1-4 System Time


  • System time is maintained by the IOS software. When a router is initialized , the system time is set from a hardware time clock (system calendar) in the router.

  • An accurate system clock is important to maintain for logging and debugging time stamps, various show commands, and timed access lists.

  • System time is maintained as Coordinated Universal Time (UTC or GMT). The format of time as it is displayed can be configured with IOS commands.

  • System time can be set manually or by Network Time Protocol (NTP). In addition, a router's hardware time clock can be updated by NTP if desired.

  • NTP uses the concept of stratum to determine how close an NTP speaker is to an authoritative time source (an atomic or radio clock). Stratum 1 means that an NTP server is directly connected to an authoritative time source. NTP also compares the times reported from all configured NTP peers. It doesn't listen to a peer that has a significantly different time.

  • NTP associations with other NTP peers can be protected through access lists and through an encrypted authentication.

  • For an authoritative time source, NTP can be configured to listen to public NTP servers on the Internet. Alternatively, NTP can be contained within an enterprise network by configuring one router to act as if it has an authoritative time source. Other NTP peers within the organization then synchronize their time with that router.

NTP version 3 is based on RFC 1305 and uses UDP port 123 and TCP port 123. Information about public NTP servers and other NTP subjects can be found at http://www.eecis.udel.edu/~ntp/.

Configuration

You can set the system time either manually or using the Network Time Protocol (NTP).

With manual configuration, you set the time and date on the router, along with the time zone and whether to observe daylight saving time. With manual configuration, the router has no way to preserve the time settings and cannot ensure that the time remains accurate. NTP is defined by RFC 1305. It provides a mechanism for the devices in the network to get their time from an NTP server. With NTP, all the devices are synchronized and keep very accurate time.

Setting the System Time Manually
  1. Set the time zone:

     (global)  clock timezone   zone hrs-offset min-offset  

    The time zone is set to the abbreviated name zone (such as EST, PST, or CET). This name is used only for display purposes. It can be any common zone name. The actual displayed time is defined by an offset in hours ( hrs-offset ) and minutes ( min-offset ) from UTC.

  2. (Optional) Configure daylight saving time:

     (global)  clock summer-time   zone   recurring  [  week day month hh:mm week day   month hh:mm  [  offset  ]] (global)  clock summer-time   zone   date  [  date month   month date  ]  year hh:mm  [  date month   month date  ]  year hh:mm  [  offset  ] 

    If daylight saving time begins and ends on a certain day and week of a month, use the command with the recurring keyword. The week number week (including the words "first" and "last"), the name of the day, the name of the month, and the time hh:mm in 24- hour format can all be given to start and stop daylight saving time. The offset value gives the number of minutes to add during daylight saving time (the default is 60).

    Otherwise, the date keyword can be used to specify the exact date and time that daylight saving time begins and ends in a given year.

  3. (Optional) Set the system cloc"k (IOS clock):

     (exec)  clock set   hh:mm:ss  [  day month   month day  ]  year  

    The time is given in 24-hour format. day is the day number, month is the name of the month, and year is the full four-digit year.

    The system clock is set from the hardware calendar when the router is restarted. It also can be set manually from the hardware calendar using the (exec) clock read-calendar command.

  4. (Optional) Set the system calendar (hardware clock):

     (exec)  calendar set   hh:mm:ss  [  day month   month day  ]  year  

    The hardware clock is set to the given time (24-hour format) and date. The month is the name of the month, day is the day number, and year is the full four-digit year. As an alternative, the system calendar can also be set from the system clock using the (exec) clock update-calendar command.

Setting the System Time Through NTP
  1. Define one or more NTP peer associations:

     (global)  ntp peer   ip-address  [  version   numbe  r] [  key   keyi  d]   [  source   interfac  e] [  prefer  ] 

    The NTP peer is identified at ip-address. The NTP version can be given with the version keyword (1 to 3; the default is version 3). If NTP authentication will be used, the key keyword identifies the authentication key to use (see Step 3b). If desired, the source address used in NTP packets can be taken from an interface using the source keyword. Otherwise, the router uses the source address from the outbound interface. The preferred keyword forces the local router to provide time synchronization if there is contention between peers.

  2. (Optional) Configure NTP delivery.

    1. Configure NTP broadcast service:

       (global)  ntp broadcast  [  version   number  ] (global)  ntp broadcast client  (global)  ntp broadcastdelay   microseconds  

      By default, NTP sends and receives unicast packets with peers. Broadcasts can be used instead if several NTP peers are located on a common network. The ntp broadcast command enables the sending of broadcast packets. The ntp broadcast client command enables the reception of broadcast packets. The ntp broadcastdelay command sets the round-trip delay for receiving client broadcasts (1 to 999999 microseconds; the default is 3000).

    2. Set the NTP source IP address:

       (global)  ntp source   interface  

      The source address used for all NTP packets is taken from interface. This address can be overridden for specific NTP peers with the ntp peer command.

    3. Disable NTP on an interface:

       (interface)  ntp disable  

      By default, NTP is enabled on all interfaces. This command disables the reception and processing of NTP packets on a single interface.

  3. (Optional) Restrict access to NTP.

    1. Restrict by access list:

       (global)  ntp access-group  {  query-only   serve-only   serve   peer  }  acc-list  

      A standard IP access list can be used to limit NTP communication to only those addresses permitted by the list. A specific NTP transaction can be applied to the access list using the following keywords: query-only (allow only control queries), serve-only (allow only time requests ), serve (allow requests and queries, but don't synchronize to a remote peer), and peer (allow requests and queries, and allow synchronization to a remote peer).

      More than one ntp access-group command can be given, each with different transactions and access lists. The first match found in sequential order is granted.

    2. Restrict by NTP authentication.

      • Enable NTP authentication:

         (global)  ntp authenticate  
      • Define an authentication key:

         (global)  ntp authentication-key   key-number   md5   value  

        An MD5 authentication key numbered key-number is created. The key is given a text-string value of up to eight cleartext characters . As soon as the configuration is written to NVRAM, the key value is displayed in its encrypted form.

      • Apply one or more key numbers to NTP:

         (global)  ntp trusted-key   key-number  

        Remote NTP peers must authenticate themselves using the authentication key numbered key-number. This command can be used multiple times to apply all desired keys to NTP.

  4. (Optional) Make the router an authoritative NTP source.

    1. Use the hardware calendar as an authoritative source:

       (global)  clock calendar-valid  

      If no outside authoritative NTP time source is available or desirable, the local router can be configured to use its hardware system calendar as an authoritative source. The calendar time can then be forwarded by NTP to other peer routers.

    2. Enable NTP authoritative source service:

       (global)  ntp master  [  stratum  ] 

      The local router is configured as an authoritative source at stratum level stratum (1 to 15; the default is 8). If no NTP peers at a lower stratum level can be found, the router advertises itself at the configured stratum and can begin synchronizing clocks on other peers.

Example

The router is configured for the U.S. Eastern time zone and daylight saving time. The hardware clock is set, and the system clock is then set from the hardware clock.

  clock timezone EST -5   clock summer-time EST recurring 1 sunday april 2:00 last sunday october 2:00   exit   calendar set 12:52:00 august 6 2001   clock read-calendar  

NTP is configured for authentication. One key, sourceA, authenticates a peer at 172.17.76.247, and another key, sourceB, authenticates a peer at 172.31.31.1.

  ntp authenticate   ntp authentication-key 1 md5 sourceA   ntp authentication-key 2 md5 sourceB   ntp trusted-key 1   ntp trusted-key 2   ntp peer 172.17.76.247 key 1   ntp peer 172.31.31.1 key 2  


Cisco Field Manual[c] Router Configuration
Cisco Field Manual[c] Router Configuration
ISBN: 1587050242
EAN: N/A
Year: 2005
Pages: 185

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net