cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1472
Views
0
Helpful
18
Replies

NTP not synchronizing within remote lan

mmertens
Level 1
Level 1

NTP is configured in the central site core switch to get time from master clock on the internet. Switches at central site sync off the core switch fine. My first remote site router syncs off the core switch fine. However, my three remote LAN switches, I have pointed to remote router, and will not sync off of that. (They can PING the router). Is there some type of vaiance that I need to configure for NTP to allow me to Cascade NTP references?

THANKS!

18 Replies 18

aravindhs
Level 1
Level 1

Hi,

Could you post the NTP related configs on the upstream routers (the routers that serve the NTP requests from the non-synching remote LAN devices). Firstly, any access-lists on the routers ?

MASTER in core site:

!

ntp clock-period 36029347

ntp source Vlan1

ntp server 129.6.15.28

end

Huntington-SW3#sho ntp status

Clock is synchronized, stratum 2, reference is 129.6.15.28

nominal freq is 119.2092 Hz, actual freq is 119.2074 Hz, precision is 2**18

reference time is CAC34E61.EECFF3CC (11:40:17.932 EDT Fri Oct 19 2007)

clock offset is -11.7683 msec, root delay is 253.54 msec

root dispersion is 37.40 msec, peer dispersion is 25.62 msec

Huntington-SW3#

----------------------------

Remote site router:

!

interface FastEthernet0/0

description ***

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex full

speed 100

no mop enabled

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.2.1.1 255.255.255.0

!

!

scheduler allocate 20000 1000

ntp clock-period 17180237

ntp server 10.1.1.3

!

end

Chicago-RT1#sho ntp status

Clock is synchronized, stratum 3, reference is 10.1.1.3

nominal freq is 250.0000 Hz, actual freq is 249.9946 Hz, precision is 2**18

reference time is CAC34F54.899F2E7D (10:44:20.537 CDT Fri Oct 19 2007)

clock offset is -1.1574 msec, root delay is 294.22 msec

root dispersion is 40.22 msec, peer dispersion is 1.65 msec

Chicago-RT1#

----------------------------------------

Remote site switch that will not sync:

!

ntp server 10.2.1.1

end

Chicago-SW1#sho ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

Chicago-SW1#ping 10.2.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Chicago-SW1#

Danilo Dy
VIP Alumni
VIP Alumni

Hi,

First, don't put "ntp disable" in the interface of the remote switch that is use to sync to the central site.

The service port is UDP 123 one way from switch to central site, make sure there is no ACL blocking it.

Regards,

Dandy

Michael

There is not any variance to configure with NTP to accommodate remote sites. The NTP protocol provides the variance without special configuration which should facilitate cascading NTP server references.

There are several things which might cause the symptoms. As mentioned there is the possibility that some access list might be denying traffic and you should check for that. It is also possible to configure ntp access-group which can impact learning NTP. It might be on the server or on the client. Ot there might be ntp authentication configured which could impact operations. Perhaps you can post the ntp configuration of the client which is having problems and of the router from which it is attempting to learn time? It would also be helpful to have the output of show ntp association detail. Perhaps you could post this also?

HTH

Rick

HTH

Rick

Rick,

Below is my configurations: (Thanks for looking.)MASTER in core site:

!

ntp clock-period 36029347

ntp source Vlan1

ntp server 129.6.15.28

end

Huntington-SW3#sho ntp status

Clock is synchronized, stratum 2, reference is 129.6.15.28

nominal freq is 119.2092 Hz, actual freq is 119.2074 Hz, precision is 2**18

reference time is CAC34E61.EECFF3CC (11:40:17.932 EDT Fri Oct 19 2007)

clock offset is -11.7683 msec, root delay is 253.54 msec

root dispersion is 37.40 msec, peer dispersion is 25.62 msec

Huntington-SW3#

----------------------------

Remote site router:

!

interface FastEthernet0/0

description ***

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex full

speed 100

no mop enabled

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.2.1.1 255.255.255.0

!

!

scheduler allocate 20000 1000

ntp clock-period 17180237

ntp server 10.1.1.3

!

end

Chicago-RT1#sho ntp status

Clock is synchronized, stratum 3, reference is 10.1.1.3

nominal freq is 250.0000 Hz, actual freq is 249.9946 Hz, precision is 2**18

reference time is CAC34F54.899F2E7D (10:44:20.537 CDT Fri Oct 19 2007)

clock offset is -1.1574 msec, root delay is 294.22 msec

root dispersion is 40.22 msec, peer dispersion is 1.65 msec

Chicago-RT1#

----------------------------------------

Remote site switch that will not sync:

!

ntp server 10.2.1.1

end

Chicago-SW1#sho ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

Chicago-SW1#ping 10.2.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Chicago-SW1#

Michael

Thank you for posting additional information. It does show ntp achieving sync out to the router before the switch. And the configs posted do show no authentication and no access-groups. So it is strange that the switch is not getting to sync. Could you post the output of show ntp association detail from the switch that is not getting sync?

HTH

Rick

HTH

Rick

Rick, I also did a debug ntp packet and I see it leaving the unsynched client switch but do not see it received at the synced router. I've tried sourcing the router NTP packets from a loopback interface and tried defining a specific NTP access group peer. Again, I can PING the router, the only anomoly about the config is that it is a dot1q trunk between the switch and router. NTP is riding on the default/native vlan1.

Chicago-SW1#sho ntp associat

Chicago-SW1#sho ntp associations detail

10.2.1.1 configured, insane, invalid, unsynced, stratum 16

ref ID 0.0.0.0, time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64

root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000

delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00

precision 2**5, version 3

org time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

rcv time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

xmt time AF3BF7D8.5A3BED80 (20:47:52.352 CST Sun Feb 28 1993)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

Chicago-SW1#sho ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

Chicago-SW1#debug ntp packet

NTP packets debugging is on

Chicago-SW1#term mon

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

*Mar 1 02:53:12: NTP: xmit packet to 10.2.1.1:

*Mar 1 02:53:12: leap 3, mode 3, version 3, stratum 0, ppoll 64

*Mar 1 02:53:12: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000 (0

.0.0.0)

*Mar 1 02:53:12: ref 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: org 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: rec 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: xmt AF3BF918.5A48D69F (20:53:12.352 CST Sun Feb 28 1993)

Rmote site router NTP debug:

022862: Oct 19 13:43:59.703 CDT: NTP: xmit packet to 10.1.1.3:

022863: Oct 19 13:43:59.703 CDT: leap 0, mode 3, version 3, stratum 3, ppoll 64

022864: Oct 19 13:43:59.703 CDT: rtdel 59B6 (350.433), rtdsp 1490 (80.322), ref

id 0A010103 (10.1.1.3)

022865: Oct 19 13:43:59.703 CDT: ref CAC377AF.BC35268D (13:36:31.735 CDT Fri Oc

t 19 2007)

022866: Oct 19 13:43:59.703 CDT: org CAC377AF.B6DE21B9 (13:36:31.714 CDT Fri Oc

t 19 2007)

022867: Oct 19 13:43:59.703 CDT: rec CAC377AF.BC35268D (13:36:31.735 CDT Fri Oc

t 19 2007)

022868: Oct 19 13:43:59.703 CDT: xmt CAC3796F.B43406DC (13:43:59.703 CDT Fri Oc

t 19 2007)

Thanks for your assistance.

Hello,

This should work.

On the router create an access-list like

access-list 4 per any

Then

ntp access-group serve-only 4

The switch should sync up to the router.

Or you could just add the ntp server address you have on the router to the switch. That should work as well.

If I do the access-list/access-group it still doesn't work.

If I set the unsynced client's NTP server address to the switch across the WAN, he syncs up no problem. It's like it's something buggy with the 802.1q trunk between the router and switch.

Do you have a loopback address on the router?

Or on the router, try 'ntp source fa x/x'

Or on the router, try 'ntp source lo0'

Then on the switch point to the loopback address or the fa address.

I got it to sync on a 8021q trunk similiar to yours.

Michael

With all due respect to Bill I would suggest that you not configure an ntp access-group - at least not yet. Until you have the basic functionality going I do not believe it is wise to start complexity like ntp access-group.

Would it be possible for you to post the output of a traceroute from the switch to the ntp router and from the ntp router to the switch? I would like to see traffic patterns in both directions.

HTH

Rick

HTH

Rick

Edison Ortiz
Hall of Fame
Hall of Fame

Do us a favor and manually change the time in the switch to a date closer to the present date.

The current time in the switch is unreal, I didn't think it was possible to have a default time set so far back.

Per your log

*Mar 1 02:53:12: ref 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: org 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: rec 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

December 31st 1899 ? WOW. I believe when trying to sync the time with your cascading NTP server, they can't agree.

Thanks for the suggestion- I will give that a whirl when I get back to the customer site next week. I'll let you know.

Danilo Dy
VIP Alumni
VIP Alumni

Hi Michael,

I think I see your problem.

This is your current configuration

CORE Switch sync to 129.6.15.28 (time-a.nist.gov). Successful!

CORE Switch is NTP Master (Stratum 3).

Remote Router sync to CORE Switch (10.1.1.3). Successful!

Remote Switches sync to Remote Router (10.2.1.1). Fail, because NTP Server is not running in Remote Router!

Recommended solution:

Run NTP Server in Remote Router, add the command line "ntp master 8" to run NTP Server in Stratum 8.

Do not put any ACL/Access-group until you have successfully sync the time (CORE Switch, Remote Router, and Remote Switches). If you put ACL/Access-group in Remote Router, include the folllowing IP Addresses;

CORE Switch IP Address: 10.1.1.3

Remote Switches IP Address: ?

Regards,

Dandy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: