NTP not synching

Answered Question
Mar 11th, 2010
User Badges:

I'm trying to get NTP from my internal hosts to synch against a router on the edge.  I control all of the devices involved.

Currently, I have been able to get my switches in the DMZ to synch to the router but not my internal switches.


Following is the config from the Router:


ntp logging
ntp authentication-key 2 md5 ------- 7
ntp authenticate
ntp trusted-key 2
ntp source Loopback0
ntp update-calendar
ntp server 192.5.41.41
ntp server 192.5.41.42 prefer



Following is the config for my DMZ switch which is synching up:


ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2


Following is the config for my internal switch which is not synching up:


ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2


Following is the logging from my router:


044142: Mar 11 13:32:10.225 EST: NTP message received from 10.y.w.214 on interface 'Loopback0' (10.y.x.214).
044143: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: message received
044144: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
044145: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: doing fast answer to client.



NTP debugging from the inside switch:


006078: .Mar 11 13:33:07 EST:  Authentication key 2
006079: .Mar 11 13:33:07 EST:  Authentication key 2
006080: .Mar 11 13:33:25 EST:  Authentication key 2
006081: .Mar 11 13:33:25 EST:  Authentication key 2


I can watch this traffic traverse my network, it's like it gets to my switch and the switch just dismisses it.  Anyone got any input to this?  Any ideas?  I have been trying to figure this out for a while and getting nowhere fast.

Correct Answer by Martin Ermel about 7 years 2 months ago

NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Martin Ermel Thu, 03/11/2010 - 12:22
User Badges:
  • Blue, 1500 points or more

please post the output of the following 2 commands issued on the inside switch:

     sh ntp assoc

     sh ntp status

JONESJ007 Thu, 03/11/2010 - 12:56
User Badges:

CORE#show ntp stat
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2076 Hz, precision is 2**17
reference time is 00000000.00000000 (19:00:00.000 EST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec

CORE#show ntp assoc

      address         ref clock     st  when  poll reach  delay  offset    disp
~10.y.x.214     0.0.0.0          16     -    64    0     0.0    0.00  16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Correct Answer
Martin Ermel Thu, 03/11/2010 - 14:20
User Badges:
  • Blue, 1500 points or more

NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?

JONESJ007 Thu, 03/11/2010 - 15:51
User Badges:

Firewalled between interior and exterior.  Was looking at the traffic pass in and out and hitting the router.  Ping clued me in and I went back to check the routing tables - low and behold, no route in place.


Configured route, gave it a couple of minutes and bingo, bango, she's working.


Thanks for the sanity check!

Leo Laohoo Thu, 03/11/2010 - 14:21
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

What's the version of your IOS and is the NTP server a Linux client?

JONESJ007 Thu, 03/11/2010 - 15:16
User Badges:

Router is the server


Version of router: 12.4(24)T1


Version of switch:  Version 12.2(50)SE3

Actions

This Discussion

Related Content