NTP server is running on a Linux machine.

NTP Status from router not working:

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24

reference time is CC28B5C4.FD1E3E38 (11:00:36.988 PST Wed Jul 16 2008)

clock offset is -7.0256 msec, root delay is 168.08 msec

root dispersion is 71.73 msec, peer dispersion is 0.47 msec

NTP Status from different router.

Clock is synchronized, stratum 4, reference is 172.17.2.166

nominal freq is 249.5901 Hz, actual freq is 249.5873 Hz, precision is 2**18

reference time is CC28E17F.B5C3C30C (14:07:11.710 PST Wed Jul 16 2008)

clock offset is -0.1556 msec, root delay is 8.09 msec

root dispersion is 32.78 msec, peer dispersion is 0.03 msec

Do you have nat or fw between routers and ntp ?

Yes firewall is in front of NTP server. I have allowed anything over NTP to it as I have some switches and other firewall accessing it.

Are you doing NTP authentication. If you are then make sure the key configured is correct. Another thing to check is if you are using a different source address for NTP peering then make sure you can ping the NTP server from the sourced IP. NTP is somewhat flaky and I have had some situations where I had to reload the box to make NTP sync as there's no clear command to try and force it to sync up.

HTH

Sundar

Mike

We might be in a better position to answer your issue if we had more details about your environment. Perhaps you could post the output of show run | include ntp

Also it might be help if you would post the output of show ntp association detail

HTH

Rick

Some information on the environment.

3640 ISP router

(cannot connect to NTP)

|

2912 Switch connected to router

(cannot connect to NTP server)

|

Two Juniper Firewall Connected to Switch

(can connect to NTP server)

|

4500 Switch Connected to firewalls

(can connect to NTP server)

Show NTP config of 3640:

ntp source FastEthernet2/0

ntp server 69.25.233.209

Sh ntp associayion:

address ref clock st when poll reach delay offset disp

~69.25.233.209 0.0.0.0 16 - 64 0 0.0 0.00 16000.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

I am not using any Authentication. I am sourcing the ip address of interface and I am able to ping the NTP server from that address.

I was originally allowing the access list in the firewall as:

permit udp any gt 1023 host 69.25.233.209 eq ntp

I changed it to:

permit udp any host 69.25.233.209 eq ntp

That solved the problem thanks

Mike

I am glad that my suggestion helped you solve your problem. Thank you for using the rating system to indicate that your problem was solved (and thanks for the rating). It makes the forum more useful when people can read about about a problem and can know that a suggestion did lead to a solution.

HTH

Rick

Hello,

what is the source interface for your NTP config ? Paste the configuration of your router if possible...

One thing you could try is to set the clock manually to something close to real time, that sometimes help with synchronization:

Router#clock set