10-19-2007 06:54 AM - edited 03-03-2019 07:15 PM
NTP is configured in the central site core switch to get time from master clock on the internet. Switches at central site sync off the core switch fine. My first remote site router syncs off the core switch fine. However, my three remote LAN switches, I have pointed to remote router, and will not sync off of that. (They can PING the router). Is there some type of vaiance that I need to configure for NTP to allow me to Cascade NTP references?
THANKS!
10-19-2007 07:08 AM
Hi,
Could you post the NTP related configs on the upstream routers (the routers that serve the NTP requests from the non-synching remote LAN devices). Firstly, any access-lists on the routers ?
10-19-2007 08:10 AM
MASTER in core site:
!
ntp clock-period 36029347
ntp source Vlan1
ntp server 129.6.15.28
end
Huntington-SW3#sho ntp status
Clock is synchronized, stratum 2, reference is 129.6.15.28
nominal freq is 119.2092 Hz, actual freq is 119.2074 Hz, precision is 2**18
reference time is CAC34E61.EECFF3CC (11:40:17.932 EDT Fri Oct 19 2007)
clock offset is -11.7683 msec, root delay is 253.54 msec
root dispersion is 37.40 msec, peer dispersion is 25.62 msec
Huntington-SW3#
----------------------------
Remote site router:
!
interface FastEthernet0/0
description ***
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.2.1.1 255.255.255.0
!
!
scheduler allocate 20000 1000
ntp clock-period 17180237
ntp server 10.1.1.3
!
end
Chicago-RT1#sho ntp status
Clock is synchronized, stratum 3, reference is 10.1.1.3
nominal freq is 250.0000 Hz, actual freq is 249.9946 Hz, precision is 2**18
reference time is CAC34F54.899F2E7D (10:44:20.537 CDT Fri Oct 19 2007)
clock offset is -1.1574 msec, root delay is 294.22 msec
root dispersion is 40.22 msec, peer dispersion is 1.65 msec
Chicago-RT1#
----------------------------------------
Remote site switch that will not sync:
!
ntp server 10.2.1.1
end
Chicago-SW1#sho ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18
reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
Chicago-SW1#ping 10.2.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Chicago-SW1#
10-19-2007 07:52 AM
Hi,
First, don't put "ntp disable" in the interface of the remote switch that is use to sync to the central site.
The service port is UDP 123 one way from switch to central site, make sure there is no ACL blocking it.
Regards,
Dandy
10-19-2007 08:08 AM
Michael
There is not any variance to configure with NTP to accommodate remote sites. The NTP protocol provides the variance without special configuration which should facilitate cascading NTP server references.
There are several things which might cause the symptoms. As mentioned there is the possibility that some access list might be denying traffic and you should check for that. It is also possible to configure ntp access-group which can impact learning NTP. It might be on the server or on the client. Ot there might be ntp authentication configured which could impact operations. Perhaps you can post the ntp configuration of the client which is having problems and of the router from which it is attempting to learn time? It would also be helpful to have the output of show ntp association detail. Perhaps you could post this also?
HTH
Rick
10-19-2007 08:58 AM
Rick,
Below is my configurations: (Thanks for looking.)MASTER in core site:
!
ntp clock-period 36029347
ntp source Vlan1
ntp server 129.6.15.28
end
Huntington-SW3#sho ntp status
Clock is synchronized, stratum 2, reference is 129.6.15.28
nominal freq is 119.2092 Hz, actual freq is 119.2074 Hz, precision is 2**18
reference time is CAC34E61.EECFF3CC (11:40:17.932 EDT Fri Oct 19 2007)
clock offset is -11.7683 msec, root delay is 253.54 msec
root dispersion is 37.40 msec, peer dispersion is 25.62 msec
Huntington-SW3#
----------------------------
Remote site router:
!
interface FastEthernet0/0
description ***
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
duplex full
speed 100
no mop enabled
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 10.2.1.1 255.255.255.0
!
!
scheduler allocate 20000 1000
ntp clock-period 17180237
ntp server 10.1.1.3
!
end
Chicago-RT1#sho ntp status
Clock is synchronized, stratum 3, reference is 10.1.1.3
nominal freq is 250.0000 Hz, actual freq is 249.9946 Hz, precision is 2**18
reference time is CAC34F54.899F2E7D (10:44:20.537 CDT Fri Oct 19 2007)
clock offset is -1.1574 msec, root delay is 294.22 msec
root dispersion is 40.22 msec, peer dispersion is 1.65 msec
Chicago-RT1#
----------------------------------------
Remote site switch that will not sync:
!
ntp server 10.2.1.1
end
Chicago-SW1#sho ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18
reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
Chicago-SW1#ping 10.2.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.2.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Chicago-SW1#
10-19-2007 09:26 AM
Michael
Thank you for posting additional information. It does show ntp achieving sync out to the router before the switch. And the configs posted do show no authentication and no access-groups. So it is strange that the switch is not getting to sync. Could you post the output of show ntp association detail from the switch that is not getting sync?
HTH
Rick
10-19-2007 10:44 AM
Rick, I also did a debug ntp packet and I see it leaving the unsynched client switch but do not see it received at the synced router. I've tried sourcing the router NTP packets from a loopback interface and tried defining a specific NTP access group peer. Again, I can PING the router, the only anomoly about the config is that it is a dot1q trunk between the switch and router. NTP is riding on the default/native vlan1.
Chicago-SW1#sho ntp associat
Chicago-SW1#sho ntp associations detail
10.2.1.1 configured, insane, invalid, unsynced, stratum 16
ref ID 0.0.0.0, time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000
delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00
precision 2**5, version 3
org time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
rcv time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
xmt time AF3BF7D8.5A3BED80 (20:47:52.352 CST Sun Feb 28 1993)
filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0
Chicago-SW1#sho ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18
reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
Chicago-SW1#debug ntp packet
NTP packets debugging is on
Chicago-SW1#term mon
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
Chicago-SW1#
*Mar 1 02:53:12: NTP: xmit packet to 10.2.1.1:
*Mar 1 02:53:12: leap 3, mode 3, version 3, stratum 0, ppoll 64
*Mar 1 02:53:12: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000 (0
.0.0.0)
*Mar 1 02:53:12: ref 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
*Mar 1 02:53:12: org 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
*Mar 1 02:53:12: rec 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
*Mar 1 02:53:12: xmt AF3BF918.5A48D69F (20:53:12.352 CST Sun Feb 28 1993)
Rmote site router NTP debug:
022862: Oct 19 13:43:59.703 CDT: NTP: xmit packet to 10.1.1.3:
022863: Oct 19 13:43:59.703 CDT: leap 0, mode 3, version 3, stratum 3, ppoll 64
022864: Oct 19 13:43:59.703 CDT: rtdel 59B6 (350.433), rtdsp 1490 (80.322), ref
id 0A010103 (10.1.1.3)
022865: Oct 19 13:43:59.703 CDT: ref CAC377AF.BC35268D (13:36:31.735 CDT Fri Oc
t 19 2007)
022866: Oct 19 13:43:59.703 CDT: org CAC377AF.B6DE21B9 (13:36:31.714 CDT Fri Oc
t 19 2007)
022867: Oct 19 13:43:59.703 CDT: rec CAC377AF.BC35268D (13:36:31.735 CDT Fri Oc
t 19 2007)
022868: Oct 19 13:43:59.703 CDT: xmt CAC3796F.B43406DC (13:43:59.703 CDT Fri Oc
t 19 2007)
Thanks for your assistance.
10-19-2007 11:03 AM
Hello,
This should work.
On the router create an access-list like
access-list 4 per any
Then
ntp access-group serve-only 4
The switch should sync up to the router.
Or you could just add the ntp server address you have on the router to the switch. That should work as well.
10-19-2007 11:20 AM
If I do the access-list/access-group it still doesn't work.
If I set the unsynced client's NTP server address to the switch across the WAN, he syncs up no problem. It's like it's something buggy with the 802.1q trunk between the router and switch.
10-19-2007 11:38 AM
Do you have a loopback address on the router?
Or on the router, try 'ntp source fa x/x'
Or on the router, try 'ntp source lo0'
Then on the switch point to the loopback address or the fa address.
I got it to sync on a 8021q trunk similiar to yours.
10-19-2007 11:28 AM
Michael
With all due respect to Bill I would suggest that you not configure an ntp access-group - at least not yet. Until you have the basic functionality going I do not believe it is wise to start complexity like ntp access-group.
Would it be possible for you to post the output of a traceroute from the switch to the ntp router and from the ntp router to the switch? I would like to see traffic patterns in both directions.
HTH
Rick
10-19-2007 12:27 PM
Do us a favor and manually change the time in the switch to a date closer to the present date.
The current time in the switch is unreal, I didn't think it was possible to have a default time set so far back.
Per your log
*Mar 1 02:53:12: ref 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
*Mar 1 02:53:12: org 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
*Mar 1 02:53:12: rec 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)
December 31st 1899 ? WOW. I believe when trying to sync the time with your cascading NTP server, they can't agree.
10-22-2007 04:27 AM
Thanks for the suggestion- I will give that a whirl when I get back to the customer site next week. I'll let you know.
10-19-2007 06:44 PM
Hi Michael,
I think I see your problem.
This is your current configuration
CORE Switch sync to 129.6.15.28 (time-a.nist.gov). Successful!
CORE Switch is NTP Master (Stratum 3).
Remote Router sync to CORE Switch (10.1.1.3). Successful!
Remote Switches sync to Remote Router (10.2.1.1). Fail, because NTP Server is not running in Remote Router!
Recommended solution:
Run NTP Server in Remote Router, add the command line "ntp master 8" to run NTP Server in Stratum 8.
Do not put any ACL/Access-group until you have successfully sync the time (CORE Switch, Remote Router, and Remote Switches). If you put ACL/Access-group in Remote Router, include the folllowing IP Addresses;
CORE Switch IP Address: 10.1.1.3
Remote Switches IP Address: ?
Regards,
Dandy
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide