Time Settings on Cisco Devices using NTP
Configuring time on our personal computers and phones is a really simple task. Unfortunately, Cisco hasn’t made it very easy to configure time on their devices. Because timestamps are such an important part of network analysis having accurate and consistent time from device to device is very important.
Note: To create consistent time between devices, this tutorial assumes you have an NTP server running or have access to an NTP server on the public Internet which to sync your devices.
All Cisco devices have at least a software based system clock. Some of them have an additional clock called the system calendar (aka. hardware clock). When a system boots, the operating system references the software clock reads the system calendar and assigns itself a time based on the calendar. NTP can set both clocks.
NTP can use authentication to make sure authorized devices are accessing the server’s resources. NTP authentication is pretty straight forward:
Router1(config)# ntp authenticate
Router1(config)# ntp authentication-key 123456 md5 value
Router1(config)# ntp trusted-key 1
||Turns on NTP authentication|
||The authentication method for NTP requires a key (in this case 123456) and an associated value which is a md5 hash.|
||This is a key which is also used for authentication for NTP. It is different from the key in the previous command.|
Note: I am not sure why it requires two different keys. If you know, please comment.
The next step is to assign NTP peers so the device can pull the date and time from the server.
Router1(config)# ntp peer 184.108.40.206
220.127.116.11 is the IP address of the server. There are other arguments which can be specified such as NTP version number and authentication keys. This tutorial is only covering the basics so none of those at this time.
NTP should now be working and the software clock is synchronized. If the system has a system calendar, run the following command to automatically update the calendar’s time:
Router1(config)# ntp update-calendar
Finally, verify your association with show ntp associations. This will output any servers you are associated with. If any of the IP addresses have a * before it, you are successfully synchronized. Cisco has a good document which details the show command.