NTP not synching

Answered Question
Mar 11th, 2010

I'm trying to get NTP from my internal hosts to synch against a router on the edge.  I control all of the devices involved.

Currently, I have been able to get my switches in the DMZ to synch to the router but not my internal switches.

Following is the config from the Router:

ntp logging
ntp authentication-key 2 md5 ------- 7
ntp authenticate
ntp trusted-key 2
ntp source Loopback0
ntp update-calendar
ntp server 192.5.41.41
ntp server 192.5.41.42 prefer

Following is the config for my DMZ switch which is synching up:

ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2

Following is the config for my internal switch which is not synching up:

ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2

Following is the logging from my router:

044142: Mar 11 13:32:10.225 EST: NTP message received from 10.y.w.214 on interface 'Loopback0' (10.y.x.214).
044143: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: message received
044144: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
044145: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: doing fast answer to client.

NTP debugging from the inside switch:

006078: .Mar 11 13:33:07 EST:  Authentication key 2
006079: .Mar 11 13:33:07 EST:  Authentication key 2
006080: .Mar 11 13:33:25 EST:  Authentication key 2
006081: .Mar 11 13:33:25 EST:  Authentication key 2

I can watch this traffic traverse my network, it's like it gets to my switch and the switch just dismisses it.  Anyone got any input to this?  Any ideas?  I have been trying to figure this out for a while and getting nowhere fast.

I have this problem too.
0 votes
Correct Answer by Martin Ermel about 6 years 9 months ago

NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Martin Ermel Thu, 03/11/2010 - 12:22

please post the output of the following 2 commands issued on the inside switch:

     sh ntp assoc

     sh ntp status

JONESJ007 Thu, 03/11/2010 - 12:56

CORE#show ntp stat
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2076 Hz, precision is 2**17
reference time is 00000000.00000000 (19:00:00.000 EST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec

CORE#show ntp assoc

      address         ref clock     st  when  poll reach  delay  offset    disp
~10.y.x.214     0.0.0.0          16     -    64    0     0.0    0.00  16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Correct Answer
Martin Ermel Thu, 03/11/2010 - 14:20

NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?

JONESJ007 Thu, 03/11/2010 - 15:51

Firewalled between interior and exterior.  Was looking at the traffic pass in and out and hitting the router.  Ping clued me in and I went back to check the routing tables - low and behold, no route in place.

Configured route, gave it a couple of minutes and bingo, bango, she's working.

Thanks for the sanity check!

Leo Laohoo Thu, 03/11/2010 - 14:21

What's the version of your IOS and is the NTP server a Linux client?

JONESJ007 Thu, 03/11/2010 - 15:16

Router is the server

Version of router: 12.4(24)T1

Version of switch:  Version 12.2(50)SE3

Actions

This Discussion

Related Content