I am currently trying to sync all our routers/devices and servers to use a single source for time. I've set all routers to pull time from an single router that points to an outside source. One problem, though. We have an IDS 4200 that has to get it's time from an authenticated connection. The document goes on about configuring a router as an NTP server and using it's internal clock as the time source. Does this clock use a BIOS battery like servers to provide a power source? I understand about needing a secure source for time for our IDS, but this doesn't seem to be a good way to handle providing correct time. As already mentioned abouve, I'm hoping to sync all devices with an external atomic clock. Any insights/suggestions?
There are several interesting aspects to the question that Chris asks. First the objective question: do Cisco routers have a battery and clock/calendar chip so that they maintain time over a boot? Some do and some do not. In general the higher part of the product line does and the lower end of the product line does not. It is pretty easy to determine on a router by router basis: just boot and then show clock.
Beyond that there are some interesting aspects which do not have clear answers. If you are already planning to have a router learn time from an external (reliable) source then what are the implications of having the IDS learn that time? If Security is insistent that the IDS not be compromised by being dependent on an outside resource, then it would be fairly simple to set up one (or two - depending on whether redundancy is important) routers to supply time to the IDS. Making a router function as NTP master is quite easy.
I would also ask the question that if Chris is going to need to set up an internal router to function as NTP master then why not just have the network devices learn time from that one (instead of having two different times masters in the network - one internal and one external)? I would suggest that for most networks it is most important that time accross network devices be consistent but not neccesarily as important that the time be precisely accurate.
I think it is also good practice to configure two devices as master and to have network devices configured with two time sources, so that there is not a potential single point of failure. And if you really take NTP seriously then 3 sources are better than 2.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...