NTP association problem

Unanswered Question
May 23rd, 2009


I have Core Router, Distribution and Access router.

Objective is

Core Router will get clock from Internet

Distribution Routers will associate with Core Router for NTP clock and

access Routers will associate Distribution Router for NTP Clock.

I have configured Core router as NTP master with command "ntp master 2" and "ntp server x.x.x.x"(to rx clock from Internet)

Distribution Router

"ntp peer <ip address of Core Router>

Access router

"ntp server <ip address of distribution router>"

Is the method I followed is correct. Do I have to change any thing to achieve this. Because access routers clock is not in sync. I doubt whether i am conceptually wrong


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (4 ratings)
ldmccalla Sat, 05/23/2009 - 07:34

1) use "ntp server" instead of "NTP peer" on the distribution routers to create a hierarchical structure.

2) do "show ntp as" on the distribution routers to confirm that they are synced to the core routers. If the disrib. routers are not synced, the access routers will not sync.


hclisschennai Sat, 05/23/2009 - 08:22

Hi Leon,

I changed the configuration as you adviced. clock of Access router is in sync now. But "show ntp status" commad output shows that it not synchronized.

Please look into the attachment.

Also, I donot understand why you asked me to configure "ntp server" instead of "NTP peer" on the distribution routers. My understanding on "ntp server" command is, it will synchronize the device where this command is configured with NTP server (may be the Master server) and will not act as server or provide clock to other devices.

Is this correct.

ldmccalla Sat, 05/23/2009 - 08:47

its my understanding that NTP SERVER xxxx tells the client that XXXX will most likely have a better time source while NTP PEER means that the client and the source will most likely have equal information. regardless of what is configured, the NTP algorithm will still run and set the stratum accordingly.

since you have Core->Distrib->Access. i just think its better to describe the upstream server as a server. you can tie your distribution routers together as peers if you want. That's what the peer command is for

Either way the problem you have is displayed on the access router with "reach = 0". The access router has not received a reply from the distrib. router for a while. its polling every 64 seconds and the last poll was 30 seconds ago.

I use NTP on all my devices (not just cisco routers). i don't see how people survive without it.

hclisschennai Sat, 05/23/2009 - 08:55


Thanks for your comments. Cisco literatures are saying that "ntp server x.x.x.x" coammand will get the clock from server x.x.x.x and will not act as server or provide clock to other devices

Is it so?

ldmccalla Sat, 05/23/2009 - 11:00

if the doc state things exactly like that then they must be talking only about the relationship between the two devices. ie if you have NTP SERVER XXXX in the config of client YYYY then YYYY can learn the time from XXXX and NOT the other way arround. NTP PEER is usually used when two machines/servers share the time with each other.

Richard Burts Sat, 05/23/2009 - 18:00

RBK asks:

"Cisco literatures are saying that "ntp server x.x.x.x" coammand will get the clock from server x.x.x.x and will not act as server or provide clock to other devices".

That is not correct. Any Cisco IOS device that has learned authoritative NTP time (including if it has larned NTP from ntp server) will pass NTP time along to other devices who request it.

I would be interested to have the link to where this quote is found. Either it is talking about something different or it is incorrect and should be corrected.

If you have configured the distribution router with ntp peer, and if the core router has not learned NTP time from the Internet then the core router will attempt to learn NTP time from the distribution router. That is the nature of "peer" relationships for NTP. In peer relationships either router can learn time from the other.

I would suggest that if you want the core router to learn NTP from the Internet that you not configure the core router with ntp master. It does not need ntp master to advertise time if it has learned NTP from the Internet. And I agree that for a good hierarchial NTP setup that the core should be configured with ntp server pointing to the Internet, that the distribution router should be configured with ntp server pointing to the core router, and that the access router should be configured with ntp server pointing to the distribution router.



Richard Burts Sat, 05/23/2009 - 18:11


After I posted my response I looked at the files that you posted. They show that the distribution router is synced with the core but that the access router is not synced with the distribution.

The access router and distribution router have communicated with each other (we know this especially because in the show ntp association the access router knows with what address the distribution router has learned time). But something is preventing the access router from sync with the distribution. We do not have enough information here to know why. Perhaps if you post the output of show ntp association detail we might find what the reason is.



hclisschennai Sat, 05/23/2009 - 22:21

Hi Rick,

I appreciate your response. It is very helpful.

I have configured the setup as you suggested as below




In distribution router: ntp server

In access router: ntp server

The clock is sync in all the routers. But in Access router when, "show ntp association details" is seen it is showing as " configured, insane, invalid,"

Pleas see the attachment. Thanks in advance

Just Kennie Sun, 05/24/2009 - 01:20

Well, from experience...it takes time for client to master synchronize. I will prefer you wait for a while...and debug too.

ldmccalla Sun, 05/24/2009 - 03:15

I'm going to go out on a limb here. Does your CORE router have internet access to stabilize its clock? are these congested serial links?

based on the distribution information, the NTP data received from core clock is varying more than 140ms in 8 samples. This being said, Distribution clock is probably varying too much for the Access clock to consider it a reliable source.

Given that all your routers are within 1 hop of each other you can have your access router sync directly to your core router to see how things look.

I have a few routers in a rack and they all sync to my server which has syncs to ntp.org. my routers show 1ms dispersion across the last 8 samples


hclisschennai Sun, 05/24/2009 - 03:38


I appreciate your involvement in providing the solution to the issue. Thanks.Does the delay matters? How you are calculating the dispersion.

And more over I am using IOS 12.3. In one of m router I am using 12.4, where I donot see the command syntax "ntp server a.b.c.d" instead it have syntax "ntp server vrf a.b.c.d".

I didn't configure vrf in the router. So I am not able to use this syntax. How to configure NTP in IOS 12.4.

thanks in advance


Richard Burts Sun, 05/24/2009 - 14:02


I have configured lots of routers running 12.4 to use NTP using the ntp server a.b.c.d command. It was my understanding that the vrf parameter was optional. Have you tried entering the ntp server a/b/c/d command on your 12.4 router? If it is not working could you post the screen output when you try to do it and the response that you receive?



hclisschennai Mon, 05/25/2009 - 01:42

Hi Rick

Please find the attached "show version" and "ntp server " command. You can see here that after "ntp server" i have option to enter only vrf info and not the ip address.


guruprasadr Mon, 05/25/2009 - 05:19


I have a 3640 Router in my Network with IOS: c3640-d-mz.122-31.bin

The Configuration register is 0x101

The NTP Server runs very well. Could you please check once again with the IOS and the 'Configuration register'

Hope you are in the Password Recovery Mode, could you please reset your Configuration register to 0x101 (or) 0x2102 (factory-default setting for the configuration register)

Please be informed, once router is reloaded, the new configuration register setting becomes active.

Hope I am Informative.


Best Regards,

Guru Prasad R

Richard Burts Mon, 05/25/2009 - 07:22


Thank you for posting the additional information that I suggested. I notice several things about it:

- there seems to be some issue about what caused it to boot (and perhaps whether it booted correctly):

System returned to ROM by unknown reload cause - suspect boot_data[BOOT_COUNT] 0


- the show version does not indicate any active interfaces. Either you left out part of the show version output or there is a real issue with how the router is operating. Can you clarify about this?

Even if entering the address of the ntp server does not show up as an option in help, what happens if you enter the address as the next parameter in the command (is it possible that there is a flaw in on line help)?



hclisschennai Mon, 05/25/2009 - 08:54

Hi Rick,

You spotted this correctly. I intentionally removed the cards details from the "show version" output.

Next, even if I enter the address of the NTP server, it is rejecting saying "invalid command".

It is not the problem for me now. I am ready to upgrage the IOS rather.


This Discussion