Configuring NTP on a Cisco device is an easy, and essential, step when configuring a new router or switch. SYSLOG log entries are all stamped with the time and if the time is off from device to device it will make t-shooting events and event correlation that much more difficult. So, the solution is to use NTP, or Network Time Protocol, and synch all of your network devices to a common time source.

So, what are your time source options? Simple, you can go direct to the source and connect to a NIST time server at time.nist.gov. Or, in a Windows based network you can use a domain controller. Once you’ve got your source in mind we can begin to configure NTP.

So, first, if you’re dealing with a new device out of the box you need to get it configured to a point where it has network connectivity itself, either with the internet if you’re planning on using NIST, or your local network if you’re using a local DC. To do that start by setting your local timezone. To do that use the “clock” command in configure terminal mode.

switch(config)#clock timezone EST -5

Clock timezone and then a WORD. This word should be something meaningful for you so you know the timezone you’re setting. For me, I used EST because I am in the Eastern Standard timezone. Then, set your offset in hours from Universal Coordinated Time. Not sure what your offset is? Check here.

Next, let’s configure Day Light savings time. The commands will be similar:

switch(config)#clock summer-time EDT recurring

So just as in the above command the syntax is looking for a WORD after ‘summer-time.’ This should be something meaningful to you as an administrator, so the Daylight equivalent abbreviation for your time-zone. Tje recurring let’s the device know that daylight savings time happens regularly and without any other input it will follow the normal start and stop for daylight savings time.

Next, before we attempt to sync up with an NTP server we need to set the time manually to within pretty close to the current time. Otherwise, if the current time on the device is years, or decades, off from the current time a sync may never happen.

switch#clock set 12:00:00 2 OCT 2017

So the above command sets the date and time to noon on October 2nd, 2017. Adjust your command accordingly. I like to set the time to within 10 minutes of the time on my PC, this way when synchronization occurs the time will change and its apparent that something has happened.

So, now it’s time to set our NTP Server. You can use a DNS name or an IP Address, but if you’re going to use a dns name you need to ensure that DNS is configured to work on your device. If you want to use NIST you can ping time.nist.gov and it’ll return your closest NIST time server. For example if I do that from the computer I’m writing this article from I get 198.111.152.100.  Once you have an ip address in mind you can move to the next command:

switch(config)#ntp server 198.111.152.100

Alternatively if you wanted to use a FQDN like time.nist.gov or pool.ntp.org you’d need to set up DNS servers first, and make sure ip domain-lookup is enabled. To configure DNS servers use the command ip name-server followed by the IP(s) of the DNS server you’d like to use. I like to use Cisco Umbrella DNS servers so the command looks like this:

ip name-server 208.67.222.222 208.67.220.220

To check and see if your work was successful you’ll use the command ‘show ntp status’ and get an output that looks like this:

switch#show ntp status
Clock is synchronized, stratum 5, reference is 10.1.1.10
nominal freq is 286.1023 Hz, actual freq is 286.0962 Hz, precision is 2**20
ntp uptime is 232331300 (1/100 of seconds), resolution is 3496
reference time is DD7CD87B.1D86F11B (11:23:39.115 EDT Mon Oct 2 2017)
clock offset is -48.4549 msec, root delay is 131.86 msec
root dispersion is 314.69 msec, peer dispersion is 15.63 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000021145 s/s
system poll interval is 1024, last update was 6009 sec ago.

The key word you’re looking for is in the first line of the output and that is “synchronized.” If you see that then you’re clock is synchronized. You can also do a show clock to get the current date and time and it now should be spot on with your local computer, smart phone, or just about anything else.

Now, in my personal experience I have had occasion where when I do a show ntp status the status says “unsynchronized,” but in fact the time has changed and is accurate. I’m not sure why devices do this. But, I usually just find another source and then the next time it syncs right up.

The Stratum level is important because that let’s you know how far away from the nearest actual atomic clock you are. For example, if you’re getting your time from a time server that is getting it’s time from one of THE atomic clocks around the world than it’s stratum level is 1. In this example my lab DC is a stratum 5. The stratum level also let’s the device make adjustments to it’s time to account for time differentials and get the time to be as accurate as possible, within milliseconds.

Here is all the above code rolled all together for your viewing pleasure:

switch(config)#clock timezone EST -5
switch(config)#clock summer-time EDT recurring 
switch#clock set 12:00:00 2 OCT 2017
switch(config)#ntp server 198.111.152.100
switch#show ntp status
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s