Does Security Belong Near Endpoints?
I noticed that you may not initially be able to set the clock time and date on Nexus 5Ks. For example:
SWITCH-5K2# sh clock 18:16:56.460 UTC Fri Jun 12 2009 SWITCH-5K2# clock set 13:21:00 13 feb 2014 Setting clock from CLI is not allowed in this VDC. SWITCH-5K2#
However, the clock set command worked fine on my Nexus 7Ks. After a bit of digging, I found that this is a known big in NX-OS 5.2(1) on Nexus 5Ks: https://tools.cisco.com/bugsearch/bug/CSCub52048/?referring_site=ss
I also noticed that I had an impacted version of the NX-OS:
SWITCH-5K2# sh ver | i system: system: version 5.2(1)N1(1b) SWITCH-5K2#
There are a couple of work-arounds:
a) You can set the clock protocol to none in configuration mode, and then set the clock and time.
SWITCH-5K2#conf t Enter configuration commands, one per line. End with CNTL/Z. SWITCH-5K2(config)# clock prot none SWITCH-5K2(config)# clock set 13:23:00 13 feb 2014 Thu Feb 13 13:23:00 UTC 2014 SWITCH-5K2(config)# sh clock 13:23:11.122 UTC Thu Feb 13 2014 SWITCH-5K2(config)#
b) You could also use NTP (or PTP) to set the clock and date.
SWITCH-5K2(config)# clock prot ntp SWITCH-5K2(config)# sh cloc 13:23:31.519 UTC Thu Feb 13 2014 SWITCH-5K2(config)# sh run | i ntp SWITCH-5K2(config)# SWITCH-5K2(config)# ntp server 172.16.3.4 use-vrf management SWITCH-5K2(config)# ! my NTP server is reachable from the management port . . . ! wait awhile for NTP to synch with the server (also for me to eat lunch) SWITCH-5K2# SWITCH-5K2# sh clock 14:34:43.470 UTC Thu Feb 13 2014 SWITCH-5K2# sh ntp statistic loc system uptime: 8017 time since reset: 8017 old version packets: 482 new version packets: 0 unknown version number: 0 bad packet format: 0 packets processed: 482 bad authentication: 0 SWITCH-5K2# sh ntp peer-status Total peers : 1 * - selected for sync, + - peer mode(active), - - peer mode(passive), = - polled in client mode remote local st poll reach delay ------------------------------------------------------------------------ *172.16.3.4 0.0.0.0 2 64 377 0.00189 SWITCH-5K2#
Does Security Belong Near Endpoints?
Replicating at Speed
Practice Safe BGP
Virgilio “Bong” has sixteen years of professional experience in IT industry from academe, technical and customer support, pre-sales, post sales, project management, training and enablement. He has worked in Cisco Technical Assistance Center (TAC) as a member of the WAN and LAN Switching team. Bong now works for Tech Data as the Field Solutions Architect with a focus on Cisco Security and holds a few Cisco certifications including Fire Jumper Elite.
John is our CTO and the practice lead for a talented team of consultants focused on designing and delivering scalable and secure infrastructure solutions to customers across multiple industry verticals and technologies. Previously he has held several positions including Executive Director/Chief Architect for Global Network Services at JPMorgan Chase. In that capacity, he led a team managing network architecture and services. Prior to his role at JPMorgan Chase, John was a Distinguished Engineer at Cisco working across a number of verticals including Higher Education, Finance, Retail, Government, and Health Care.
He is an expert in working with groups to identify business needs, and align technology strategies to enable business strategies, building in agility and scalability to allow for future changes. John is experienced in the architecture and design of highly available, secure, network infrastructure and data centers, and has worked on projects worldwide. He has worked in both the business and regulatory environments for the design and deployment of complex IT infrastructures.