cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
12252
Views
0
Helpful
6
Replies

NTP not synching

JONESJ007
Level 1
Level 1

I'm trying to get NTP from my internal hosts to synch against a router on the edge.  I control all of the devices involved.

Currently, I have been able to get my switches in the DMZ to synch to the router but not my internal switches.

Following is the config from the Router:

ntp logging
ntp authentication-key 2 md5 ------- 7
ntp authenticate
ntp trusted-key 2
ntp source Loopback0
ntp update-calendar
ntp server 192.5.41.41
ntp server 192.5.41.42 prefer

Following is the config for my DMZ switch which is synching up:

ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2

Following is the config for my internal switch which is not synching up:

ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2

Following is the logging from my router:

044142: Mar 11 13:32:10.225 EST: NTP message received from 10.y.w.214 on interface 'Loopback0' (10.y.x.214).
044143: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: message received
044144: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
044145: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: doing fast answer to client.

NTP debugging from the inside switch:

006078: .Mar 11 13:33:07 EST:  Authentication key 2
006079: .Mar 11 13:33:07 EST:  Authentication key 2
006080: .Mar 11 13:33:25 EST:  Authentication key 2
006081: .Mar 11 13:33:25 EST:  Authentication key 2

I can watch this traffic traverse my network, it's like it gets to my switch and the switch just dismisses it.  Anyone got any input to this?  Any ideas?  I have been trying to figure this out for a while and getting nowhere fast.

1 Accepted Solution

Accepted Solutions

NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?

View solution in original post

6 Replies 6

Martin Ermel
VIP Alumni
VIP Alumni

please post the output of the following 2 commands issued on the inside switch:

     sh ntp assoc

     sh ntp status

CORE#show ntp stat
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2076 Hz, precision is 2**17
reference time is 00000000.00000000 (19:00:00.000 EST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec

CORE#show ntp assoc

      address         ref clock     st  when  poll reach  delay  offset    disp
~10.y.x.214     0.0.0.0          16     -    64    0     0.0    0.00  16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?

Firewalled between interior and exterior.  Was looking at the traffic pass in and out and hitting the router.  Ping clued me in and I went back to check the routing tables - low and behold, no route in place.

Configured route, gave it a couple of minutes and bingo, bango, she's working.

Thanks for the sanity check!

Leo Laohoo
Hall of Fame
Hall of Fame

What's the version of your IOS and is the NTP server a Linux client?

Router is the server

Version of router: 12.4(24)T1

Version of switch:  Version 12.2(50)SE3

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco