Featured image

Table of Contents Link to heading

System Clock Link to heading

The system clock can be set with:

  1. NTP
  2. Simple Network Time Protocol (SNTP)
  3. Virtual Integrated Network Service (VINES) Time Service
  4. Manual configuration
    • Device clock set hh:mm:ss { day month / month day } year
    • Month can be written in full or simply the first three letters.
  • The system clock keeps track of time internally based on Coordinated Universal Time (UTC), aka Greenwich Mean Time (GMT).
  • Information about the local time zone and daylight savings time can be configured so that the time is displayed correctly relative to the local time zone.
  • The system clock keeps track of whether the time is authoritative or not.
  • If it is not authoritative, the time can be available only for display purposes and cannot be redistributed to other systems.

Clock Synchronisation Link to heading

Info
Ensuring clock synchronisation is crucial to a security-managed network.

If all devices have the correct and synchronised time, it will be easier when looking at the syslog data regarding security or other maintenance issues.

  • network fault diagnosis and recovery - allow the tracking of events in the network in the correct order.
  • Log file accuracy - allow the correct interpretation of events within the syslog data.

Network Time Protocol (NTP) Link to heading

Info
NTP synchronises the system clocks of devices, supporting NTP, over packet-switched, variable-latency data networks (e.g., switches, routers, servers, firewall appliances, and computer workstations).
  • Set up to achieve the correct time from an internal or external time source.
  • Runs over the User Datagram Protocol (UDP), with port 123 as both the source and destination, which in turn runs over IP.
  • Takes up to a few minutes to fully synchronise after configuration.

Simple Network Time Protocol (SNTP) Link to heading

Info
A simplified, client-only version of NTP; certain low-end Cisco devices only support SNTP.
  • Only receives the time from NTP servers and cannot be used to provide time services to other systems.
  • Typically provides time within 100 milliseconds of the accurate time.
  • Does not authenticate traffic, although you can configure extended access lists to provide some protection.
  • An SNTP client is more vulnerable to noncompliant servers than an NTP client and must only be used in situations where strong authentication is not required.
  • An NTP client can perform authentication so the device cannot be fooled into changing the time by an attacker.

Servers versus Clients Link to heading

Tip
To implement NTP, an NTP server and an NTP client must be configured and thus it does require separate client and server applications.
  1. A server provides time synchronisation to every client across the network.
  2. A client is given the IP address of the server in order to get the time.
  • When the NTP is configured, the NTP is automatically synchronised on the client from the server.
  • An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock attached to the server.
  • Information included in the NTP message sent by the server allows the client to determine the server time with respect to local time and adjust the local clock.

Configuration Link to heading

Server Link to heading

Note
Device# ntp master stratum
  • The stratum argument describes how many NTP hops away a machine is from an authoritative time source; default, 8, ranging between 1 and 15.
  • If stratum is 1, the server has a radio or atomic clock directly attached to it.
  • A stratum of 16 means there is no clocking received.
  • A machine that runs NTP automatically chooses the machine with the lowest stratum number that it is configured to communicate with NTP as its time source.
  • The lower the stratum value, the more authoritative/accurate that server, the higher the NTP priority.

Client Link to heading

Note
Device# ntp server server_ip_#
  • The client uses the clock of the server as the reference clock.

Verification Link to heading

  • show clock [detail] displays the current system clock.
    • The detail argument indicates the time zone, time source, and current summer time setting (if any).
    • The time source should read “NTP”.
    • The time source, be default, reads “hardware calendar”.
    • If the clock is configured manually, the time source will read “user configuration”.
  • show ntp status verifies whether or not the clock is synchronised.
  • show ntp association displays the status of each NTP association, as well as its IP address and stratum number.
    • An NTP server is indicated in the association table by the IP address 127.127.x.x.

Manual Time Configuration Link to heading

Example

Configure timezone for Adelaide:

Device# clock timezone ACDT 10 30

  • Australian Central Daylight Time (ACDT) is a time zone used in the middle of Australia, specifically in two Australian states and territories: New South Wales and South Australia.
  • It is 9:30 (or 10:30) hours ahead of Coordinated Universal Time (UTC+9:30 or UTC+10:30). This means that when it is 00:00 (midnight) in UTC, it is 9:30 (or 10:30) in ACDT.