CenOS6.5搭建NTP服务器,同步管理服务器及网络设备时间

安装NTP环境
[ ~]#yum install ntp ntpdate -y
 etc]#cp ntp.conf  ntp.conf.bak

修改配置文件

[ ~]#: cp /etc/ntp.conf /etc/ntp.conf.bak        # 备份

[ ~]#: vi /etc/ntp.conf  

#Permit time synchronization with our time source, but do not
#permit the source to query or modify the service on this system.

trict 127.0.0.1
restrict -6 ::1

#Hosts on local network are less restricted.
#restrict 192.168.1.0 mask 255.255.255.0 nomodify notrap
restrict 192.168.95.0 mask 255.255.255.0 nomodify notrap   #允许客户端从此处获取时间
restrict -6 ::1

#Use public servers from the pool.ntp.org project.
#Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server ntp1.aliyun.com
server time1.aliyun.com
server 127.127.1.1          #local clock
fudge 127.127.1.0 stratum 10                    #当server无法连接时,使用本地时间作为标准
restrict ntp1.aliyun.com nomodify notrap noquery
restrict time1.aliyun.com nomodify notrap noquery

添加 iptables 规则

[ ~]#: vi /etc/sysconfig/iptables

1 # Firewall configuration written by system-config-firewall
2 # Manual customization of this file is not recommended.
...
12 -A FORWARD -j REJECT --reject-with icmp-host-prohibited

13 -A INPUT -m state --state NEW -m udp -p udp --dport 123 -j ACCEPT  # 添加于此
14 COMMIT

配置参数简介:

ignore: 关闭所有 ntp 联机服务

nomodify: 客户端可通过服务器同步时间,但不能修改服务器的时间

notrap: 拒绝特殊的 ntpdq 捕获消息

noquery: 拒绝 btodq/ntpdc 查询

server: 添加上游 ntp 服务器

重启 iptables

[ ~]# /etc/init.d/iptables restart

开启 ntp 服务

[ ~]#service ntpd restart
[ ~]#chkconfig ntpd on 
[ ~]#ntpdate -u 192.168.11.11   #手动同步时间`

查看 ntp 服务器

[S ~]# ntpq -p
     remote           refid      st t when poll reach   delay   offset  jitter
==============================================================================
 120.25.115.20   10.137.53.7      2 u   55   64  377   39.367   -1.623   1.201
 203.107.6.88    100.107.25.114   2 u   57   64  377   44.616   -1.263   1.011
*LOCAL(1)        .LOCL.           5 l   17   64  377    0.000    0.000   0.000

CLIENT配置

Linux client

[ ~]# vim /etc/ntp.conf 
# Use public servers from the pool.ntp.org project.
# Please consider joining the pool (http://www.pool.ntp.org/join.html).
#server 0.centos.pool.ntp.org iburst
#server 1.centos.pool.ntp.org iburst
#server 2.centos.pool.ntp.org iburst
#server 3.centos.pool.ntp.org iburst
server 192.168.95.2                   #设置ntpserver地址即可

保存退出

[ ~]#service  ntpd restart
[ ~]#chkconfig ntpd on

cisco client

2960(config)#ntp server 192.168.95.2
2960(config)#clock timezone GMT 8      

2960#show clock 
15:05:12.545 GMT Fri Apr 24 2020
2960#show ntp status

相关推荐