14.1. vro log display timestamp question in the vro log and error message show time answer router # configure Terminal
Enter configuration commands, one per line. End with cntl/Z.
Router (config) # service timestamps log datetime localtime
Router (config) # service timestamps debug datetime localtime
Router (config) # End
Router # You can add the show-timezone and msec parameters after the command to make the timestamp contain time zone information and 14.2 in milliseconds. set Time question set vro time answer internal clock router # clock set 14:27:22 January 29 2006
Router # Battery retention time of high-end routers router # calendar set 14:34:39 January 29 2006
Router # Note: If the router restart time configuration does not disappear without battery protection, show calendar can display the current clock or verify whether battery protection exists, when the internal clock and the calendar clock are inconsistent, you can use clock Update-calendar or clock read-calendar to synchronize 14.3 to each other. set Time Zone question set vro Time Zone answer router # configure Terminal
Router (config) # clock timezone est 5 'clock timezone GMT 8 Beijing Time
Router (config) # End
Router # note that the default vroutc uses UTC, which is the previous gmt14.4. adjust the daylight time format. Question: The vro automatically adjusts the clock in the daylight time format. Answer router # configure Terminal
Router (config) # clock summer-time EDT date 26 Oct 2003 6 Apr 2003
Or router (config) # clock summer-time aedt recurring last sun Oct last sun MAR
Router (config) # End
Router # note that there is no daylight saving time by default. After enabling it, you can use show clock detail to verify the 14.5. Clock Synchronization (NTP) question about the router's automatic synchronization of network time answer router # configure Terminal
Router (config) # clock timezone est-5
Router (config) # clock summer-time EDT recurring
Router (config) # NTP server 172.25.1.1
Router (config) # End
Router # For routers that do not support NTP, use SNTP router # configure Terminal
Router (config) # clock timezone est-5
Router (config) # clock summer-time EDT recurring
Router (config) # SNTP server 172.25.1.1
Router (config) # End
Router # You can use the NTP source loopback0 or NTP server 10.1.1.1 source serial 0/0 command to specify the source address sent by NTP. Because NTP synchronizes the internal clock, you need to configure NTP Update-calendar to synchronize the calendar clock 14.6 at the same time. configure NTP redundancy question configuration multiple NTP servers to provide a redundant answer router # configure Terminal
Router (config) # clock timezone est-5
Router (config) # clock summer-time EDT recurring
Router (config) # NTP server 172.25.1.1
Router (config) # NTP server 10.121.33.231
Router (config) # NTP peer 192.168.12.12 (two-way time available)
Router (config) # End
Router #14.7. Set the vrontp as the network NTP server. Ask a question and set the vrontp as the network NTP server to become the main clock source of the network. Answer router # configure Terminal
Router (config) # clock timezone est 5
Router (config) # clock summer-time EDT recurring
Router (config) # clock calendar-valid allows the use of hardware calendar as the clock source
Router (config) # NTP master 8
Router (config) # End
Router # note that NTP master 8 is set to stratum Level 8. do not configure it as 114.8. adjust NTP synchronization cycle question adjustment how long the vro sends NTP data packets to verify the synchronous answer NTP does not allow manual modification of the synchronization frequency, but the built-in algorithm can automatically adjust the frequency annotation to start a 64-second cycle, if the network is stable enough, the cycle will gradually increase, up to 1024 seconds, as shown in the following example: Router> show NTP associations
Address ref clock st when poll reach delay offset disp
*~ 172.25.1.1 130.207.244.240 2 440 1024 377-1.6 3.23
+ ~ 172.25.1.3 204.152.184.72 2 829 1024 377 1.7 8.06 0.9
* Master (synced), # Master (unsynced), + selected,-Candidate ,~ Configured
Router> 14.9. NTP sends periodic broadcast packets and keeps updating questions. It works in broadcast mode and does not need to periodically query and answer server router1 # configure Terminal
Router1 (config) # clock timezone est-5
Router1 (config) # clock summer-time EDT recurring
Router1 (config) # NTP server 172.25.1.1
Router1 (config) # NTP server 172.25.1.2
Router1 (config) # interface fastethernet0/0
Router1 (config-If) # NTP Broadcast
Router1 (config-If) # End
Router1 #
Client router2 # configure Terminal
Router2 (config) # clock timezone est-5
Router2 (config) # clock summer-time EDT recurring router2 (config) # NTP broadcastdelay 4
Router2 (config) # interface ethernet0
Router2 (config-If) # NTP broadcast Client
Router2 (config-If) # End
Router2 # annotations work in broadcast mode. Time packets are in a single direction and are controlled through broadcastdelay. broadcast mode does not prevent clients from working in Server Client mode 14.10. NTP sends periodic multicast packets. keep updating questions in multicast mode. You do not need to periodically query and answer server router1 # configure Terminal
Router1 (config) # clock timezone est-5
Router1 (config) # clock summer-time EDT recurring
Router1 (config) # NTP server 172.25.1.1
Router1 (config) # NTP server 172.25.1.3
Router1 (config) # interface fastethernet 0/0
Router1 (config-If) # NTP multicast 224.0.1.1 TTL 1
Router1 (config-If) # End
Router1 # client router1 # configure Terminal
Router1 (config) # clock timezone est-5
Router1 (config) # clock summer-time EDT recurring
Router1 (config) # NTP server 172.25.1.1
Router1 (config) # NTP server 172.25.1.3
Router1 (config) # interface fastethernet 0/0
Router1 (config-If) # NTP multicast 224.0.1.1 TTL 1
Router1 (config-If) # End
Router1 #
Note the benefits of multicast over broadcast. In this mode, the initial client will first send some unicast packets to measure the latency to make the time more accurate, note that all devices support the multicast mode 14.11. enable the NTP question Router Based on the interface and configure it as the NTP server, but some ports disable the NTP service from answering the router # configure Terminal
Router (config) # interface serial0/1
Router (config-If) # NTP disable
Router (config-If) # End
Router # or router # configure Terminal
Router (config) # access-list 107 deny UDP any EQ 123 any EQ 123
Router (config) # access-list 107 permit IP any
Router (config) # interface serial0/1
Router (config-If) # IP Access-group 107 in
Router (config-If) # End
Router # The comment control list method is stricter. The first method only blocks associations, but does not block NTP packets 14.12. NTP authentication question authentication NTP packet Security answer server router1 # configure Terminal
Router1 (config) # NTP Authentication-key 2 MD5 neoshi
Router1 (config) # NTP Authenticate
Router1 (config) # NTP trusted-key 2
Router1 (config) # End
Router1 # client router2 # configure Terminal
Router2 (config) # NTP Authentication-key 2 MD5 neoshi
Router2 (config) # NTP Authenticate
Router2 (config) # NTP trusted-key 2
Router2 (config) # NTP server 172.25.1.5 key 2
Router2 (config) # End
Router2 #
Note: The key in broadcast or multicast mode is configured as NTP broadcast key 2 and NTP multicast key 214.13. restrict the number of NTP peers. Ask a question and limit the number of NTP peers that the vro can accept. Answer router # configure Terminal
Router (config) # NTP max-associations 30
Router (config) # End
Router # Note No 14.14. Restrict peers to ask questions to better control the NTP service. Answer router # configure Terminal
Router (config) # access-list 88 permit host 172.25.1.1
Router (config) # access-list 88 permit host 10.1.1.1
Router (config) # access-list 99 permit 172.25.0.0 0.0.255.255
Router (config) # access-list 99 permit 10.2.0.0 0.0.255.255
Router (config) # clock timezone est-5
Router (config) # clock summer-time EDT recurring
Router (config) # NTP server 172.25.1.1 Version 3
Router (config) # NTP server 10.1.1.1 Version 3
Router (config) # NTP access-group peer 88
Router (config) # NTP access-Group serve-only 99
Router (config) # End
Router # note that the vro only allows the internal clock to be synchronized from the two servers defined by acl88. At the same time, only clients of the two CIDR blocks defined by acl99 can request 14.15 time information from the current device. ask a question about setting the clock cycle. You want to adjust the automatically generated NTP clock-period xxxxxx value. The router automatically generates a clock cycle after the restart to accelerate the synchronization, it is not recommended to delete or modify router # Show running-config | include clock-Period
NTP clock-period 17180200
Router #14.16. Check NTP status question view current NTP status answer router> show clock detail
Router> show NTP status
Router> show NTP associations
Router> show NTP associations detail comment router> show clock detail. 15:54:33. 079 est sun Jan 29 2006 time source is NTP there is one before this output. indicates that the clock is not synchronized to 14.17. NTP troubleshooting questions solve NTP errors the answer to NTP is very stable. A major possibility of a problem is the connectivity problem router # debug NTP packets comment router # debug NTP packet NTP packets debugging is on
. Mar 21 02: 39: 18: NTP: xmit packet to 172.25.1.5:
. Mar 21 02: 39: 18: Leap 3, Mode 3, version 3, stratum 0, ppoll 64
. Mar 21 02: 39: 18: rtdel 28c7 (159.286), rtdsp 2444 (141.663), refID ac127101
. Mar 21 02: 39: 18: ref c043c43f. 47a9cd5c (21:30:23. 279 est wed Mar 20 2003)
. Mar 21 02: 39: 18: org 00000000.00000000 (19:00:00. 000 est Thu Dec 31 1899)
. Mar 21 02: 39: 18: REC 00000000.00000000 (19:00:00. 000 est Thu Dec 31 1899)
. Mar 21 02: 39: 18: XMT c043c656.4dfc7394 (21:39:18. 304 est wed Mar 20 2003)
. Mar 21 02: 39: 25: NTP: RCV packet from 172.25.1.5 to 172.16.2.2 on fa0/0.1:
. Mar 21 02: 39: 25: Leap 3, Mode 3, version 3, stratum 0, ppoll 64
. Mar 21 02: 39: 25: rtdel 286e (157.928), rtdsp 0ec6 (57.709), refID ac127101
. Mar 21 02: 39: 25: ref c043c4d7.1d633cde (21:32:55. 114 est wed Mar 20 2003)
. Mar 21 02: 39: 25: org 00000000.00000000 (19:00:00. 000 est Thu Dec 31 1899)
. Mar 21 02: 39: 25: REC 00000000.00000000 (19:00:00. 000 est Thu Dec 31 1899)
. Mar 21 02: 39: 25: XMT c043c65d. 1d0a6cbc (21:39:25. 113 est wed Mar 20 2003)
. Mar 21 02: 39: 25: indium c043c65d. 1296e3c7 (21:39:25. 072 est wed Mar 20 2003)
The above is a debug output, from which we can see that the data packet from the server is displayed as stratum 0, indicating that the server is not synchronized. Since the upstream server is not synchronized, the local server cannot synchronize 14.18. answer router2 # configure Terminal
Router2 (config) # NTP Logging
Router2 (config) # End
Router2 # comment out this command from 12.3 (7) T. Below is a log record router2 # Show logging | include NTP
000019: Jan 29 10:57:52. 633 est: % NTP-5-PEERSYNC: NTP synced to peer 172.25.1.5
000020: Jan 29 10:57:52. 637 est: % NTP-6-PEERREACH: Peer 172.25.1.5 is reachable
000024: Jan 29 11:01:20. 653 est: % NTP-4-PEERUNREACH: Peer 172.25.1.5 is unreachable
000026: Jan 29 11:15:11. 985 est: % NTP-4-UNSYNC: NTP sync is lost 14.19. extended Daylight Saving Time note the setting of the Daylight Saving Time System in the United States was adjusted from 2007 to Save Energy ================== ========================================================== ======
Create an NTP server on Cisco 10.40.0.1
On the NTP server:
Conf t
SNMP-server community public Ro
NTP autentication-key 1 MD5 cxzhzx 7
NTP Authenticate
NTP trusted-key 1
NTP source vlan40
NTP master 1
End client:
Conf t
No NTP
NTP Authentication-key 1 MD5 cxzhzx 7
NTP Authenticate
NTP trusted-key 1
NTP server 10.40.0.1 key 1
End
========================================================== ======================================
NTP (network clock protocol) configuration of the router
Network Time Protocol (NTP) is a protocol used to synchronize computer time. It enables computers to synchronize time with their servers or clock sources (such as quartzels and GPS) to configure NTP synchronization, you must first create a connection for the group. Run the following command to initialize the connection Configuration: NTP server IP _ Address [version number] [Key key_id] [source interface] [prefer] NTP peer IP _ Address [version number] [Key key_id] [source interface] [prefer] if the vro synchronizes with another NTP clock, create a server connection. If the router not only synchronizes with another device, but also allows other devices to synchronize with the router, a peering connection is created. The default version is 3. By default, the authentication key ID is not configured. The source IP address is the IP address of the sending port, and prefer tells IOS the priority of the synchronization peer. To control access to the NTP service on the vro, run the following command: NTP access-Group {query | serve-only | serve | peer} access-list-number query-only: allow NTP control queries from listed IP addresses. Control the SNMP network management workstation used to monitor NTP processes. Serve-only: Allows IP address request events on the access control list. The Router does not synchronize the time to the remote system. Serve: allows time requests and control queries. The Router does not synchronize the time to the remote system. Peer: allows requests and control queries, and allows the router to synchronize time from the remote system. Example: Seattle
Access-List 1 permit 172.16.0.0 0.0.255.255
Access-List 2 permit 128.10.39.11
NTP access-group peer 2
NTP access-Group serve 1
NTP server 128.105.39.11
Tacoma
NTP server 172.16.1.5
The preceding configuration allows the vrotle: settle to synchronize data from a public secondary clock source. The Tacoma of another vro on the same network as the Seattle can be synchronized from the Seattle.
UTC at NTP time. If you want the vro to stay in another time zone, you can use the following command to keep the local time: clock timezone PSt-8
Clock summer-time PDT recurring
Use the NTP Update-calendar command to update the internal calendar with the time obtained by the router using NTP. NTP authentication: NTP Authentication
NTP Authentication-Key number MD5 key
NTP trusted-Key number
NTP server IP-address key number
The NTP authentication must be configured on the NTP server and the router that synchronizes requests. (Globally ). NTP Authentication-key must be configured on all routers. The authentication string defined by this command is assigned a value. The router requesting time synchronization is configured using the NTP trusyed-key command. This command lists the values of the authentication string defined by the NTP Authentication-key command, which must be included in the NTP synchronization request package. Therefore, the NTP trusted-key is only configured on the customer router side. Example: Seattle
NTP authencation
NTP authencation-key 10 MD5 ntpkey
Tacoma
NTP authencation
NTP authencation-key 10 MD5 ntpkey
NTP trusted-key 10
NTP server Seattle key 10
The NTP server Seattle key 10 command of Tacoma specifies that the server must provide the password No. 10 in the NTP package before the Tacoma and Seattle clock are synchronized. From the Tacoma package, you can see the password No. 10 in Seattle. The NTP Authentication-key 10 MD5 ntpkey command in Seattle enables Seattle to include the authentication password in the response packet to Tacoma. 10. troubleshooting: Show NTP status
Sh NTP Association detail
========================================================== ======================================
NTP configuration in the Cisco Network Environment [Network Time Protocol]
NTP configuration in the Cisco Network System
Command Definition
-- NTP access-group: this global command is used for access control of the n t p service on the router.
-- NTP Authenticate: A Global Command that enables n t p authentication.
-- NTP Authentication-key: The Global command is used to define the key value for n t p authentication.
-- NTP broadcast: an interface command used to specify a specific interface to send an n t p broadcast packet.
-- NTP broadcast client: an interface command that enables a router to receive n t p broadcast packets through a specific interface.
-- NTP broadcast delay: A Global Command used to set the estimated time required for a return packet between the router and the n t p server.
-- NTP clock-period: this global command does not need to be input. When you use n t p for system clock synchronization, the router automatically generates this command.
-- NTP Disable: this interface command prevents a specific interface from receiving n t p packets.
-- NTP master: this global command is used to configure the vro as the n t p master clock. This command is used only when no external n t p source is available or for testing purposes.
-- NTP peer: This Global Command synchronizes the system clock of the router with the clock of the Peer (or synchronizes the clock of the Peer ).
-- NTP server: This Global Command synchronizes the system clock of the router from the time server.
-- NTP Source: This Global Command forces the router to use a specific source address in its n t p package.
-- NTP trusted-key: this global command is used to confirm the vro's specific authentication key value.
-- NTP Update-calendar: this global command enables n t p to periodically update the calendar of Cisco 7XXX series routers.
-- Show NTP status: an execution mode command used to display the n t p information of a vro, it indicates whether the router synchronizes the clock through the n t p peer or through the n tp server.
-- Show NTP Association [detail]: this execution mode command displays information related to n t p, such as * query cycle.
========================================================== ======================================
Cisco configures the NTP service and protocol, which is the network time procotol ). It aims to transmit unified and standard time on the Internet. The specific implementation scheme is to specify several clock source websites on the network to provide time service for users, and these websites should be able to compare with each other to improve accuracy. * Server: conf t
NTP autentication-key 1 MD5 cxzhzx 7 NTP Authentication
NTP authenticate NTP Authentication
NTP trusted-key 1 NTP Authentication
NTP source vlan1 sets the original port or IP address of the NTP clock
NTP Update-calendar allows NTP to periodically update the calendar
NTP master 2 allows the local machine to act as the master clock of the NTP protocol. The precision level is 2, which is used for synchronization of other peering bodies.
NTP server 202.112.7.150 specify several clock source websites on the network
End
* Client: conf t
NTP Authentication-key 1 MD5 cxzhzx 7
NTP Authenticate
NTP trusted-key 1
NTP source vlan1
NTP server 10.1.47.100
End
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
A Free Trial That Lets You Build Big!
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
