cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4122
Views
0
Helpful
10
Replies

NTP setup

lubosbella
Level 1
Level 1

Hi,

my customer has following NTP setup:

On C6500:

....

ntp clock-period 17180036

ntp source Vlan1

ntp master 2

ntp update-calendar

ntp peer 195.146.147.3 prefer

on ASA:

....

ntp server 217.118.109.178 source Outside prefer

I made same show commands to view current status:

C6500:

Central-C6506-E#show ntp status

Clock is synchronized, stratum 2, reference is 127.127.7.1

nominal freq is 250.0000 Hz, actual freq is 249.9975 Hz, precision is 2**18

reference time is CDECBB11.66582776 (16:47:45.399 GMT Wed Jun 24 2009)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.02 msec, peer dispersion is 0.02 msec

--------------

Central-C6506-E#show ntp associations

address ref clock st when poll reach delay offset disp

*~127.127.7.1 .LOCL. 1 55 64 377 0.0 0.00 0.0

~195.146.147.3 0.0.0.0 16 - 1024 0 0.0 0.00 16000.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

---------------

Central-C6506-E#show clock detail

16:48:46.860 GMT Wed Jun 24 2009

Time source is NTP

Summer time starts 02:00:00 GMT Sun Mar 29 2009

Summer time ends 03:00:00 GMT Sun Oct 25 2009

on ASA:

ASA# show ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 99.9984 Hz, actual freq is 100.0188 Hz, precision is 2**6

reference time is cd7dafda.e4f5dbf6 (11:18:18.894 CEDT Wed Apr 1 2009)

clock offset is -2.3843 msec, root delay is 0.50 msec

root dispersion is 52.11 msec, peer dispersion is 22.64 msec

--------------------

ASA# show ntp associations

address ref clock st when poll reach delay offset disp

~217.118.109.178 194.160.23.2 2 84d 64 0 -0.0 -2.38 16000.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

--------------------

ASA# show clock detail

16:46:11.870 CEDT Wed Jun 24 2009

Time source is NTP

Summer time starts 02:00:00 CEST Sun Mar 29 2009

Summer time ends 03:00:00 CEDT Sun Oct 25 2009

Then i made clock comparison:

Real time was: 16:37:30

On C6500:

Central-C6506-E#show clock

16:41:46.716 GMT Wed Jun 24 2009

On ASA:

ASA# show clock

16:38:36.094 CEDT Wed Jun 24 2009

So the time on ASA is shifted front to one minute and on C6500 four minutes.

My questions:

Whats are reasons that the time is shifted?

How to setup time/change actual setting that the time will be right on this machines?

Many thanks.

2 Accepted Solutions

Accepted Solutions

the c6500 will be 1 hop away from an authoritive ntp source (stratum 1) and will therefore be stratum 2. any internal devices that use the c6500 as an ntp server will be stratum 3 and so on.

its essentially a hierarchical structure with the authoritative ntp source at the top - the url in my previous post explains it better.

View solution in original post

I get the feeling that Lubos is looking at the issue believing that a device is either an NTP client or it is an NTP server. The way that Cisco implements NTP is that once a device has learned NTP time from an authoritative source (acting as a client) then the device will act as a server to other devices in the network. What Andrew is suggesting is generally considered as best practice in setting up NTP.

HTH

Rick

HTH

Rick

View solution in original post

10 Replies 10

Lubos,

ASA# show ntp status

Clock is unsynchronized

This would be a reason why. To make sure that you allow the ip address of outside interface on ASA to access the NTP server,217.118.109.178. To make sure that this server,217.118.109.178 is running well.

HTH,

Toshi

Thank,

ntp server on address 217.118.109.178 was down so i configure new one.

So ASA is synchronized, but c6500 is not synchronized from ASA (195.146.147.3 is linux server).

If im right, c6500 is providing clock himself for all others devices on network (Clock is synchronized, stratum 2, reference is 127.127.7.1 - ntp master 2).

So how to set up right time? ... manualy set time on c6500 by clock command?

clock set xx.xx.xxxx .... ?

Thanks,

Nobody can help?

yes - looks like c6500 is providing clock itself. see

http://www.cisco.com/en/US/products/sw/iosswrel/ps1818/products_tech_note09186a008015bb3a.shtml#differences

why don't you sync the c6500 with same external ntp source as the asa?

Because it is a customer system and i can't to change actual philosophy.

I want to synchronize it with external server but if i am right c6500 is always synchronized with himself at first.

C6506-E#show ntp associations

address ref clock st when poll reach delay offset disp

*~127.127.7.1 .LOCL. 1 55 64 377 0.0 0.00 0.0

~195.146.147.3 0.0.0.0 16 - 1024 0 0.0 0.00 16000.

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

So how to setup c6500 that will be synchronized from external internet server and at the same time provide clock synchronization for all other devices on network?

Thanks.

your 6500 config is currently setup not to use an external ntp source - see the following url for best practice and designs:

http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a0080117070.shtml

to get the c6500 to sync with an external ntp source:

no ntp master 2

ntp server

you can then sync your internal network devices to the c6500.

Ok,

but if i do this then c6500 will not be a master clock to which peers synchronize themselves? - because c6500 wil not be longer a stratum 2 NTP server, it will act as a client like each other device on network....

Thats right?

Thanks.

the c6500 will be 1 hop away from an authoritive ntp source (stratum 1) and will therefore be stratum 2. any internal devices that use the c6500 as an ntp server will be stratum 3 and so on.

its essentially a hierarchical structure with the authoritative ntp source at the top - the url in my previous post explains it better.

I get the feeling that Lubos is looking at the issue believing that a device is either an NTP client or it is an NTP server. The way that Cisco implements NTP is that once a device has learned NTP time from an authoritative source (acting as a client) then the device will act as a server to other devices in the network. What Andrew is suggesting is generally considered as best practice in setting up NTP.

HTH

Rick

HTH

Rick

Thank you very much - problem is solved.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: