cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1908
Views
10
Helpful
10
Replies

NTP Server

ANGELO DE MASI
Level 1
Level 1

Hi, i'd like to know if Cisco Pix 525 - 6.3(1) and/or Cisco Catalyst 3750 can act as NTP Server or just as client.

Thanks in advance

10 Replies 10

Jon Marshall
Hall of Fame
Hall of Fame

Hi

From the 3750 configuration guide

=============================================

The switch does not have a hardware-supported clock and cannot function as an NTP master clock to which peers synchronize themselves when an external NTP source is not available. The switch also has no hardware support for a calendar. As a result, the ntp update-calendar and the ntp master global configuration commands are not available.

=============================================

So no to the 3750.

Unfortunately the pix cannot do this either.

Jon

Angelo

Jon is correct that the 3750 can not generate accurate NTP time on its own (no outside source) because of the limitations listed. I am not clear from your post whether you need it to operate completely independently or whether there is a possibility that the 3750 could learn time from some source (perhaps an NTP source on the Internet). If the 3750 can learn time then I believe that it could function as NTP server for other devices in the network.

HTH

Rick

HTH

Rick

Hi Rick,

It's exactly that you wrote what I need. Cisco Pix and Cisco 3750 can learn time by NTP from an external server but I also should need that at least one of them could act as NTP server for other devices in the network. Do you think it's possible?

hi

angelo

Hi Angelo

As usual Rick is correct in what he says. You cannot use the 3750 as a master but it looks like you can use it as an NTP server for other devices. I don't have 3750 in lab but i do have 3560 and it has the same caveats as 3750 so i thought i'd test it

3560 lab switch synched to a ntp server

=======================================

lab_sw1#sh ntp status

Clock is synchronized, stratum 3, reference is 10.15.1.11

nominal freq is 119.2092 Hz, actual freq is 119.2087 Hz, precision is 2**18

reference time is CA4ADE46.7735F706 (07:09:58.465 UTC Fri Jul 20 2007)

clock offset is 15.4096 msec, root delay is 42.42 msec

root dispersion is 36.29 msec, peer dispersion is 4.84 msec

lab_sw1#

3550 lab switch synched to the 3560

===================================

HQ-FTZ-F00-SW1#sh ntp status

Clock is synchronized, stratum 4, reference is 10.15.1.4

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18

reference time is CA4ADDF9.1E5EEED1 (07:08:41.118 UTC Fri Jul 20 2007)

clock offset is 0.3215 msec, root delay is 48.74 msec

root dispersion is 15904.91 msec, peer dispersion is 15875.02 msec

HQ-FTZ-F00-SW1#

HTH

Jon

Hi Jon,

thank you for you reply. So you mean that your 3550 is synched with your 3560? Ok I'll test my 3750 in the same way. Any idea about the Cisco PIX?

Angelo

Yes i got the 3550 to sync off the 3560.

I'm sure the pix can only act as an ntp client.

HTH

Jon

Hi,

I started configuring my 3750 with this command:

ntp server a.b.c.d

but I get this result from show ntp status:

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2082 Hz, precision is 2**17

reference time is 00000000.00000000 (01:00:00.000 CET Mon Jan 1 1900)

clock offset is 0.1575 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.09 msec

what could be the problem?

Hi

Number of things

1) Do you have any firewalls in between your 3750 and the time source

2) Do you have any authentication turned on on your ntp master/server.

3) Presumably you can ping the ntp server/master ?

Jon

1. Yes I do. there is a cisco PIX between 3750 and ntp server, but NTP packets from inside to outside are allowed in the configuration

2.there is no authentication. NTP server is a public server.

3. Yes i can ping NTP server from 3750

Angelo

Are you sure that the source ip address being used by the switch for it's ntp is the same IP address that is allowed through your firewall.

You can use the command

ntp source "interface" to set the source interface on your switch.

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco