From: Curt Girardin (curt.girardin@chicos.com)
Date: Wed Sep 27 2006 - 22:50:09 ART
Team,
A few days ago I posted an email and later sent out a copy of the
DMVPN.ppt presetation that many people requested. In it, I made a
statement that more or less said that when a router has a certificate
installed, it will start up with it's clock set within the certificate
validity period. The statement was based on a post I read on
group-study (I think). However I have not been able to find any
supporting documentation. Does anyone know this to be true (that the
clock will automatically be set within the validity period of an
installed certificate)? If so, where can I find the documentation.
I have been looking around and I have found the following command, which
sounds like it might have the same effect:
http://www.cisco.com/univercd/cc/td/doc/product/software/ios124/124cr/hn
m_r/nmg_01h.htm#wp1163678
Thanks,
Curt
clock save interval
To preserve recent date and time information in NVRAM for when a Cisco
IOS device without a battery-backed calendar is power-cycled or
reloaded, use the clock save interval command in global configuration
mode. To return to the default disabled state, use the no form of this
command.
clock save interval hours
no clock save interval hours
Syntax Description
hours
Interval at which the time will be stored in NVRAM. Accepted intervals
range from 8 to 24 hours.
Defaults
This function is disabled by default.
Command Modes
Global configuration
Command History
Release Modification
12.3(2)T
This command was introduced.
Usage Guidelines
The benefit of using this command is that upon returning from a system
reload or power cycle, the system clock will be set to a time and date
near the current time and date instead of being reset to the system
default time and date. In the absence of better information, Cisco IOS
devices will initially set their system clocks to epoch start, which
will typically be midnight (UTC) March 1, 1993 or 2002.
When this command is entered, the date and time are saved to NVRAM at
the interval specified by this command, and also during any shutdown
process. When the system starts up, the system clock is set to the last
time and date saved to NVRAM.
All Cisco IOS devices support Network Time Protocol (NTP) or Simple
Network Time Protocol (SNTP) to learn the time from the network, and
some Cisco IOS devices have built-in battery-backed clocks to maintain
that time. The clock save interval command is for those Cisco IOS
devices that do not have battery-backed clocks and need to know the time
and date before they can start communicating with a network. Because the
March 1 system default date will likely occur before the valid date of
any recently issued certificate, communications attempted with almost
any certificate will fail because it is not yet valid according to the
local clock.
Saving the time at a 24-hour interval should work well for most
networks, unless there is a certificate that maintains a shorter life
span.
Being aware of the time and date is critical for networking devices, and
it becomes an issue when communication to a network requires use of a
time-based credential, such as a certificate that has start and end
dates and times. NTP and SNTP are the proper ways to set the time of a
network device. The clock save interval command is intended to
complement use of NTP and SNTP, so this command is useful only when a
certificate is required to initiate communication to an NTP server, and
the Cisco IOS device does not have a battery-back hardware clock, but
does have NVRAM.
The system time will only be saved to NVRAM when set by an authoritative
source such as NTP or SNTP; the system will not save the time entered
through the set clock command. Additionally, a clock is considered valid
only when the following criteria apply:
*The clock was set by the user using the set clock command and declared
authoritative by the clock calendar-valid command.
*The clock time was learned through NTP or SNTP.
Through a confluence of events, there is no means to authoritatively
declare a user-entered time as valid unless the calendar (battery-backed
date and time) is declared valid. Since there is no actual calendar in a
system with this command, the clock calendar-valid command is
unavailable, and therefore a user-entered time can never be considered
authoritative on platforms without a battery-backed calendar. This state
is intentional because a battery-backed clock continues to run, and an
NVRAM clock will stay the same. And again, for these reasons the clock
save interval command must complement the use of NTP and SNTP.
Examples
The following example shows how to configure a Cisco IOS device to save
the time at 24-hour intervals:
Router(config)# clock save interval 24
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:41 ART