one extra command, NTP PEER, followed\n 398 00:33:44,500 --> 00:33:49,420 This adds authentication to the peer relationship\n 399 00:33:49,420 --> 00:33:57,179 Okay, so that’s all you need to configure\n 400 00:33:57,179 --> 00:34:02,920 In addition to the manual time configuration\n 401 00:34:02,920 --> 00:34:06,140 To help you review, here are the commands\nwe looked at. 402 00:34:06,140 --> 00:34:11,769 If you don’t remember any of these, go back\n 403 00:34:11,769 --> 00:34:15,090 Before moving on to the quiz, let’s review\nwhat we covered. 404 00:34:15,090 --> 00:34:18,600 We looked at why time is important for network\ndevices. 405 00:34:18,599 --> 00:34:23,380 The main reason from a CCNA perspective is\n 406 00:34:25,719 --> 00:34:30,829 Then we looked at how to manually configure\n 407 00:34:30,829 --> 00:34:34,279 Then we looked at the basics of NTP and how\nto configure it. 408 00:34:34,280 --> 00:34:39,850 We covered a lot already, but there is so\n 409 00:34:39,849 --> 00:34:43,949 However I think the information we covered\n 410 00:34:46,579 --> 00:34:51,460 Make sure to watch until the end of the quiz\n 411 00:34:51,460 --> 00:34:55,980 ExSim for CCNA, the best practice exams for\nthe CCNA. 412 00:34:55,980 --> 00:35:01,110 Okay, let’s go to quiz question 1. 413 00:35:01,110 --> 00:35:05,110 Which of the following commands will cause\n 414 00:35:08,849 --> 00:35:15,110 Pause the video to think about your answer. 415 00:35:15,110 --> 00:35:18,800 The answer is C, CLOCK READ-CALENDAR. 416 00:35:18,800 --> 00:35:23,550 This will cause the router to adjust its software\n 417 00:35:23,550 --> 00:35:27,750 D will do the opposite, it will cause the\n 418 00:35:29,170 --> 00:35:32,039 A and B are not valid commands. 419 00:35:37,010 --> 00:35:41,550 Which of the following commands can be used\n 420 00:35:43,130 --> 00:35:49,309 Pause the video to think about your answer. 421 00:35:49,309 --> 00:35:55,358 The answer is D. From global config mode,\n 422 00:35:56,780 --> 00:36:01,460 Unlike some other time commands, this command\n 423 00:36:03,199 --> 00:36:06,608 You cannot configure the time zone with the\nCLOCK SET command. 424 00:36:06,608 --> 00:36:12,219 Okay, let’s go to question 3. 425 00:36:14,059 --> 00:36:17,889 Which of the following commands was configured\non R1? 426 00:36:19,659 --> 00:36:25,309 Pause the video now to think about your answer. 427 00:36:25,309 --> 00:36:29,529 The answer is A, NTP MASTER 9. 428 00:36:29,530 --> 00:36:36,590 Because the address of R1’s NTP association\n 429 00:36:36,590 --> 00:36:39,329 that the NTP MASTER command was used. 430 00:36:39,329 --> 00:36:45,880 However, in this case the stratum must have\n 431 00:36:45,880 --> 00:36:51,650 The default stratum of the NTP MASTER command\n 432 00:36:53,010 --> 00:36:59,390 In that case, however, SHOW NTP ASSOCIATIONS\n 433 00:36:59,389 --> 00:37:05,809 In this output the stratum is 8, so the command\n 434 00:37:05,809 --> 00:37:14,210 Regarding option B, the command NTP SERVER\n 435 00:37:14,210 --> 00:37:18,971 You can’t manually configure a loopback\n 436 00:37:18,971 --> 00:37:22,530 it displays this way when the NTP MASTER command\nis used. 437 00:37:27,960 --> 00:37:33,210 Which of the following commands configures\n 438 00:37:34,949 --> 00:37:40,579 Pause the video now to think about your answer. 439 00:37:40,579 --> 00:37:44,869 The answer is C, NTP SERVER 216.239.35.0. 440 00:37:44,869 --> 00:37:51,009 It configures R1 to become a client of the\n 441 00:37:51,010 --> 00:37:56,960 A, NTP PEER, configures symmetric active mode. 442 00:37:56,960 --> 00:38:01,199 B, NTP MASTER, configures server mode. 443 00:38:01,199 --> 00:38:04,659 And D, NTP CLIENT, is not a valid command. 444 00:38:09,800 --> 00:38:15,810 Which of the following commands must be configured\n 445 00:38:19,780 --> 00:38:24,990 Before I show the answers, let me say that\n 446 00:38:24,989 --> 00:38:29,599 multiple answers, the question will always\n 447 00:38:32,650 --> 00:38:36,079 But for a challenge, let’s try ‘select\nall that apply’. 448 00:38:36,079 --> 00:38:42,549 Okay, pause the video to think about your\nanswers. 449 00:38:42,550 --> 00:38:50,410 The answers are C, D, F, and G. C enables\n 450 00:38:50,409 --> 00:38:52,879 D creates the authentication key. 451 00:38:52,880 --> 00:38:56,680 F specifies that the key is a trusted key. 452 00:38:56,679 --> 00:38:59,839 And G specifies the key to use with the server. 453 00:38:59,840 --> 00:39:02,620 Okay, that’s all for the quiz. 454 00:39:02,619 --> 00:39:08,849 Now let’s take a look at a bonus question\n 455 00:39:08,849 --> 00:39:12,509 Okay here's today's Boson ExSim practice question. 456 00:39:12,510 --> 00:39:17,350 Which of the following is enabled on a Cisco\n 457 00:39:17,349 --> 00:39:19,559 from global configuration mode? 458 00:39:21,400 --> 00:39:24,619 Here are the options A, static client mode. 459 00:39:33,980 --> 00:39:40,809 Okay pause the video now to select the best\nanswer. 460 00:39:42,369 --> 00:39:46,619 So this is closely related to one of the quiz\n 461 00:39:47,900 --> 00:39:53,970 When you issue the NTP SERVER command you're\n 462 00:39:55,119 --> 00:39:58,858 So you are making the router an NTP client. 463 00:39:58,858 --> 00:40:06,559 So the answer is either A or C. Now in my\n 464 00:40:07,829 --> 00:40:10,980 I don't think you need to know this for the\nCCNA. 465 00:40:10,980 --> 00:40:16,210 So the regular kind of NTP client that you\n 466 00:40:19,489 --> 00:40:21,159 So that should be the correct answer. 467 00:40:26,670 --> 00:40:29,349 So here is Boson's explanation. 468 00:40:29,349 --> 00:40:35,259 If you want to read about the broadcast client\n 469 00:40:35,260 --> 00:40:41,650 Okay, so you can pause the video to read that. 470 00:40:41,650 --> 00:40:47,070 And down here are the bottom there is a reference\n 471 00:40:51,440 --> 00:40:54,570 Okay so that's Boson ExSim for the CCNA. 472 00:40:54,570 --> 00:40:59,559 As I have said many times before, these are\n 473 00:40:59,559 --> 00:41:04,210 So if you're preparing to take the real CCNA\n 474 00:41:04,210 --> 00:41:11,500 If you want to get Boson ExSim, please follow\n 475 00:41:11,500 --> 00:41:14,710 There are supplementary materials for this\nvideo. 476 00:41:14,710 --> 00:41:17,590 There is a flashcard deck to use with the\nsoftware ‘Anki’. 477 00:41:17,590 --> 00:41:23,360 There will also be a packet tracer practice\n 478 00:41:23,360 --> 00:41:26,019 That will be in the next video. 479 00:41:26,019 --> 00:41:29,630 Sign up for my mailing list via the link in\n 480 00:41:29,630 --> 00:41:36,250 the flashcards and packet tracer lab files\nfor the course. 481 00:41:36,250 --> 00:41:41,059 Before finishing today’s video I want to\n 482 00:41:41,059 --> 00:41:44,909 To join, please click the ‘Join’ button\nunder the video. 483 00:41:44,909 --> 00:41:49,428 Thank you \nto Biraj, Magrathea, Samil, Junhong, Njabulo 484 00:41:49,429 --> 00:41:56,574 Benjamin, Tshepiso, Justin, Prakaash, Nasir,\n 485 00:41:56,574 --> 00:42:04,180 Value, John, Funnydart, Velvijaykum, Mark,\n 486 00:42:05,440 --> 00:42:10,909 Sorry if I pronounced your name incorrectly,\n 487 00:42:10,909 --> 00:42:15,589 This is the list of JCNP-level members at\n 488 00:42:17,849 --> 00:42:22,130 If you signed up recently and your name isn’t\n 489 00:42:25,960 --> 00:42:30,400 Please subscribe to the channel, like the\n 490 00:42:30,400 --> 00:42:33,730 with anyone else studying for the CCNA. 491 00:42:33,730 --> 00:42:36,340 If you want to leave a tip, check the links\nin the description. 492 00:42:36,340 --> 00:42:42,230 I'm also a Brave verified publisher and accept\n 40766