Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:03,330 --> 00:00:06,750
This is a free, complete course for the CCNA.
2
00:00:06,750 --> 00:00:10,529
If you like these videos, please subscribe\n
3
00:00:10,529 --> 00:00:15,218
Also, please like and leave a comment, and\n
4
00:00:18,679 --> 00:00:22,870
In this video we will cover NTP, Network Time\nProtocol.
5
00:00:22,870 --> 00:00:27,520
All computers have an internal clock, including\nnetwork devices.
6
00:00:27,519 --> 00:00:31,339
For a variety of reasons that we will cover\n
7
00:00:31,339 --> 00:00:35,689
devices have an accurate clock that is synchronized\n
8
00:00:38,448 --> 00:00:44,908
NTP is covered in exam topic 4.2, which says\n
9
00:00:44,908 --> 00:00:49,588
NTP operating in client and server mode.
10
00:00:49,588 --> 00:00:53,628
Over the next section of the course I will\n
11
00:00:56,210 --> 00:00:58,370
This video on NTP will be the first.
12
00:00:58,369 --> 00:01:02,718
Here’s what we’ll cover in this video.
13
00:01:02,719 --> 00:01:07,290
First I’ll briefly explain why time is important\n
14
00:01:07,290 --> 00:01:13,049
Then I’ll show you how to manually configure\n
15
00:01:13,049 --> 00:01:17,900
Then we’ll cover the basics of NTP, Network\nTime Protocol.
16
00:01:17,900 --> 00:01:22,368
Finally I’ll show you how to configure NTP\non Cisco devices.
17
00:01:22,368 --> 00:01:26,539
Make sure to watch until the end of the video\n
18
00:01:29,049 --> 00:01:34,420
ExSim practice exams simulate the style and\n
19
00:01:36,438 --> 00:01:39,879
I used them myself, and I highly recommend\nthem.
20
00:01:39,879 --> 00:01:44,560
If you want to get Boson ExSim, follow the\n
21
00:01:44,560 --> 00:01:51,340
First, let me briefly introduce time on network\n
22
00:01:51,340 --> 00:01:53,590
All devices have an internal clock.
23
00:01:53,590 --> 00:01:58,618
That includes routers, switches, your PC,\n
24
00:01:58,618 --> 00:02:02,909
In Cisco IOS, you can view the time with the\nSHOW CLOCK command.
25
00:02:05,108 --> 00:02:12,009
So, I used this command at 12:16 AM, 0 seconds,\n
26
00:02:12,009 --> 00:02:15,280
On Saturday, December 26th 2020.
27
00:02:15,280 --> 00:02:18,599
The time zone is the default of UTC.
28
00:02:18,599 --> 00:02:24,250
Remember that, the default time zone is UTC,\n
29
00:02:24,250 --> 00:02:29,770
If you use the SHOW CLOCK DETAIL command you\n
30
00:02:29,770 --> 00:02:34,390
In this case it is using the hardware calendar\n
31
00:02:34,389 --> 00:02:38,518
The hardware calendar is the built-in internal\n
32
00:02:38,519 --> 00:02:40,620
This is the time source by default.
33
00:02:40,620 --> 00:02:43,879
However, notice this asterisk here.
34
00:02:43,879 --> 00:02:47,439
It means that this time is not considered\nauthoritative.
35
00:02:47,439 --> 00:02:51,259
The device isn’t confident that this time\nis accurate.
36
00:02:51,259 --> 00:02:55,969
The internal hardware clock of a device will\n
37
00:02:56,969 --> 00:03:01,439
Now, why is it important to have an accurate\ntime source?
38
00:03:01,439 --> 00:03:07,009
From a CCNA perspective, or really the perspective\n
39
00:03:07,009 --> 00:03:13,459
reason to have accurate time on a device is\n
40
00:03:13,460 --> 00:03:18,820
Devices keep logs of various events that occur,\n
41
00:03:18,819 --> 00:03:24,590
OSPF neighbor relationships being formed or\n
42
00:03:24,590 --> 00:03:30,610
Syslog, the protocol used to keep device logs,\n
43
00:03:32,318 --> 00:03:36,699
But let’s take a quick look at some device\nlogs now.
44
00:03:36,699 --> 00:03:40,188
The command to view a device’s logs is SHOW\nLOGGING.
45
00:03:40,188 --> 00:03:46,078
Let’s say I’m a network admin and I got\n
46
00:03:47,959 --> 00:03:52,900
So, to investigate I log into one of the devices\n
47
00:03:52,900 --> 00:03:57,849
Here’s a portion of the output from one\nof the devices, R2.
48
00:03:57,848 --> 00:04:02,209
Notice this series of messages about OSPF\n
49
00:04:02,209 --> 00:04:07,489
There are multiple messages about neighbor\n
50
00:04:09,229 --> 00:04:14,619
You can see the timestamps here, indicating\n
51
00:04:16,910 --> 00:04:21,560
Note that I will cover these log messages\n
52
00:04:21,560 --> 00:04:23,290
don’t worry about the details for now.
53
00:04:23,290 --> 00:04:25,840
I just want to show why time is important.
54
00:04:25,839 --> 00:04:32,508
Anyway, I then checked the device’s clock\n
55
00:04:35,029 --> 00:04:41,969
Then I log into R2’s neighbor 10.0.0.6,\n
56
00:04:41,970 --> 00:04:45,250
Here’s some of the output from SHOW LOGGING.
57
00:04:45,250 --> 00:04:49,720
You can see those same messages about an OSPF\n
58
00:04:49,720 --> 00:04:53,970
states, and also some messages about an interface\n
59
00:04:53,970 --> 00:04:59,340
However, the timestamps show a totally different\n
60
00:04:59,339 --> 00:05:06,719
After checking the clock I realize that R3\n
61
00:05:06,720 --> 00:05:11,520
This is going to make it much more difficult\n
62
00:05:11,519 --> 00:05:14,049
In this case, it’s a fairly simple issue.
63
00:05:14,050 --> 00:05:18,720
We can see that an interface going down caused\n
64
00:05:19,810 --> 00:05:23,839
But when you have to troubleshoot more complex\n
65
00:05:23,839 --> 00:05:30,469
of messages, it gets much more difficult and\n
66
00:05:30,470 --> 00:05:34,370
So let’s see how to manually configure the\ntime on a device.
67
00:05:34,370 --> 00:05:38,750
You can manually configure the time on the\n
68
00:05:42,899 --> 00:05:47,879
I entered CLOCK SET and used the question\n
69
00:05:47,879 --> 00:05:52,490
Using the format of hours, minutes, seconds,\nI entered the time.
70
00:05:52,490 --> 00:05:56,310
The next option is either the day of the month\n
71
00:05:56,310 --> 00:05:58,410
You can enter them in either order.
72
00:05:58,410 --> 00:06:01,639
I entered the day first, and then the month.
73
00:06:03,610 --> 00:06:07,509
I entered the year, 2020, and checked the\noptions.
74
00:06:07,509 --> 00:06:12,849
CR, carriage return, basically means press\n
75
00:06:15,019 --> 00:06:20,039
After entering the time I checked with SHOW\n
76
00:06:21,740 --> 00:06:26,500
The time source also has changed to ‘user\nconfiguration’.
77
00:06:26,500 --> 00:06:30,170
Notice that all of these commands are done\n
78
00:06:31,569 --> 00:06:35,170
These clock configurations aren’t part of\n
79
00:06:36,420 --> 00:06:40,560
Here’s one more point a lot of people might\nnot be aware of.
80
00:06:40,560 --> 00:06:45,550
Although the hardware calendar (the built-in\n
81
00:06:45,550 --> 00:06:50,110
clock and software clock are separate and\n
82
00:06:50,110 --> 00:06:54,259
So let’s see how to configure the hardware\nclock.
83
00:06:54,259 --> 00:06:58,490
You can manually configure the hardware clock\n
84
00:06:58,490 --> 00:07:03,519
So, from now on I will use the term ‘clock’\n
85
00:07:03,519 --> 00:07:07,258
device, and ‘calendar’ to refer to the\nhardware clock.
86
00:07:07,259 --> 00:07:13,720
So, the command syntax is the same as CLOCK\n
87
00:07:13,720 --> 00:07:16,340
Set the time, and then either the day or the\nmonth.
88
00:07:16,339 --> 00:07:21,429
I set the day, and then the month, and the\n
89
00:07:21,430 --> 00:07:26,629
Then I set the year, and then used the command\n
90
00:07:26,629 --> 00:07:29,800
Typically you want to synchronize the clock\nand calendar.
91
00:07:29,800 --> 00:07:32,720
I can’t think of a good reason not to sync\nthem.
92
00:07:32,720 --> 00:07:37,990
Use the command CLOCK UPDATE-CALENDAR to sync\n
93
00:07:37,990 --> 00:07:40,848
The calendar will update its time to match\nthe clock.
94
00:07:40,848 --> 00:07:46,969
Or, use the command CLOCK READ-CALENDAR to\n
95
00:07:46,970 --> 00:07:50,850
In this case the clock will update its time\n
96
00:07:53,620 --> 00:07:56,590
First let me demonstrate CLOCK UPDATE-CALENDAR.
97
00:07:56,589 --> 00:08:03,250
I viewed R2’s clock, and the time was about\n
98
00:08:05,689 --> 00:08:07,589
However the calendar was about 12:00AM.
99
00:08:07,589 --> 00:08:11,719
So, I used the CLOCK UPDATE-CALENDAR command.
100
00:08:11,720 --> 00:08:16,610
And now you can see the calendar has been\n
101
00:08:16,610 --> 00:08:21,310
Next let’s see the opposite situation, when\n
102
00:08:23,259 --> 00:08:27,960
The clock says it’s about 12AM on September\n6th 1993.
103
00:08:27,959 --> 00:08:33,340
The calendar has the correct time of 2:55PM\n
104
00:08:33,340 --> 00:08:37,440
So, I used the command CLOCK READ-CALENDAR.
105
00:08:37,440 --> 00:08:42,330
And the clock updated its time to match the\ncalendar’s time.
106
00:08:42,330 --> 00:08:45,009
Next let’s see how to configure the timezone.
107
00:08:45,009 --> 00:08:48,799
You can configure the time zone with the CLOCK\nTIMEZONE command.
108
00:08:50,889 --> 00:08:56,220
First I used the DO SHOW CLOCK command to\n
109
00:08:58,720 --> 00:09:03,800
Notice I used DO SHOW CLOCK from global config\n
110
00:09:04,799 --> 00:09:08,839
That’s because the timezone is configured\n
111
00:09:08,840 --> 00:09:10,769
the running config of the device.
112
00:09:10,769 --> 00:09:14,649
So, here’s the CLOCK TIMEZONE command.
113
00:09:14,649 --> 00:09:17,329
The first option is the name of the time zone.
114
00:09:17,330 --> 00:09:21,070
This is just a word, the device doesn’t\n
115
00:09:22,070 --> 00:09:28,460
So, I configured JST for Japan Standard Time,\n
116
00:09:30,340 --> 00:09:37,129
JST is 9 hours ahead of UTC, so I entered\n
117
00:09:37,129 --> 00:09:42,509
For JST I don’t have to enter the minutes\n
118
00:09:47,389 --> 00:09:52,600
Notice the time zone has changed from UTC\n
119
00:09:54,529 --> 00:09:58,750
This is because the previous time configurations\n
120
00:09:58,750 --> 00:10:04,480
When changing the time zone to JST, 9 hours\n
121
00:10:04,480 --> 00:10:10,600
But currently the time actually is about 3:15\n
122
00:10:10,600 --> 00:10:14,519
and now it displays the correct time in the\ncorrect time zone.
123
00:10:14,519 --> 00:10:20,259
The time zone is important because, as you’ll\n
124
00:10:20,259 --> 00:10:23,569
adjust each device to the correct time zone.
125
00:10:23,570 --> 00:10:28,540
There’s one more aspect of manual time configuration\nto cover.
126
00:10:28,539 --> 00:10:33,689
That is daylight saving time, also known as\n
127
00:10:33,690 --> 00:10:38,790
Not all countries do this, but in many countries\n
128
00:10:40,789 --> 00:10:43,879
You can configure Cisco devices to do that\nautomatically.
129
00:10:43,879 --> 00:10:49,169
Now, I live in Japan at the moment and Japan\n
130
00:10:49,169 --> 00:10:52,360
use my home country of Canada as an example.
131
00:10:52,360 --> 00:10:56,930
In most parts of Canada we set the clocks\n
132
00:10:56,929 --> 00:11:03,379
at 2AM, and then set the clocks back one hour\n
133
00:11:03,379 --> 00:11:09,710
The command to configure this is CLOCK SUMMER-TIME,\n
134
00:11:09,710 --> 00:11:12,759
The first option is the name of the time zone.
135
00:11:12,759 --> 00:11:19,210
My time zone back in Canada is EST, but during\n
136
00:11:21,500 --> 00:11:26,590
Then we can set a specific date to change\n
137
00:11:26,590 --> 00:11:30,090
but the more useful option is the second one,\nRECURRING.
138
00:11:30,090 --> 00:11:34,920
This makes summer time start and end on the\n
139
00:11:34,919 --> 00:11:39,319
After recurring, we specify which week in\n
140
00:11:39,320 --> 00:11:44,520
In Canada it starts on the second Sunday of\n
141
00:11:44,519 --> 00:11:47,309
Next is the weekday, so I entered Sunday.
142
00:11:47,309 --> 00:11:51,259
After that it’s the Month, March for Canada.
143
00:11:51,259 --> 00:11:53,580
Finally the time, I entered 2AM.
144
00:11:53,580 --> 00:11:56,420
Okay, so that’s all for the start time.
145
00:11:56,419 --> 00:11:59,370
Now we enter the end of daylight saving time\nin the same order.
146
00:11:59,370 --> 00:12:05,879
1 for the first week, the weekday, Sunday,\n
147
00:12:07,389 --> 00:12:12,019
Optionally you can specify the offset, but\n
148
00:12:12,019 --> 00:12:13,689
what most countries use by default.
149
00:12:13,690 --> 00:12:16,820
So, that’s all for the command.
150
00:12:18,620 --> 00:12:22,950
This command is a little long, too long for\n
151
00:12:22,950 --> 00:12:27,600
some of the output is cut off and can’t\n
152
00:12:30,509 --> 00:12:36,330
CLOCK SUMMER-TIME, the time-zone name, RECURRING,\n
153
00:12:36,330 --> 00:12:38,240
and the end of daylight saving time.
154
00:12:38,240 --> 00:12:41,480
Okay, that’s the CLOCK SUMMER-TIME command.
155
00:12:41,480 --> 00:12:45,950
So, that’s all for manual time configuration.
156
00:12:45,950 --> 00:12:48,350
Here are the time commands we just looked\nat.
157
00:12:48,350 --> 00:12:53,000
The CLOCK SUMMER-TIME command is a little\n
158
00:12:53,000 --> 00:12:58,269
Just remember that for the ‘start’ and\n
159
00:12:59,759 --> 00:13:04,059
Okay, let’s move on to the next topic.
160
00:13:04,059 --> 00:13:10,319
And the next topic is the main topic of this\n
161
00:13:10,320 --> 00:13:13,580
Manually configuring the time on devices is\nnot scalable.
162
00:13:13,580 --> 00:13:18,850
In a large network, manually configuring the\n
163
00:13:18,850 --> 00:13:24,360
PC, phone, etc, would be a huge task and a\nhuge waste of time.
164
00:13:24,360 --> 00:13:29,800
Not only that, the manually configured clocks\n
165
00:13:29,799 --> 00:13:35,789
NTP allows automatic syncing of time over\n
166
00:13:35,789 --> 00:13:40,919
The device you’re using to watch this video\n
167
00:13:40,919 --> 00:13:46,449
For example, on my Windows 10 PC you can see\n
168
00:13:49,179 --> 00:13:52,500
That is an NTP server somewhere on the Internet.
169
00:13:52,500 --> 00:13:54,480
And actually, you can configure this.
170
00:13:54,480 --> 00:14:00,409
So, for example, if I wanted my PC to synchronize\n
171
00:14:03,909 --> 00:14:09,240
This point is separate from the topic, but\n
172
00:14:09,240 --> 00:14:13,000
resolved to IP addresses using the protocol\nDNS.
173
00:14:13,000 --> 00:14:18,480
DNS will be covered in a future video, it’s\n
174
00:14:18,480 --> 00:14:25,409
In the CLI of my Windows PC, I used the command\n
175
00:14:25,409 --> 00:14:30,040
It contacted the DNS server I’m using, which\n
176
00:14:32,830 --> 00:14:35,320
Then Google’s server gave me the answer.
177
00:14:35,320 --> 00:14:39,910
The actual IP address of the Windows NTP server\nis 20.43.94.199.
178
00:14:39,909 --> 00:14:46,909
I tried the same with Google’s NTP server,\n
179
00:14:46,909 --> 00:14:54,449
Again, my PC asked the Google DNS server for\n
180
00:14:56,000 --> 00:15:01,629
You can see four IPv6 addresses and four IPv4\n
181
00:15:01,629 --> 00:15:07,419
Anyway, DNS will be covered in detail in another\n
182
00:15:11,450 --> 00:15:17,500
So, NTP clients request the time from NTP\n
183
00:15:19,289 --> 00:15:24,240
It’s possible for a device to be an NTP\n
184
00:15:24,240 --> 00:15:29,060
So, it will sync its time to a server, and\n
185
00:15:30,490 --> 00:15:35,879
These are rough numbers, they can vary, but\n
186
00:15:35,879 --> 00:15:41,409
millisecond if the NTP server is in the same\n
187
00:15:41,409 --> 00:15:45,679
to the NTP server over a WAN or the Internet.
188
00:15:45,679 --> 00:15:47,769
Some NTP servers are ‘better’ than others.
189
00:15:47,769 --> 00:15:53,689
The ‘distance’ of an NTP server from the\n
190
00:15:53,690 --> 00:15:57,920
The farther away from the reference clock,\n
191
00:15:57,919 --> 00:16:02,659
If the stratum level of a server is high,\n
192
00:16:02,659 --> 00:16:07,819
NTP uses UDP port 123 to communicate.
193
00:16:07,820 --> 00:16:14,220
Remember that one, in addition to the ones\n
194
00:16:14,220 --> 00:16:17,100
Let me briefly introduce those reference clocks.
195
00:16:17,100 --> 00:16:22,889
A reference clock is usually a very accurate\n
196
00:16:24,690 --> 00:16:28,850
Reference clocks are stratum 0 within the\nNTP hierarchy.
197
00:16:28,850 --> 00:16:33,470
They are as close to the time source as possible,\n
198
00:16:33,470 --> 00:16:38,029
NTP servers directly connected to reference\n
199
00:16:38,029 --> 00:16:41,850
You’ll see more about this NTP hierarchy\nin the next slide.
200
00:16:41,850 --> 00:16:48,480
Here’s an example of a reference clock,\n
201
00:16:48,480 --> 00:16:52,681
Cisco devices aren’t able to get their time\n
202
00:16:52,681 --> 00:16:58,230
like this, but they can get their time from\n
203
00:16:58,230 --> 00:17:01,850
This diagram demonstrates the NTP hierarchy.
204
00:17:01,850 --> 00:17:06,690
These reference clocks are stratum 0, they\n
205
00:17:06,690 --> 00:17:09,620
Navy clock we saw in the last slide.
206
00:17:09,619 --> 00:17:14,349
The servers directly connected to those reference\n
207
00:17:14,349 --> 00:17:18,939
Then, stratum 2 NTP servers get their time\n
208
00:17:18,940 --> 00:17:22,210
And stratum 3 servers get their time from\nstratum 2 servers.
209
00:17:22,210 --> 00:17:25,140
That’s how the NTP hierarchy works.
210
00:17:25,140 --> 00:17:28,410
However, stratum 15 is the maximum.
211
00:17:28,410 --> 00:17:34,370
Anything above that is considered unreliable\n
212
00:17:34,369 --> 00:17:39,429
Another aspect of NTP shown in this diagram\nis NTP peering.
213
00:17:39,430 --> 00:17:44,170
Devices can peer with devices at the same\n
214
00:17:44,170 --> 00:17:49,759
This also acts as a backup, in case they lose\n
215
00:17:49,759 --> 00:17:52,680
This mode is called ‘symmetric active’\nmode.
216
00:17:52,680 --> 00:17:56,799
So, Cisco devices can operate in three NTP\nmodes.
217
00:17:56,799 --> 00:18:00,819
Server mode, Client mode, and symmetric active\nmode.
218
00:18:00,819 --> 00:18:04,859
They can be in all three of those modes at\nthe same time, too.
219
00:18:04,859 --> 00:18:09,409
And finally, an NTP client can sync to multiple\nservers.
220
00:18:09,410 --> 00:18:13,970
For example, in this diagram this stratum\n
221
00:18:15,920 --> 00:18:18,930
Here’s some extra terminology you should\nknow.
222
00:18:18,930 --> 00:18:23,890
NTP servers which get their time directly\n
223
00:18:25,140 --> 00:18:30,060
They sync their time directly to a reference\n
224
00:18:30,059 --> 00:18:35,679
NTP servers which get their time from other\n
225
00:18:35,680 --> 00:18:39,420
They operate in server mode and client mode\nat the same time.
226
00:18:39,420 --> 00:18:44,519
So, servers with stratum 2 or above are secondary\nservers.
227
00:18:44,519 --> 00:18:48,549
Okay I think that’s enough lecturing, let’s\n
228
00:18:48,549 --> 00:18:52,990
more aspects of NTP as we configure it on\nsome Cisco routers.
229
00:18:52,990 --> 00:18:56,769
Here’s the network topology I’ll be using\n
230
00:18:56,769 --> 00:19:02,230
I’m showing you an actual screenshot of\n
231
00:19:04,160 --> 00:19:08,670
Through this Internet cloud in GNS3, these\n
232
00:19:08,670 --> 00:19:14,390
the real Internet, and in this demonstration\n
233
00:19:16,450 --> 00:19:21,600
This is a cool part of GNS3 that isn’t available\n
234
00:19:21,599 --> 00:19:27,000
Now, you might be wondering why this point-to-point\n
235
00:19:29,539 --> 00:19:33,759
That’s just how this cloud is configured\nby default in GNS3.
236
00:19:33,759 --> 00:19:38,609
For a real point-to-point connection to an\n
237
00:19:41,920 --> 00:19:45,330
So let’s configure R1 to sync to Google’s\nNTP servers.
238
00:19:45,329 --> 00:19:50,389
Once again, here’s the NSLOOKUP I did for\nGoogle’s NTP servers.
239
00:19:50,390 --> 00:19:55,740
I’ll be configuring all four of these IPv4\n
240
00:19:57,630 --> 00:20:01,750
NTP SERVER, followed by the server IP address.
241
00:20:01,750 --> 00:20:03,569
The order of these doesn’t matter.
242
00:20:03,569 --> 00:20:09,359
R1 will ask all of them for the time and select\n
243
00:20:09,359 --> 00:20:13,599
And the one it selects to sync to might change\n
244
00:20:13,599 --> 00:20:16,889
start slowing down or it stops responding\naltogether.
245
00:20:16,890 --> 00:20:22,730
So, it’s best to specify multiple NTP servers\n
246
00:20:23,980 --> 00:20:28,690
Now, if you want to manually make the device\n
247
00:20:28,690 --> 00:20:31,059
can add PREFER to the end of the command.
248
00:20:31,059 --> 00:20:39,299
So, this would make 216.239.35.0 the preferred\n
249
00:20:39,299 --> 00:20:43,730
But for this demonstration, I didn’t use\n
250
00:20:43,730 --> 00:20:47,799
we’ll see which of these NTP servers was\nselected as the best.
251
00:20:47,799 --> 00:20:54,480
Here’s a very important SHOW command for\n
252
00:20:54,480 --> 00:20:57,900
It shows all of the NTP servers we just configured.
253
00:20:59,130 --> 00:21:03,500
Now, you don’t have to understand all of\n
254
00:21:05,549 --> 00:21:12,399
Notice the asterisk next to 216.239.35.0,\nmeaning ‘sys.peer’.
255
00:21:12,400 --> 00:21:17,590
This means that this is the NTP server that\n
256
00:21:17,589 --> 00:21:22,449
This plus sign next to the other servers means\n
257
00:21:24,910 --> 00:21:29,160
The tilde next to all of the servers simply\n
258
00:21:29,160 --> 00:21:33,529
in the previous slide with the NTP SERVER\ncommand.
259
00:21:33,529 --> 00:21:39,149
If you see an NTP server marked as an ‘outlyer’\n
260
00:21:39,150 --> 00:21:44,240
sync to that server, for example R1 might\n
261
00:21:44,240 --> 00:21:48,549
The details of these states are beyond the\n
262
00:21:48,549 --> 00:21:52,940
Here you can see the reference clock of each\nNTP server.
263
00:21:52,940 --> 00:21:57,180
All of these servers are using Google’s\n
264
00:21:57,180 --> 00:22:02,370
That is a stratum 0 reference clock, so here\n
265
00:22:02,369 --> 00:22:06,779
four of these servers have a stratum level\nof 1.
266
00:22:06,779 --> 00:22:15,450
I used the SHOW NTP ASSOCIATIONS command again,\n
267
00:22:15,450 --> 00:22:17,980
as the server it wants to sync to.
268
00:22:17,980 --> 00:22:22,640
This will constantly change as R1 continues\n
269
00:22:25,170 --> 00:22:29,529
Now let’s look at another useful NTP SHOW\ncommand.
270
00:22:29,529 --> 00:22:32,399
That command is SHOW NTP STATUS.
271
00:22:32,400 --> 00:22:36,301
There’s a lot of information here that you\n
272
00:22:38,170 --> 00:22:40,430
Clock is synchronized, that’s good.
273
00:22:40,430 --> 00:22:45,250
It means that at least one of the NTP servers\n
274
00:22:46,950 --> 00:22:49,720
Stratum 2, this is R1’s stratum.
275
00:22:49,720 --> 00:22:55,000
Because R1 is synchronizing its time to Google’s\n
276
00:22:55,000 --> 00:22:59,349
server itself with a stratum level 1 higher\n
277
00:22:59,349 --> 00:23:03,459
So, that’s why R1’s stratum level is 2.
278
00:23:03,460 --> 00:23:06,279
Finally you can see the address of the reference\nclock.
279
00:23:06,279 --> 00:23:13,819
This time it’s not 216.239.35.0 or .4, it’s\n.12.
280
00:23:13,819 --> 00:23:16,929
Now let’s check R1’s clock and calendar\nagain.
281
00:23:19,789 --> 00:23:23,230
The time is correct, however the time zone\nis not.
282
00:23:23,230 --> 00:23:27,170
NTP uses only the UTC time zone.
283
00:23:27,170 --> 00:23:30,130
You must configure the appropriate time zone\non each device.
284
00:23:30,130 --> 00:23:34,350
I haven’t configured R1’s time zone yet,\nso I’ll do that.
285
00:23:34,349 --> 00:23:38,069
I also used the DO SHOW CALENDAR command.
286
00:23:38,069 --> 00:23:41,089
Notice that the time is not synced up with\nthe software clock.
287
00:23:41,089 --> 00:23:46,490
NTP doesn’t update the calendar by default,\n
288
00:23:47,490 --> 00:23:52,109
So, I configured my time zone of JST here\non R1.
289
00:23:52,109 --> 00:23:55,369
Then I used the NTP UPDATE-CALENDAR command.
290
00:23:55,369 --> 00:23:59,949
This configures the router to update the hardware\n
291
00:24:01,930 --> 00:24:06,440
So I checked the clock and the calendar again,\n
292
00:24:06,440 --> 00:24:09,890
You might be wondering why you would want\n
293
00:24:09,890 --> 00:24:14,620
The hardware clock tracks the date and time\n
294
00:24:16,480 --> 00:24:21,110
When the system is restarted, the hardware\n
295
00:24:21,109 --> 00:24:25,349
So, it’s a good idea to keep the hardware\n
296
00:24:28,140 --> 00:24:33,470
Now we’re going to move on to R2 and configure\n
297
00:24:33,470 --> 00:24:37,400
Usually in a small network like this you’d\n
298
00:24:37,400 --> 00:24:40,550
to public NTP servers like Google’s.
299
00:24:40,549 --> 00:24:46,720
But for the purpose of this lesson I’ll\n
300
00:24:46,720 --> 00:24:51,519
But before doing that, I’ll configure a\n
301
00:24:51,519 --> 00:24:56,410
Note that I’ve configured OSPF in this network\n
302
00:24:56,410 --> 00:24:59,720
including the route to R1’s loopback interface.
303
00:24:59,720 --> 00:25:06,009
I also instructed R1 to use loopback0 as the\n
304
00:25:07,859 --> 00:25:14,359
So, any NTP messages it sends will come from\n
305
00:25:14,359 --> 00:25:16,319
Why configure a loopback interface?
306
00:25:16,319 --> 00:25:24,990
Well, let’s say I configured R2 to use 10.0.0.1,\n
307
00:25:24,990 --> 00:25:30,180
In normal situations it would be able to send\n
308
00:25:31,819 --> 00:25:34,279
But what if the interface failed for some\nreason?
309
00:25:34,279 --> 00:25:41,829
R2 would suddenly lose its NTP server, because\n
310
00:25:41,829 --> 00:25:45,759
on the status of R1’s G0/1 interface.
311
00:25:45,759 --> 00:25:52,599
But what if we configure this loopback interface\n
312
00:25:54,849 --> 00:26:01,480
Even if the closest path to R1, via R2’s\n
313
00:26:01,480 --> 00:26:08,000
a route to 10.1.1.1 to R2 and therefore R2\n
314
00:26:10,390 --> 00:26:17,090
I gave a similar demonstration of why loopback\n
315
00:26:17,089 --> 00:26:20,480
Basically they are useful because they provide\n
316
00:26:20,480 --> 00:26:25,480
it which isn’t dependent on the status of\n
317
00:26:25,480 --> 00:26:35,210
Okay, so on R2 I configured NTP SERVER 10.1.1.1,\n
318
00:26:35,210 --> 00:26:41,380
Notice the asterisk next to 10.1.1.1, that\n
319
00:26:41,380 --> 00:26:44,500
R1’s reference clock is displayed here.
320
00:26:44,500 --> 00:26:48,980
This is the IP address of one of Google’s\n
321
00:26:51,519 --> 00:26:54,829
And here R1’s stratum level of 2 is displayed.
322
00:26:54,829 --> 00:27:02,250
Google’s reference clock is stratum 0, Google’s\n
323
00:27:04,970 --> 00:27:08,819
I checked with DO SHOW NTP STATUS.
324
00:27:08,819 --> 00:27:14,710
R2’s stratum is 3, because it got its time\n
325
00:27:14,710 --> 00:27:20,990
R2’s reference of 10.1.1.1, R1, is displayed\nalso.
326
00:27:20,990 --> 00:27:25,911
As a reminder, remember to use the NTP SOURCE\n
327
00:27:25,911 --> 00:27:32,490
as the source of NTP packets on R1, if you\n
328
00:27:35,420 --> 00:27:38,450
Finally I configured NTP on R3.
329
00:27:40,619 --> 00:27:46,479
By the way, I configured a loopback interface\n
330
00:27:46,480 --> 00:27:52,150
I configured both R1 and R2 as NTP servers\n
331
00:27:52,150 --> 00:28:00,590
Between R1, 10.1.1.1, and R2, 10.2.2.2, which\n
332
00:28:03,289 --> 00:28:06,750
R1 is the preferred NTP server.
333
00:28:07,790 --> 00:28:09,799
It’s because of the stratum levels.
334
00:28:09,799 --> 00:28:13,928
NTP servers with lower stratum levels are\n
335
00:28:14,929 --> 00:28:17,970
So, they are considered more accurate.
336
00:28:17,970 --> 00:28:24,180
Okay, so I’ve shown you how to make a Cisco\n
337
00:28:25,589 --> 00:28:30,178
For the next few concepts I’ll use a different\n
338
00:28:30,179 --> 00:28:35,400
If a device is already syncing to an NTP server,\n
339
00:28:35,400 --> 00:28:40,220
acts as an NTP server too and other devices\ncan sync to it.
340
00:28:40,220 --> 00:28:43,329
But what if there is no NTP server to sync\nto?
341
00:28:43,329 --> 00:28:47,699
You probably still want the devices in the\n
342
00:28:47,700 --> 00:28:50,900
is slightly inaccurate compared to the actual\ntime.
343
00:28:50,900 --> 00:28:56,400
So, how can you manually configure a Cisco\n
344
00:28:56,400 --> 00:28:59,620
it isn’t synced to another NTP server?
345
00:29:03,069 --> 00:29:07,899
As the description says it makes the device\n
346
00:29:07,900 --> 00:29:13,460
So, on R1 I used the NTP MASTER command.
347
00:29:13,460 --> 00:29:16,840
Notice that I can specify the stratum of R1.
348
00:29:16,839 --> 00:29:20,759
However I chose to just enter the command,\n
349
00:29:27,660 --> 00:29:33,410
The address of R1’s NTP server is now 127.127.1.1.
350
00:29:36,819 --> 00:29:45,339
Remember, the entire 127.0.0.0/8 address range\n
351
00:29:45,339 --> 00:29:49,629
Loopback addresses and loopback interfaces\n
352
00:29:49,630 --> 00:29:52,870
are similar, so don’t confuse the terms.
353
00:29:52,869 --> 00:29:57,409
Loopback interfaces are virtual interfaces\n
354
00:29:57,410 --> 00:30:01,040
to other devices using OSPF etc.
355
00:30:01,039 --> 00:30:05,509
Loopback addresses are a totally different\n
356
00:30:05,509 --> 00:30:09,339
to the local device and can’t be reached\nby other devices.
357
00:30:09,339 --> 00:30:14,009
Basically, R1 is using itself as its reference\nclock.
358
00:30:14,009 --> 00:30:17,429
Anyway, the stratum level of this server is\n7.
359
00:30:17,429 --> 00:30:20,880
So, what is the actual stratum level of R1?
360
00:30:20,880 --> 00:30:25,510
I used SHOW NTP STATUS to check, and the answer\nis 8.
361
00:30:25,509 --> 00:30:31,809
So, remember that the default stratum of the\n
362
00:30:31,809 --> 00:30:36,059
And I configured R2 and R3 to use R1 as their\nNTP server.
363
00:30:36,059 --> 00:30:40,799
We’ve already covered that enough so let’s\n
364
00:30:43,359 --> 00:30:47,759
So let’s configure symmetric active mode\nbetween R2 and R3.
365
00:30:47,759 --> 00:30:52,799
They both have a stratum level of 9, so they\n
366
00:30:52,799 --> 00:30:57,589
They can become peers and help each other\n
367
00:30:57,589 --> 00:31:00,730
case they lose contact with R1.
368
00:31:00,730 --> 00:31:05,680
The command to configure symmetric active\n
369
00:31:06,680 --> 00:31:10,160
So, I configured R3 as R2’s peer.
370
00:31:10,160 --> 00:31:15,200
And here is the entry for R3 in R2’s NTP\nassociation table.
371
00:31:15,200 --> 00:31:18,980
R3’s reference clock is R1, 10.0.12.1.
372
00:31:18,980 --> 00:31:23,089
Its stratum level is 9, because R1’s is\n8.
373
00:31:23,089 --> 00:31:28,259
I did the same configurations on R3, specifying\nR2 as the peer.
374
00:31:28,259 --> 00:31:35,230
Again, the reference clock is R1 and the stratum\nlevel is 9.
375
00:31:35,230 --> 00:31:39,279
Okay the final topic for today is NTP authentication.
376
00:31:39,279 --> 00:31:44,259
I can’t say for sure if this is on the exam\n
377
00:31:45,769 --> 00:31:49,119
But I recommend learning these few commands\n
378
00:31:49,119 --> 00:31:53,789
NTP authentication on the CCNA exam.
379
00:31:53,789 --> 00:31:57,539
NTP authentication can be configured, but\nit is optional.
380
00:31:57,539 --> 00:31:59,789
You don’t need to configure it.
381
00:31:59,789 --> 00:32:03,779
It allows NTP clients to ensure that they\n
382
00:32:03,779 --> 00:32:08,420
They will check that the server is using the\n
383
00:32:09,929 --> 00:32:16,009
Here’s how you configure NTP authentication\n
384
00:32:17,779 --> 00:32:23,750
First, enable NTP authentication with the\n
385
00:32:23,750 --> 00:32:27,230
Then you create the authentication key or\nkeys.
386
00:32:27,230 --> 00:32:31,589
You can create multiple keys, but don’t\n
387
00:32:31,589 --> 00:32:36,759
So, for the ‘key-number’ field just use\n
388
00:32:39,269 --> 00:32:42,359
Then you have to specify which key or keys\nare trusted.
389
00:32:44,079 --> 00:32:51,769
Creating the key uses one command, NTP AUTHENTICATION-KEY,\n
390
00:32:55,160 --> 00:32:59,250
Finally you must specify which key to use\nfor each server.
391
00:32:59,250 --> 00:33:02,609
This command isn’t needed on the server\nitself.
392
00:33:02,609 --> 00:33:09,169
Now let’s look at these configurations on\nR1, R2, and R3.
393
00:33:11,179 --> 00:33:18,460
On all three routers I used NTP AUTHENTICATE,\n
394
00:33:18,460 --> 00:33:23,329
of jeremysitlab, and NTP TRUSTED-KEY 1.
395
00:33:23,329 --> 00:33:31,079
Then on the clients R2 and R3 only, I used\n
396
00:33:31,079 --> 00:33:36,990
So, they will use key number 1, which is jeremysitlab,\n
397
00:33:36,990 --> 00:33:44,500
I also did one extra command, NTP PEER, followed\n
398
00:33:44,500 --> 00:33:49,420
This adds authentication to the peer relationship\n
399
00:33:49,420 --> 00:33:57,179
Okay, so that’s all you need to configure\n
400
00:33:57,179 --> 00:34:02,920
In addition to the manual time configuration\n
401
00:34:02,920 --> 00:34:06,140
To help you review, here are the commands\nwe looked at.
402
00:34:06,140 --> 00:34:11,769
If you don’t remember any of these, go back\n
403
00:34:11,769 --> 00:34:15,090
Before moving on to the quiz, let’s review\nwhat we covered.
404
00:34:15,090 --> 00:34:18,600
We looked at why time is important for network\ndevices.
405
00:34:18,599 --> 00:34:23,380
The main reason from a CCNA perspective is\n
406
00:34:25,719 --> 00:34:30,829
Then we looked at how to manually configure\n
407
00:34:30,829 --> 00:34:34,279
Then we looked at the basics of NTP and how\nto configure it.
408
00:34:34,280 --> 00:34:39,850
We covered a lot already, but there is so\n
409
00:34:39,849 --> 00:34:43,949
However I think the information we covered\n
410
00:34:46,579 --> 00:34:51,460
Make sure to watch until the end of the quiz\n
411
00:34:51,460 --> 00:34:55,980
ExSim for CCNA, the best practice exams for\nthe CCNA.
412
00:34:55,980 --> 00:35:01,110
Okay, let’s go to quiz question 1.
413
00:35:01,110 --> 00:35:05,110
Which of the following commands will cause\n
414
00:35:08,849 --> 00:35:15,110
Pause the video to think about your answer.
415
00:35:15,110 --> 00:35:18,800
The answer is C, CLOCK READ-CALENDAR.
416
00:35:18,800 --> 00:35:23,550
This will cause the router to adjust its software\n
417
00:35:23,550 --> 00:35:27,750
D will do the opposite, it will cause the\n
418
00:35:29,170 --> 00:35:32,039
A and B are not valid commands.
419
00:35:37,010 --> 00:35:41,550
Which of the following commands can be used\n
420
00:35:43,130 --> 00:35:49,309
Pause the video to think about your answer.
421
00:35:49,309 --> 00:35:55,358
The answer is D. From global config mode,\n
422
00:35:56,780 --> 00:36:01,460
Unlike some other time commands, this command\n
423
00:36:03,199 --> 00:36:06,608
You cannot configure the time zone with the\nCLOCK SET command.
424
00:36:06,608 --> 00:36:12,219
Okay, let’s go to question 3.
425
00:36:14,059 --> 00:36:17,889
Which of the following commands was configured\non R1?
426
00:36:19,659 --> 00:36:25,309
Pause the video now to think about your answer.
427
00:36:25,309 --> 00:36:29,529
The answer is A, NTP MASTER 9.
428
00:36:29,530 --> 00:36:36,590
Because the address of R1’s NTP association\n
429
00:36:36,590 --> 00:36:39,329
that the NTP MASTER command was used.
430
00:36:39,329 --> 00:36:45,880
However, in this case the stratum must have\n
431
00:36:45,880 --> 00:36:51,650
The default stratum of the NTP MASTER command\n
432
00:36:53,010 --> 00:36:59,390
In that case, however, SHOW NTP ASSOCIATIONS\n
433
00:36:59,389 --> 00:37:05,809
In this output the stratum is 8, so the command\n
434
00:37:05,809 --> 00:37:14,210
Regarding option B, the command NTP SERVER\n
435
00:37:14,210 --> 00:37:18,971
You can’t manually configure a loopback\n
436
00:37:18,971 --> 00:37:22,530
it displays this way when the NTP MASTER command\nis used.
437
00:37:27,960 --> 00:37:33,210
Which of the following commands configures\n
438
00:37:34,949 --> 00:37:40,579
Pause the video now to think about your answer.
439
00:37:40,579 --> 00:37:44,869
The answer is C, NTP SERVER 216.239.35.0.
440
00:37:44,869 --> 00:37:51,009
It configures R1 to become a client of the\n
441
00:37:51,010 --> 00:37:56,960
A, NTP PEER, configures symmetric active mode.
442
00:37:56,960 --> 00:38:01,199
B, NTP MASTER, configures server mode.
443
00:38:01,199 --> 00:38:04,659
And D, NTP CLIENT, is not a valid command.
444
00:38:09,800 --> 00:38:15,810
Which of the following commands must be configured\n
445
00:38:19,780 --> 00:38:24,990
Before I show the answers, let me say that\n
446
00:38:24,989 --> 00:38:29,599
multiple answers, the question will always\n
447
00:38:32,650 --> 00:38:36,079
But for a challenge, let’s try ‘select\nall that apply’.
448
00:38:36,079 --> 00:38:42,549
Okay, pause the video to think about your\nanswers.
449
00:38:42,550 --> 00:38:50,410
The answers are C, D, F, and G. C enables\n
450
00:38:50,409 --> 00:38:52,879
D creates the authentication key.
451
00:38:52,880 --> 00:38:56,680
F specifies that the key is a trusted key.
452
00:38:56,679 --> 00:38:59,839
And G specifies the key to use with the server.
453
00:38:59,840 --> 00:39:02,620
Okay, that’s all for the quiz.
454
00:39:02,619 --> 00:39:08,849
Now let’s take a look at a bonus question\n
455
00:39:08,849 --> 00:39:12,509
Okay here's today's Boson ExSim practice question.
456
00:39:12,510 --> 00:39:17,350
Which of the following is enabled on a Cisco\n
457
00:39:17,349 --> 00:39:19,559
from global configuration mode?
458
00:39:21,400 --> 00:39:24,619
Here are the options A, static client mode.
459
00:39:33,980 --> 00:39:40,809
Okay pause the video now to select the best\nanswer.
460
00:39:42,369 --> 00:39:46,619
So this is closely related to one of the quiz\n
461
00:39:47,900 --> 00:39:53,970
When you issue the NTP SERVER command you're\n
462
00:39:55,119 --> 00:39:58,858
So you are making the router an NTP client.
463
00:39:58,858 --> 00:40:06,559
So the answer is either A or C. Now in my\n
464
00:40:07,829 --> 00:40:10,980
I don't think you need to know this for the\nCCNA.
465
00:40:10,980 --> 00:40:16,210
So the regular kind of NTP client that you\n
466
00:40:19,489 --> 00:40:21,159
So that should be the correct answer.
467
00:40:26,670 --> 00:40:29,349
So here is Boson's explanation.
468
00:40:29,349 --> 00:40:35,259
If you want to read about the broadcast client\n
469
00:40:35,260 --> 00:40:41,650
Okay, so you can pause the video to read that.
470
00:40:41,650 --> 00:40:47,070
And down here are the bottom there is a reference\n
471
00:40:51,440 --> 00:40:54,570
Okay so that's Boson ExSim for the CCNA.
472
00:40:54,570 --> 00:40:59,559
As I have said many times before, these are\n
473
00:40:59,559 --> 00:41:04,210
So if you're preparing to take the real CCNA\n
474
00:41:04,210 --> 00:41:11,500
If you want to get Boson ExSim, please follow\n
475
00:41:11,500 --> 00:41:14,710
There are supplementary materials for this\nvideo.
476
00:41:14,710 --> 00:41:17,590
There is a flashcard deck to use with the\nsoftware ‘Anki’.
477
00:41:17,590 --> 00:41:23,360
There will also be a packet tracer practice\n
478
00:41:23,360 --> 00:41:26,019
That will be in the next video.
479
00:41:26,019 --> 00:41:29,630
Sign up for my mailing list via the link in\n
480
00:41:29,630 --> 00:41:36,250
the flashcards and packet tracer lab files\nfor the course.
481
00:41:36,250 --> 00:41:41,059
Before finishing today’s video I want to\n
482
00:41:41,059 --> 00:41:44,909
To join, please click the ‘Join’ button\nunder the video.
483
00:41:44,909 --> 00:41:49,428
Thank you \nto Biraj, Magrathea, Samil, Junhong, Njabulo
484
00:41:49,429 --> 00:41:56,574
Benjamin, Tshepiso, Justin, Prakaash, Nasir,\n
485
00:41:56,574 --> 00:42:04,180
Value, John, Funnydart, Velvijaykum, Mark,\n
486
00:42:05,440 --> 00:42:10,909
Sorry if I pronounced your name incorrectly,\n
487
00:42:10,909 --> 00:42:15,589
This is the list of JCNP-level members at\n
488
00:42:17,849 --> 00:42:22,130
If you signed up recently and your name isn’t\n
489
00:42:25,960 --> 00:42:30,400
Please subscribe to the channel, like the\n
490
00:42:30,400 --> 00:42:33,730
with anyone else studying for the CCNA.
491
00:42:33,730 --> 00:42:36,340
If you want to leave a tip, check the links\nin the description.
492
00:42:36,340 --> 00:42:42,230
I'm also a Brave verified publisher and accept\n
40766
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.