|
|
This chapter describes how to configure the Network Time Protocol (NTP) on the Catalyst 5000, 4000, 2948G, and 2926G series switches.
This chapter consists of these sections:
NTP synchronizes timekeeping among a set of distributed time servers and clients. This synchronization allows events to be correlated when system logs are created and other time-specific events occur.
An NTP server must be accessible by the client switch. NTP runs over UDP, which in turn runs over IP. NTP is documented in RFC 1305. All NTP communication uses Coordinated Universal Time (UTC), which is the same as Greenwich Mean Time. An NTP network usually gets its time from an authoritative time source, such as a radio clock or an atomic clock attached to a time server. NTP distributes this time across the network. NTP is extremely efficient; no more than one packet per minute is necessary to synchronize two machines to within a millisecond of one another.
NTP uses a stratum to describe how many NTP hops away a machine is from an authoritative time source. A stratum 1 time server has a radio or atomic clock directly attached, a stratum 2 time server receives its time from a stratum 1 time server, and so on. A machine running NTP automatically chooses as its time source the machine with the lowest stratum number that it is configured to communicate with through NTP. This strategy effectively builds a self-organizing tree of NTP speakers.
NTP has two ways to avoid synchronizing to a machine whose time might be ambiguous:
The communications between machines running NTP, known as associations, are usually statically configured; each machine is given the IP address of all machines with which it should form associations. Accurate timekeeping is possible by exchanging NTP messages between each pair of machines with an association. However, in a LAN environment, you can configure NTP to use IP broadcast messages. With this alternative, you can configure the machine to send or receive broadcast messages, but the accuracy of timekeeping is marginally reduced because the information flow is one-way only.
Cisco's implementation of NTP does not support stratum 1 service; it is not possible to connect to a radio or atomic clock. We recommend that you obtain the time service for your network from the public NTP servers available in the IP Internet. If the network is isolated from the Internet, Cisco's NTP implementation allows a machine to be configured so that it acts as though it is synchronized using NTP, when in fact it has determined the time using other means. Other machines then synchronize to that machine using NTP.
A number of manufacturers include NTP software for their host systems, and a publicly available version for systems running UNIX and its various derivatives is also available. This software allows host systems to be time-synchronized as well.
Table 26-1 shows the default NTP configuration.
| Feature | Default Value |
|---|---|
Broadcast client mode | Disabled |
Client mode | Disabled |
Broadcast delay | 3000 microseconds |
Time zone | Not specified |
Offset from UTC | 0 hours |
Summertime adjustment | Disabled |
NTP server | None specified |
Authentication mode | Disabled |
These sections describe how to configure NTP:
Configure the switch in NTP broadcast-client mode if an NTP broadcast server, such as a router, regularly broadcasts time-of-day information on the network. To compensate for any server-to-client packet latency, you can specify an NTP broadcast delay (a time adjustment factor for the receiving of broadcast packets by the switch).
To enable NTP broadcast-client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable NTP broadcast-client mode. | set ntp broadcastclient enable |
Step 2 (Optional) Set the estimated NTP broadcast packet delay. | set ntp broadcast delay microseconds |
Step 3 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to enable NTP broadcast-client mode on the switch, set a broadcast delay of 4000 microseconds, and verify the configuration:
Console> (enable) set ntp broadcastclient enable NTP Broadcast Client mode enabled Console> (enable) set ntp broadcastdelay 4000 NTP Broadcast delay set to 4000 microseconds Console> (enable) show ntp Current time: Tue Jun 23 1998, 20:25:43 Timezone: '', offset from UTC is 0 hours Summertime: '', disabled Last NTP update: Broadcast client mode: enabled Broadcast delay: 4000 microseconds Client mode: disabled NTP-Server ---------------------------------------- Console> (enable)
Configure the switch in NTP client mode if you want the client switch to regularly send time-of day requests to an NTP server. You can configure up to ten server addresses per client.
To configure the switch in NTP client mode, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the IP address of the NTP server. | set ntp server ip_addr |
Step 2 Enable NTP client mode. | set ntp client enable |
Step 3 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to configure the NTP server address, enable NTP client mode on the switch, and verify the configuration:
Console> (enable) set ntp server 172.20.52.65 NTP server 172.20.52.65 added. Console> (enable) set ntp client enable NTP Client mode enabled Console> (enable) show ntp Current time: Tue Jun 23 1998, 20:29:25 Timezone: '', offset from UTC is 0 hours Summertime: '', disabled Last NTP update: Tue Jun 23 1998, 20:29:07 Broadcast client mode: disabled Broadcast delay: 3000 microseconds Client mode: enabled NTP-Server ---------------------------------------- 172.16.52.65 Console> (enable)
Authentication can enhance the security of a system running NTP. When you enable the authentication feature, the client switch will send time-of-day requests only to trusted NTP servers. The authentication feature is documented in RFC 1305.
You can configure up to ten authentication keys per client. Each authentication key is actually a pair of two keys:
To authenticate the message, the client authentication key must match that of the server. Therefore, the authentication key must be securely distributed in advance. (that is. the client administrator must get the key pair from the server administrator and configure it on the client).
To enable authentication, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 4 Define an authentication key pair for NTP and specify whether the key will be trusted or untrusted. | set ntp key public_key [trusted | untrusted] md5 secret_key |
Step 5 Specify the IP address of the NTP server and the public key. | set ntp server ip_addr [key public_key] |
Step 6 Enable NTP client mode. | set ntp client enable |
Step 7 Enable NTP authentication. | set ntp authentication enable |
Step 8 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to configure the NTP server address, enable NTP client and authentication modes on the switch, and verify the configuration:
Console> (enable) set ntp server 172.20.52.65 key 879 NTP server 172.20.52.65 with key 879 added. Console> (enable) set ntp client enable NTP Client mode enabled Console> (enable) set ntp authentication enable NTP authentication feature enabled Console> (enable) show ntp Current time: Tue Jun 23 1998, 20:29:25 Timezone: '', offset from UTC is 0 hours Summertime: '', disabled Last NTP update: Tue Jun 23 1998, 20:29:07 Broadcast client mode: disabled Broadcast delay: 3000 microseconds Client mode: enabled Authentication: enabled NTP-ServerServer Key ---------------------------------------- ---------- 172.16.52.65 Key NumberModeKey String --------------------------------------------------- Console> (enable)
You can specify a time zone for the switch to display the time in that time zone. You must enable NTP before you set the time zone. If NTP is not enabled, this command has no effect. If you enable NTP and do not specify a time zone, UTC is shown by default.
To set the time zone, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Set the time zone. | set timezone zone hours [minutes] |
Step 2 Verify the time zone configuration. | show timezone |
This example shows how to set the time zone on the switch:
Console> (enable) set timezone Pacific -8 Timezone set to 'Pacific', offset from UTC is -8 hours Console> (enable)
You can have the switch advance the clock one hour on the first Sunday in April at 2:00 a.m. and move back the clock one hour on the last Sunday in October at 2:00 a.m.
To enable the daylight saving time clock adjustment, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Enable the daylight saving time clock adjustment. | set summertime enable [zone_name] |
Step 2 Verify the configuration. | show summertime |
This example shows how to have the clock adjusted for daylight saving time:
Console> (enable) set summertime enable Pacific Summertime is enabled and set to 'Pacific' Console> (enable)
To disable the daylight saving time clock adjustment, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable the daylight saving time clock adjustment. | set summertime disable [zone_name] |
Step 2 Verify the configuration. | show summertime |
This example shows how to disable the daylight saving time adjustment:
Console> (enable) set summertime disable Arizona Summertime is disabled and set to 'Arizona' Console> (enable)
To clear the time zone settings and return the time zone to UTC, perform this task in privileged mode:
| Task | Command |
|---|---|
Clear the time zone settings. | clear timezone |
This example shows how to clear the time zone settings:
Console> (enable) clear timezone Timezone name and offset cleared Console> (enable)
To remove an NTP server address from the NTP servers table on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Specify the NTP server to remove. | clear ntp server [ip_addr | all] |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to remove an NTP server address from the NTP server table:
Console> (enable) clear ntp server 172.16.64.10 NTP server 172.16.64.10 removed. Console> (enable)
To disable NTP broadcast-client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
set ntp broadcastclient disable | |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to disable NTP client mode on the switch:
Console> (enable) set ntp broadcastclient disable NTP Broadcast Client mode disabled Console> (enable)
To disable NTP client mode on the switch, perform this task in privileged mode:
| Task | Command |
|---|---|
Step 1 Disable NTP client mode. | set ntp client disable |
Step 2 Verify the NTP configuration. | show ntp [noalias] |
This example shows how to disable NTP client mode on the switch:
Console> (enable) set ntp client disable NTP Client mode disabled Console> (enable)
Posted: Mon Jul 19 12:48:24 PDT 1999
Copyright 1989-1999©Cisco Systems Inc.