You want your routers to automatically learn the time and synchronize their clocks through the network.
Network Time Protocol (NTP) is an open standard protocol for time synchronization. You can implement NTP on a router to provide automatic and efficient time synchronization. To enable a basic NTP configuration, enter the following commands:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#clock timezone EST -5 Router(config)#clock summer-time EDT recurring Router(config)#ntp server 172.25.1.1 Router(config)#end Router#
The ntp server command accepts either IP addresses or hostnames. To use a hostname, however, you will need to configure the router to either use a static host table or DNS for name resolution, as discussed in Chapter 2.
Some low-end routers, such as the Cisco 1000 series, Cisco 1600 series, Cisco 1720 series, and Cisco 1750 series do not support NTP. For these, Cisco provides support for the Simple Network Time Protocol (SNTP), which is a compatible subset of the NTP standard. The SNTP configuration is similar to NTP:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#clock timezone EST -5 Router(config)#clock summer-time EDT recurring Router(config)#sntp server 172.25.1.1 Router(config)#end Router#
When NTP is enabled on a router, it will start trying to synchronize with the configured peers or servers as soon as it boots. By default, the router's clock always displays the time in the UTC time zone. So we recommend configuring an appropriate local time zone as in this example, and shown in more detail in Recipe 14.3 and Recipe 14.4.
Most Cisco routers fully support NTP Versions 1, 2, and 3, and also include some features such as multicast support that are not yet fully standard. There are actually no important protocol differences between the three versions, and they operate together well. The main differences between them are apparent in things such as the algorithms used for estimating latency. Later versions also offer some additional modes of operation.
Version 3 of the NTP protocol has several different modes of operation. A device can be a client, server, peer, multicast client or server, or a broadcast client or server. Once a router has built an NTP association and synchronized its clock, it automatically becomes a fully functional NTP server itself, capable of providing NTP services to other NTP clients.
By default, the source IP address that a router uses for its NTP packets will be the address of the interface that sends them. This is usually not a problem. However, in networks with many redundant paths, it is possible to have a router suddenly change the interface that it uses to communicate with another NTP device simply because the routing tables changed. If the other device is configured to accept only a limited number of connections or if it has rules allowing connections only from certain specified devices, then NTP might break.
To get around these sorts of problems, Cisco provides two methods for manually assigning the source address of NTP packets. The first is a global command that affects all NTP packets, and the second sets different source addresses for different NTP associations.
The global command assigns a source IP address for all associations, even the ones that the router passively accepts:
Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#ntp source loopback0
Router(config)#end
Router#
This example tells NTP to use the IP address of the loopback0 interface as the source address for all NTP associations.
Sometimes you want the router to use different source addresses for different servers:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ntp server 172.25.1.1 source FastEthernet 0/0.1 Router(config)#ntp server 10.1.1.1 source Serial 0/0 Router(config)#end Router#
Assigning a source address for one NTP association like this does not affect other NTP associations on the router. You can assign the global command and the per-association command at the same time, and the router will use the global address for everything except the specifically defined associations.
In Recipe 14.2, we mentioned that many high-end routers contain battery-protected calendars that operate independently from the main system clock. By default, NTP will set only the system clock. But you can also synchronize the calendar with NTP using the ntp update-calendar command:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#ntp update-calendar Router(config)#end Router#
Two other useful timestamps are automatically enabled on routers that have their clocks synchronized with NTP. First, the show version command gives the exact time when the router last initialized:
Router#show version
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-JK9O3S-M), Version 12.2(7a), RELEASE SOFTWARE (fc2)
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Thu 21-Feb-02 03:48 by pwade
Image text-base: 0x80008088, data-base: 0x8153F5D0
ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)
router uptime is 3 days, 2 hours, 7 minutes
System returned to ROM by power-on
System restarted at 20:56:01 EST Sat Mar 8 2003
System image file is "flash:c2600-jk9o3s-mz.122-7a.bin"
<removed>
Second, the show running-config command gives a timestamp of when the configuration last changed and when the running configuration was last saved to NVRAM:
Router#show running-config Building configuration... Current configuration : 3353 bytes ! ! Last configuration change at 21:25:52 EST Tue Mar 11 2003 by ijbrown ! NVRAM config last updated at 22:13:48 EST Sat Mar 8 2003 by kdooley ! version 12.2 service timestamps debug datetime msec service timestamps log datetime localtime service password-encryption service compress-config <removed>
SNTP is another UDP-based time synchronization protocol that is essentially a simplified version of NTP that only supports client time synchronization. Several of Cisco's low-end routers support only SNTP and cannot synchronize the clocks of other devices.
Since SNTP is a subset of NTP, it allows the router to synchronize to central NTP servers, and it can use NTP broadcast messages as well. SNTP is much less accurate than NTP, generally synchronizing clocks only to within 100 milliseconds (a tenth of a second) of one another. SNTP-based routers can obtain time services from multiple NTP sources, but SNTP lacks the ability to make intelligent server decisions (unlike NTP). If the router is configured with several servers, SNTP will simply choose the one with the lowest NTP stratum number. If it knows about two servers that are both at the same stratum level, the router chooses the one that sends the first packet. SNTP will select an NTP server with a higher stratum only if a lower stratum server becomes unreachable.
There are only two SNTP configuration options. The router can communicate directly with a server, or you can configure it to listen for NTP broadcasts:
Router#configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)#sntp ? broadcast Configure SNTP broadcast services server Configure SNTP server Router(config)#end Router#
You can view the SNTP status on the router with the show sntp command:
Router>show sntp SNTP server Stratum Version Last Receive 172.25.1.1 2 3 00:00:24 Synced 172.25.1.3 2 3 00:00:51 Router>
Top |