Packet Tracer Labs

Lab 32: NTP Hierarchy with Authentication

Production networks don't point every device at the internet for time — one device syncs upstream and serves the rest internally. Build that hierarchy, then authenticate it so rogue time sources are rejected. Difficulty: Intermediate · Time: ~25 min.

Lab objectives

  • Make R1 the internal NTP server (master)
  • Point R2 and a switch at it as clients
  • Add NTP authentication keys on both sides
  • Verify sync state and stratum levels

Topology & addressing

R1 (internal time source), R2 and SW1 as clients, all IP-reachable (192.168.1.0/24 management).

Step-by-step configuration

R1: ntp master 3Serve time internally at stratum 3
Clients: ntp server 192.168.1.1 key 1Sync from R1, using key 1
ALL devices:
ntp authentication-key 1 md5 TimeSecret
ntp authenticate
ntp trusted-key 1
Same key everywhere; clients only accept authenticated sources

Verification

show ntp status on clients — "Clock is synchronized, stratum 4" (one below R1's 3). show ntp associations shows R1 with a healthy reach. Break it: change a client's key to a wrong value — sync is refused. Accurate, authenticated time across the estate: the quiet prerequisite for every log you'll ever trust.

Next lab: labs hub · test yourself: CCNA practice test.

Frequently asked questions

What does ntp master 3 mean?

The router serves time claiming stratum 3 — clients syncing from it become stratum 4. The number positions your internal hierarchy sensibly below real reference clocks.

Why authenticate NTP?

To stop rogue time sources from skewing device clocks — which would corrupt log timelines and can break certificate validation.

Why do clients show one stratum higher than the server?

Stratum counts distance from the reference clock — each hop away adds one.

VS
Vipul Sir — Lead Instructor, Attila Technologies20+ years in Cisco networking. Teaching CCNA, CCNP, CCIE & CyberOps in Ahmedabad since 2004.

Want hands-on training?

Learn this on real Cisco lab devices with placement support at Attila Technologies, Ahmedabad.

Start your networking career with Attila Technologies

Hands-on Cisco training, real lab devices and placement support in Ahmedabad.