When doing any type of troubleshooting I am big on log files. To get the most out of your log files, however, you need the time stamps to be accurate. For time stamps to be accurate you need to ensure your systems are all running with exactly the same time. There are a few ways to set the time on your Cisco devices; let’s take a look.
First, let’s see what time our router is reporting:
R1#show clock *00:05:51.279 UTC Fri Mar 1 2002
As you can see it’s a little off… We can set the clock manually or through a time server. First, lets set the clock manually.
R1#clock set 09:25:00 29 Oct 2012 *Oct 29 09:25:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 00:10:59 UTC Fri Mar 1 2002 to 09:25:00 UTC Mon Oct 29 2012, configured from console by console.
As you can see the time was set successfully and a message was logged reporting the action. As you can see the timestamp uses the newly updated time as well. If you need to view the time information just use the “show clock” command.
R1#show clock 09:44:25.379 UTC Mon Oct 29 2012
Adding “detail” to the command will indicate how the time was actually configured. We can see below it is manually user configured.
R1#show clock detail 09:44:36.779 UTC Mon Oct 29 2012 Time source is user configuration
This is great to get the time fairly accurate but what can be done to synchronize time network wide to a fraction of a second accuracy? The answer is Network Time Protocol (NTP). There are a number of NTP servers on the internet you can hit for time information. You may not know it but there is also a good chance a time server is already in existence on your network. Windows domain authentication and Kerberos rely heavily on accurate time. The domain controller keeps time in the windows world but also offers a standard NTP service our network devices can connect to.
Let’s say our domain controller has the IP addresses of 192.168.1.10 for this example. Let’s also reset our router to default time settings so we can see the difference in time more clearly.
R1#show clock detail *00:00:57.751 UTC Fri Mar 1 2002 No time source
As you can see there is no time source set. Let’s point R1 to our domain controller.
R1(config)#ntp server 192.168.1.10
Nothing to it! Now issue the “show ntp associations” command for details:
R1#sh ntp associations address ref clock st when poll reach delay offset disp *~192.168.1.10 126.96.36.199 3 118 1024 377 0.9 7.69 8.3 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
As you can see the NTP server is displayed and the time server downstream is also shown. If we again issue the “show clock detail” command we now see NTP as our time source.
R1#show clock detail 10:19:50.722 UTC Mon Oct 29 2012 Time source is NTP
So with that simple configuration our devices should now be operating with the correct time. The final step is to verify the logging settings are correct. You should see something like this line installed in your configuration. If not, go ahead and add it.
R1(config)# service timestamps log datetime localtime
To verify, we can then look at log messages and see the time stamps are accurate.
R1# show logging ...some output omitted… Oct 29 11:47:08: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/7, changed state to up Oct 29 11:49:01: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet1/0/7, changed state to down
I hope this information has been useful to help you get started with network time! I have included some additional resource in case you should need more information.