3560's no longer display 'Last configuration change' or NVRAM config ...'

Answered Question
Oct 10th, 2007

We have 2 3560's that might have a problem as neither switch will no longer display the 'Last configuration change' or the 'NVRAM config last updated' lines when running 'sh config'. So far, I can ping devices located on each switch.

Also when doing a 'sh clock' both switches will display '*HH:MM:SS.mmm PST Tue Mar 2 1993'.

Both clocks can successfully ping the ntp server.

Any ideas for troubleshooting?

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 1 month ago

Michael

The reason that the Last configuration change does not show up is that the switch no longer knows the authoritative time. If the switch knows authoritative time it will include the Last configuration change and if it does not know time then it does not.

So the issue is why do the switches no longer learn NTP. Do I understand from your post that they are configured for NTP? Did NTP work at one point and now it does not work?

Perhaps you can post the NTP configuration. I can think of several things that might cause this but seeing the configuration would be a good place to start.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Richard Burts Wed, 10/10/2007 - 10:25

Michael

The reason that the Last configuration change does not show up is that the switch no longer knows the authoritative time. If the switch knows authoritative time it will include the Last configuration change and if it does not know time then it does not.

So the issue is why do the switches no longer learn NTP. Do I understand from your post that they are configured for NTP? Did NTP work at one point and now it does not work?

Perhaps you can post the NTP configuration. I can think of several things that might cause this but seeing the configuration would be a good place to start.

HTH

Rick

djgizmo250 Wed, 10/10/2007 - 10:44

Here's the output (*deleted* = the information I deleted):

Current configuration : 9448 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

no service password-encryption

!

hostname *deleted*

!

!

no aaa new-model

clock timezone PST -8

clock summer-time PDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

ip subnet-zero

ip domain-name *deleted*

ip name-server *deleted*

ip name-server *deleted*

!

!

!

!

errdisable recovery cause psecure-violation

errdisable recovery cause storm-control

no file verify auto

!

spanning-tree mode mst

spanning-tree portfast default

spanning-tree extend system-id

!

spanning-tree mst configuration

name *deleted*

revision 11

instance *deleted*

!

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1 - interface FastEthernet0/48 *deleted*

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

ip address *deleted*

!

ip default-gateway *deleted*

ip classless

no ip http server

!

logging *deleted*

logging *deleted*

snmp-server community *deleted* RO

snmp-server community *deleted* RW

snmp-server location *deleted*

snmp-server contact *deleted*

snmp-server chassis-id *deleted*

!

control-plane

!

!

line con 0

exec-timeout 0 0

stopbits 1

line vty 0 4

password *deleted*

login

line vty 5 15

password *deleted*

login

!

ntp server *deleted*

!

end

lgijssel Wed, 10/10/2007 - 10:53

Still, I believe that Rick has put you on the right track. Having an ntp server entry in the config is not sufficient for ntp to operate as the server might be down or inactive. This happens a lot to ntp servers. When you do a "sh ntp stat" you can verify that the time is still synchronized?

Leo

djgizmo250 Wed, 10/10/2007 - 11:16

I can ping the NTP server from the switch, but could it still be inactive?

Here's the "sh ntp stat":

Switch#sh ntp stat

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (16:00:00.000 PST Wed Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

Switch#

lgijssel Wed, 10/10/2007 - 11:23

So, this is your solution, just as Rick assumed. The clock is no longer synchronized, likely while the ntp server has died.

Try to select another ntp server (preferrably one that is working)and the info will come back.

Leo

Richard Burts Wed, 10/10/2007 - 11:33

Michael

Yes it is possible that the server is inactive (at least as far as the NTP service is concerned). And the NTP status really just tells us that the switch is not learning NTP (I would focus on the line:

Clock is unsynchronized, stratum 16, no reference clock

and especially the part about no reference clock as indicating that it has not been communicating with the NTP server). It is possible that show ntp association detail would tell us a bit more that might be useful.

We are still do not know if the NTP server is an internal network device or an external device. It would be helpful to know whether other devices are using this server for NTP and if so are they learning time or not?

HTH

Rick

Pardon me for jumping in,

Can you provide the output of SHOW NTP STATUS and maybe consider adding NTP LOGGING so that you might catch a message or two in the log file?

As with many things, Ping doesn't check everything, and especially if NTP is down, or not running correctly on the subject NTP SERVER.

Also, are other devices on your network experiencing the same? SHOW NTP STATUS and SHOW NTP ASSOCIATIONS.

Bill

djgizmo250 Wed, 10/10/2007 - 11:31

I added the NTP LOGGING.

Here's the SHOW NTP ASSOCIATIONS (masked the IP with x's):

Switch#sh ntp associations

address ref clock st when poll reach delay offset disp

~x.x.x.x x.x.x.x 4 726 1024 377 1.1 460962 22.4

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Switch#

Richard Burts Wed, 10/10/2007 - 11:39

Michael

It will be interesting to see if the NTP logging shows anything.

The show ntp association shows some things and if you add the detail parameter as I requested it will show more. In this output it would be very helpful to know whether the reference clock (the second set of x.x.x.x) was zero or non-zero. If it is zero it tends to indicate that we have not communicated with the server. If it is non-zero then it indicates that we have communicated with the server but something is preventing learning time.

HTH

Rick

Richard Burts Wed, 10/10/2007 - 11:00

Michael

Thank you for posting the config. It gives us a place to start. I see that there is a single NTP server configured but can not tell whether that NTP server is a device in your network or whether it is external.

Your original post indicates that the switch can ping the server and that would appear to indicate that basic IP connectivity is not an issue. I wonder if there is any possibility that the configuration might have changed, for example is it possible that NTP had been configured for authentication and now is not authenticating?

I also wonder if there is any possibility that there is an access list or a firewall that is in the data path that may be permitting ping to go through but is not permitting NTP to go through?

It might be helpful if you could post the output of show ntp association detail.

HTH

Rick

djgizmo250 Wed, 10/10/2007 - 11:38

Thanks for your quick responses. Looks like we figured it out. It was pointing to an old NTP address. We updated it and it is now synched with the correct time. The "Last config..." and "NVRAM config..." are now appearing.

Thanks guys!

Richard Burts Wed, 10/10/2007 - 11:43

Michael

I am glad that you got it resolved. Thank you for posting back to the thread indicating that it was solved and what the solution turned out to be. I think the possibility that the server might have moved around or changed was in the back of the mind for several of us.

Thank you for using the rating system to indicate that your problem was solved (and thanks for the rating). It makes the forum more useful when people can read about a problem and can know that they will read the solution that solved the problem.

I encourage you to continue your participation in the forum.

HTH

Rick

djgizmo250 Wed, 10/10/2007 - 11:47

No problem! I always get good responses that help solve the issues we encounter via this forum.

I'll keep posting. Thanks again guys!

Actions

This Discussion