The Cisco IOS allows a device to track the current time and date using a system clock. The system clock starts when the device powers on and can distribute the time to a variety of internal systems, such as recording the time and date for configuration changes, displaying the time of buffered log messages, and sending the time and date in SNMP messages. On Cisco 7000 routers only, the system clock time is set in hardware. On other models, the system clock is set by default to midnight on March 1, 1993.
After it is set, the system clock determines whether the date and time are from a reliable source. If the time source is reliable, it is redistributed to other processes in the IOS; otherwise , the time is available only for display purposes. The following sections discuss how to ensure that the time source you set, such as an atomic clock source, is a reliable source.
You can view the time and date of the system clock using the EXEC command show clock:
SF-1> show clock 06:56:50.314 PST Fri Mar 30 2001
Cisco 7000 series routers contain a calendar that tracks the date and time across system restarts and power outages. On a system restart, the calendar is always initially used to set the system clock. Then another protocol may alter or update the clock. In a network in which no other authoritative time source exists, the calendar can be used as an authoritative time source and can be passed to other processes (such as the Network Time Protocol, NTP, which is discussed in a later section). You can see the current setting of the calendar system by using the show calendar EXEC command:
SF-1> show calendar 06:57:26 PST Fri Mar 30 2001
The system clock keeps track of time internally based on Coordinated Universal Time (UTC), also referred to as Greenwich Mean Time (GMT). The IOS enables you to configure a device with the local time zone and, if relevant, with daylight saving time (referred to as summer-time in the syntax of the IOS) so that the device displays the correct time throughout the year.
If you want your IOS device to indicate the current date and time in debugging and log messages, use the global configuration command service timestamps. You can display the time since the IOS device restarted, the date and time using GMT or the local time zone, and the time to the accuracy of milliseconds . We recommend that you use the configuration commands service timestamps log datetime localtime and service timestamps debug datetime localtime. The command service timestamps log datetime localtime adds the date and time to log messages; service timestamps debug datetime localtime adds the date and time to debug messages.
Several sources can be used to set the system clock. Three of the most commonly used sources are as follows :
These are discussed in greater detail in the next sections.
Manual Time and Date Configuration
If your IOS device is isolated and cannot use an outside authoritative time source, you can set the time and date of the device manually. These settings are valid until the device resets or is reloaded. You should use these manual time control services only when another authoritative time source is unavailable.
To manually set the time zone for your IOS device, use the clock timezone global configuration command. This command takes as options the time zone on which the device is located and the number of hours of difference between that time zone and UTC. For example, for Pacific Standard Time (PST), which is eight hours behind UTC, you enter the following global command: clock timezone PST -8.
If the time zone on which the IOS device resides uses daylight saving time, you need to use the global configuration command clock summer-time recurring. This configuration command takes as an argument the name of the summertime time zone, such as Pacific Daylight Time (PDT). The system clock is set using the global configuration command clock set. In the following example, we set the time zone of the SF-1 router to be PST, enable summertime with the time zone PDT, and set the clock to March 17, 2001, at 14:25:
SF-1# configure Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. SF-1(config)# clock timezone PST -8 SF-1(config)# clock summer-time PDT recurring SF-1(config)# clock set 14:25 17 3 2001 SF-1(config)#^ Z
To set the calendar on Cisco 7000 series routers manually, use the global configuration command calendar set. For this calendar to be a valid source of time and date for other IOS functions, use the clock calendar-valid global configuration.
Network Time Protocol
The Network Time Protocol (NTP), documented in RFC 1305, is a protocol that synchronizes the times of devices operating over an IP data network. The Cisco IOS contains an NTP process that allows a device to send and receive NTP packets. Many vendors have similar NTP processes on their devices and hosts , making NTP the preferred mechanism to synchronize time across your entire network.
NTP distributes a time setting that it gets from an authoritative time source throughout a network. As noted previously, you can set your IOS device manually to be this time source, but preferably your time source will be an atomic clock attached to a time server. You do not need your own atomic clock to use NTP. You can synchronize your time with another source that has heard from an atomic clock.
Like many telephony network clocks, NTP measures the distance between the device on which it is running and an authoritative time source in increments called stratum. A clock that is a stratum 1 time source is directly attached to an atomic clock, a stratum 2 source is synchronized with a stratum 1 source, and so forth. You cannot connect your IOS device directly to a stratum 1 time source. The NTP process in the Cisco IOS automatically synchronizes with the time source that has the lowest stratum. The Cisco NTP process does not synchronize with a time source that is not synchronized with another time source at the same stratum or less. If NTP encounters a time source that has a vastly different time than others in the network, it does not synchronize to this source, even if it is the lowest stratum source.
One device running NTP communicates with another NTP device by making an association. Associations are configured in the Cisco IOS using either the ntp server or the ntp peer global configuration command. A server association means that the IOS device establishes an association with the configured device, not the reverse. In a peer association the devices establish an association with each other. The most common type of association is a server association, in which one authoritative time source is a server for multiple NTP processes on a variety of devices. Figure 7-3 shows a server association between NTP clients and a Cisco IOS device.
Figure 7-3. These NTP Clients Have a Server Association with a Cisco IOS Device That Is Synchronized with a Public Internet Authoritative Time Source
We recommend that you locate an authoritative time source on the public Internet to serve your network. These sources can be located using search tools on the Web and are updated regularly (search for the keyword NTP). A common practice is to have multiple authoritative time sources from multiple locations where your network may connect to the public Internet. For example, if your network has a public Internet connection in Europe and one in the United States, choose an authoritative time source on each continent and let NTP synchronize with the best time source available.
On Cisco 7000 series routers, you can synchronize periodically from NTP to the calendar system. Use the global configuration command ntp update-calendar to perform this task.
On a LAN, you can send and receive NTP messages using broadcast messages, eliminating the need to configure and make an association with every NTP device on the LAN. Use the interface configuration subcommand ntp broadcast client to listen to NTP broadcast messages on an interface. To broadcast NTP messages to a given LAN segment, use the interface subcommand ntp broadcast. A common configuration is to set up your IOS devices on a server association with a public Internet authoritative time source and then to broadcast NTP messages on all LAN interfaces on which other NTP devices reside. In the following example, we configure the NTP process on the SF-1 router to use two public Internet authoritative time sources in Northern California, to update the calendar system periodically based on using NTP date and time, and to broadcast NTP messages on interface (Ethernet 0):
SF-1# configure Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. SF-1(config)# ntp server 184.108.40.206 SF-1(config)# ntp server 220.127.116.11 SF-1(config)# ntp update-calendar SF-1(config)# interface (Ethernet 0) SF-1(config)# ntp broadcast SF-1(config)#^ Z
You can see the NTP associations on an IOS device by using the EXEC command show ntp associations. The first character of each output line tells the status of a particular association, in terms of whether it is synchronized (the last line of the output is a key to the first-column characters ). The output also shows the address of each configured association, the stratum level of the time source, and the master server. Following is an example:
SF-1> show ntp assoc address ref clock st when poll reach delay offset disp *~18.104.22.168 .GPS. 1 127 512 377 285.5 7.57 32.8 +~22.214.171.124 .PPS. 1 207 512 377 147.2 -22.19 18.4 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
You can view NTP status using the EXEC command show ntp status. In the following output, you can see that NTP is synchronized, is at stratum Level 2, and is referencing the authoritative time source at IP address 126.96.36.199:
SF-1> show ntp status Clock is synchronized, stratum 2, reference is 188.8.131.52 nominal freq is 250.0000 Hz, actual freq is 250.0003 Hz, precision is 2**24 reference time is B853B821.9813EB8D (06:58:10 PST Fri Mar 30 2001) clock offset is -7.3067 msec, root delay is 285.46 msec root dispersion is 41.95 msec, peer dispersion is 32.82 msec
If you want to disable NTP, you can do so on a specific interface using the interface sub-command ntp disable. You can limit the type of NTP association that an IOS device can have using the global configuration command ntp access- group . This command requires you to specify the type of association permitted to a specific set of IP addresses given in an IP access list. You can permit the device to establish a peer association or a server associ-ation. You can also permit it to allow time requests from systems only or to permit NTP messages only. In the following example, server associations are permitted from all systems on the 184.108.40.206 network on the SF-1 router:
SF-1# configure Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. SF-1(config)# access-list 50 permit 220.127.116.11 0.0.255.255 SF-1(config)# ntp access-group serve 50 SF-1(config)#^ Z
Simple Network Time Protocol
Cisco 1003, 1004, and 1005 routers run only the Simple Network Time Protocol (SNTP), which is documented in RFC 2030. SNTP is a simplified version of NTP that can receive the time from only NTP servers. SNTP cannot be an authoritative time source for other devices. This limited functionality was deemed appropriate by Cisco because these Cisco 1000 series routers are small devices with a fixed number of interfaces and relatively low performance. SNTP provides time information that is accurate to within approximately 100 milliseconds to the device for use by the IOS.
You can configure SNTP to request and accept packets from configured servers using the global configuration command sntp server. You can have the SNTP process on the router listen to NTP broadcasts by using the global configuration command sntp broadcast client. If you set up both a specific server and the capability of the router to receive broadcast information, the device prefers the highest-strata server, or the configured server if strata from multiple sources are equal. You can view statistics about SNTP using the EXEC command show sntp.