Solved: Configuring 6500 as NTP server

harinirina · ‎12-30-2008

Hi all,

We'd like to use a Catalyst 6500 as NTP server for all devices in the network.

On the 6500, we added the following commands :

ntp trusted-key 10

ntp authenticate

ntp authentication-key 10 md5 xxx

ntp master

On the client :

ntp server <IP_loopback_6500>

ntp source l0

ntp authentication-key 10 md5 xxx

we have the following output on the client

SW_1#sh ntp associations

address ref clock st when poll reach delay offset disp

~172.255.254.161 0.0.0.0 16 101 64 0 0.0 0.00 16000.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

SW_1#sh ntp associations d

172.255.254.161 configured, insane, invalid, unsynced, stratum 16

ref ID 0.0.0.0, time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)

our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64

root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000

delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00

precision 2**5, version 3

org time CD04D7BE.25C861C4 (17:24:14.147 UTC Tue Dec 30 2008)

rcv time AF3C2A00.EDD4E899 (06:21:52.929 UTC Mon Mar 1 1993)

xmt time AF3C2A40.ECB62DF3 (06:22:56.924 UTC Mon Mar 1 1993)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

What should be the right command to use so that other devices could have time from the 6500?

Edison Ortiz · ‎12-31-2008

Does it work if you remove the NTP authentication on both client and server?

If so, then we can troubleshoot the authentication piece.

__

Edison.

View solution in original post

Jon Marshall · ‎12-30-2008

I know it's a bit obvious but just a quick sanity check -

SW_1 can ping the 6500 loopback address

The 6500 can ping SW_1 loopback address

Jon

Edison Ortiz · ‎12-30-2008

The client is seeing the NTP server as stratum 16. Can we see the show ntp asso and show ntp sta from the 6500?

__

Edison.

rmcarthur · ‎12-30-2008

Hi, I think you need to configure an authorative time source on the 6500 for it to sync it's clock to before it's seen as anything other than stratum 16 and insane.

You will need to find a public NTP server in your location and point the 6500 at that with the

!

ntp server

!

command. Make sure you allow NTP through any acls you have between 6500 and internet.

Google public NTP servers for a list and check whether the admins of the servers require notification before use.

Hope this helps

harinirina · ‎12-31-2008

Hi all,

Server and client can ping each other.

Here is the conf of ntp and ntp status

SWT_Client#sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

SWT_Client#sh run | inc ntp

ntp authentication-key 10 md5 09625A1932000E32090F096B 7

ntp trusted-key 10

ntp source Loopback0

ntp server 172.255.254.161 key 10 prefer

SWT_Client#sh ntp associations d

172.255.254.161 configured, insane, invalid, unsynced, stratum 16

ref ID 0.0.0.0, time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)

our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64

root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000

delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00

precision 2**5, version 3

org time CD04D7BE.25C861C4 (17:24:14.147 UTC Tue Dec 30 2008)

rcv time AF3C2A00.EDD4E899 (06:21:52.929 UTC Mon Mar 1 1993)

xmt time AF3D2800.ED745EBA (00:25:36.927 UTC Tue Mar 2 1993)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

SWT_Server#sh ntp st

Clock is synchronized, stratum 1, reference is .LOCL.

nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24

reference time is CD05A9E7.8F467E74 (08:20:55.559 UTC Wed Dec 31 2008)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.02 msec, peer dispersion is 0.02 msec

SWT_Server#sh run | inc ntp

ntp authentication-key 10 md5 0525121F0A4957291B061A53 7

ntp broadcastdelay 1

ntp source Loopback0

ntp master 1

ntp update-calendar

SWT_Server#sh ntp ass d

127.127.7.1 configured, our_master, sane, valid, stratum 0

ref ID .LOCL., time CD05AB27.8F44B099 (08:26:15.559 UTC Wed Dec 31 2008)

our mode active, peer mode passive, our poll intvl 64, peer poll intvl 64

root delay 0.00 msec, root disp 0.00, reach 377, sync dist 0.015

delay 0.00 msec, offset 0.0000 msec, dispersion 0.02

precision 2**18, version 3

org time CD05AB27.8F44B099 (08:26:15.559 UTC Wed Dec 31 2008)

rcv time CD05AB27.8F44B099 (08:26:15.559 UTC Wed Dec 31 2008)

xmt time CD05AB27.8F44269D (08:26:15.559 UTC Wed Dec 31 2008)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filterror = 0.02 0.99 1.97 2.94 3.92 4.90 5.87 6.85

Reference clock status: Running normally

Timecode:

Edison Ortiz · ‎12-31-2008

Does it work if you remove the NTP authentication on both client and server?

If so, then we can troubleshoot the authentication piece.

__

Edison.