Guest

Cisco NAC Appliance (Clean Access)

Field Notice: FN - 62729 - U.S. Daylight Savings Time Policy Changes Effective March 2007 - For Cisco Clean Access Products


March 1, 2007

NOTICE:

THIS FIELD NOTICE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTY OF MERCHANTABILITY. YOUR USE OF THE INFORMATION ON THE FIELD NOTICE OR MATERIALS LINKED FROM THE FIELD NOTICE IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS FIELD NOTICE AT ANY TIME.


Products Affected

Products Affected

3300 - NAC3310

3300 - NAC3350

3300 - NAC3390

CCA AGENT

CCA ENF

CCA MGR

CCA SVR

 

Problem Description

New U.S. Daylight Savings Times rules go into effect in March 2007. Consequently, customers whose network components rely on the default U.S. summertime clock settings within Cisco Clean Access software will be affected by the following problem.

For operating systems that have not been updated with the new U.S. DST policy changes, timestamps will exhibit a one hour time clock offset lasting three weeks beginning at 2 A.M. on the second Sunday in March of 2007. They will also exhibit a one hour time clock offset lasting one week beginning at 2 A.M. on the first Sunday in November.

Any time-dependent product features of Cisco Clean Access will be affected by this problem unless you upgrade the software image as herein described.

Example of potential concerns:

This could cause major problems in your network. If you are using Kerberos in your network, it will fail. Kerberos requires that the time between the client and server be within about five minutes. Other authentication devices could also fail when the times are off. It also makes troubleshooting more difficult because the log times are off by an hour.

Background

On August 8, 2005, the Energy Policy Act of 2005 (H.R.6.ENR), was signed into law. Section 110 of this Act modified the time change dates for Daylight Saving Time (DST) in the U.S.

Beginning in March of 2007, DST will begin on the second Sunday of March and end the first Sunday of November.

For 2007 and beyond, the daylight saving time period will be:

2:00 A.M. on the second Sunday in March

to

2:00 A.M. on the first Sunday in November

For more information on the Energy Policy Act of 2005, see H.R. 6. (See Section 110)

Problem Symptoms

Networking systems often make use of local time to mark logs, as well as to schedule certain events, such as IP SLA schedule starts, or the beginning or end of a time-based access-list.

In addition, inconsistencies between time zone definitions may impact event correlation systems as well as other management systems relating to problem escalation. Having accurately represented local time is a very big concern for most organizations. Local time may be reflected in logs and on phone displays. This is especially true of systems that require accurate time and time stamping for proper operations.

For networking systems, the clock or clock source is often derived from a trusted chronological source such as a private or public Atomic clock, often through Network Time Protocol (NTP). NTP communicates time in Coordinated Universal Time (UTC), colloquially known as GMT, and thus is not impacted, nor is a workaround for statutory time zone changes. Local time definitions, including summertime settings are part of the configuration of most Cisco products.

Network Time Protocol (NTP) Implications

Regardless of whether or not network components are configured to use differing clock sources such as UTC and NTP, networks will be affected when clock summer-time commands are enabled with incorrect parameters.

Workaround/Solution

The solution is to upgrade to one of the following versions:

The following releases have the required fix:

3.005(011.001), 3.6(4.3), 4.0(3.3), 4.0(4), 4.1(0)

These releases are available at the following location: Software Center (Downloads) Cisco Secure Software (registered customers only) along with the Release Notes documentation that describes the upgrade process.

DDTS

To follow the bug ID link below and see detailed bug information, you must be a registered user and you must be logged in.

DDTS

Description

CSCsg44268 (registered customers only)

Need to accomodate for new daylight saving time regime from 2007

 

Revision History

Revision

Date

Comment

1.1

06-MAR-2007

Added version 3.6(4.3) to releases with required fix in the Workaround/Solution section.

1.0

01-MAR-2007

Initial Public Release

 

For More Information

If you require further assistance, or if you have any further questions regarding this field notice, please contact the Cisco Systems Technical Assistance Center (TAC) by one of the following methods:

Receive Email Notification For New Field Notices

Product Alert Tool - Set up a profile to receive email updates about reliability, safety, network security, and end-of-sale issues for the Cisco products you specify.