Solved: ntp is not working in nexus 5500

Majed Zouhairy · ‎09-02-2015

hello, i have a cisco switch connected to nexus 5500 which is synchronizing with the ntp server but the nexus is not.

here is the ntp configuration.

ntp server 10.1.32.3 key 1
ntp server 10.1.32.4 key 1
ntp source-interface loopback0
ntp authenticate
ntp authentication-key 1 md5 hidden 7
ntp trusted-key 1

interface loopback0
description Management
ip address 10.1.32.1/32

(config)# ping 10.1.32.3 vrf management
PING 10.1.32.3 (10.1.32.3): 56 data bytes
64 bytes from 10.1.32.3: icmp_seq=0 ttl=253 time=0.733 ms
64 bytes from 10.1.32.3: icmp_seq=1 ttl=253 time=0.797 ms
64 bytes from 10.1.32.3: icmp_seq=2 ttl=253 time=0.909 ms
64 bytes from 10.1.32.3: icmp_seq=3 ttl=253 time=0.923 ms
64 bytes from 10.1.32.3: icmp_seq=4 ttl=253 time=0.902 ms

(config)# ping 10.1.32.4
PING 10.1.32.4 (10.1.32.4): 56 data bytes
64 bytes from 10.1.32.4: icmp_seq=0 ttl=254 time=1.271 ms
64 bytes from 10.1.32.4: icmp_seq=1 ttl=254 time=2.409 ms
64 bytes from 10.1.32.4: icmp_seq=2 ttl=254 time=2.457 ms
64 bytes from 10.1.32.4: icmp_seq=3 ttl=254 time=2.487 ms
64 bytes from 10.1.32.4: icmp_seq=4 ttl=254 time=2.467 ms

output from debug ntp all:

2015 Sep 2 14:58:11.016496 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 27071
2015 Sep 2 14:58:11.017354 ntp: ntp_sigchld_wait_and_fetch_status: Non-ntp child exited ! Dont care !
2015 Sep 2 14:58:27.064185 ntp: Sending Time of day upd to standby
2015 Sep 2 14:59:57.064168 ntp: Sending Time of day upd to standby

what could be the problem?

Steve Fuller · ‎09-04-2015

Hi,

The output of the show ntp peer-status looks correct and the * indicates that time will be sync'd from the server 10.1.32.4.

The command show ntp status is for another purpose. According to the command reference it "shows whether Cisco Fabric Services (CFS) is enabled or disabled for the NTP application and whether a fabric lock is in place because a configuration is in progress". NTP distribution is discussed in the NTP CFS Distribution of the configuration guide.

Regards

View solution in original post

Naveen Venkateshaiah · ‎09-02-2015

Hi,

Was this setup working earlier or its new?

Can you double check your MD5 Password?

Regards,

Naveen

Majed Zouhairy · ‎09-02-2015

it's a new setup.

the md5 password is the same entered in clear text but when viewing in running config, it appears different between the router and the nexus

Steve Fuller · ‎09-03-2015

Hi,

When you ping you're specifying the management vrf, which means you would need to specify the VRF for NTP using the command ntp server <address> key 1 use-vrf management.

Regards

Majed Zouhairy · ‎09-03-2015

earlier i tried to synchronize with another ntp server which i could not ping, but now i allowed ip to him.

here is the new configuration:

ntp server 172.18.2.7 use-vrf management key 1
ntp source-interface mgmt0
ntp authenticate
ntp authentication-key 1 md5 qaxqsny 7
ntp trusted-key 1

(config)# ping 172.18.2.7 vrf management
PING 172.18.2.7 (172.18.2.7): 56 data bytes
64 bytes from 172.18.2.7: icmp_seq=0 ttl=61 time=1.721 ms
64 bytes from 172.18.2.7: icmp_seq=1 ttl=61 time=1.195 ms
64 bytes from 172.18.2.7: icmp_seq=2 ttl=61 time=3.462 ms
64 bytes from 172.18.2.7: icmp_seq=3 ttl=61 time=2.018 ms
64 bytes from 172.18.2.7: icmp_seq=4 ttl=61 time=1.692 ms

2015 Sep 3 11:08:12.016479 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 9856
2015 Sep 3 11:08:12.017335 ntp: ntp_sigchld_wait_and_fetch_status: Non-ntp child exited ! Dont care !

Pri-DC-Core-1(config)# 2015 Sep 3 11:09:02.741675 ntp: Sending Time of day upd to standby

now the status code is different. if the problem is with authentication, then why doesn't debug say so?i therefore assume it isn't with authentication.

Majed Zouhairy · ‎09-03-2015

according to https://learningnetwork.cisco.com/thread/48979

there is a bug in nexus os.

in order to set

clock protocol ntp

you have to first set

clock protocol none

i checked show ntp peer-status and found one reachable server:

sh ntp peer-status
Total peers : 2
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode
    remote               local                 st   poll   reach delay   vrf
-------------------------------------------------------------------------------
=172.18.2.7             10.1.34.224            16   64       0   0.00000 management
*10.1.32.4              10.1.34.224             4   64     377   0.00084 management

so i configured the reachable server as an ntp server.

after correctly setting the time zone, the clock shows the right time without having reseted it.

except that :

# sh ntp status
Distribution : Disabled
Last operational state: No session

however,

# sh ntp statistics local
system uptime:          57608
time since reset:       57608
old version packets:    4323
new version packets:    0
unknown version number: 0
bad packet format:      0
packets processed:      3428
bad authentication:     0
Pri-DC-Core-1#

debug shows the following:

although the message:

2015 Sep 4 09:22:50.016437 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 26565
2015 Sep 4 09:22:50.016810 ntp: ntp_sigchld_wait_and_fetch_status: Non-ntp child exited ! Dont care !

still exists but, now i get,

09:23:26.252163 ntp: get_control_msg: Got a valid ntp control pkt

could it be that nexus is synchronizing without showing that in the status?

Steve Fuller · ‎09-04-2015

Hi,

The output of the show ntp peer-status looks correct and the * indicates that time will be sync'd from the server 10.1.32.4.

The command show ntp status is for another purpose. According to the command reference it "shows whether Cisco Fabric Services (CFS) is enabled or disabled for the NTP application and whether a fabric lock is in place because a configuration is in progress". NTP distribution is discussed in the NTP CFS Distribution of the configuration guide.

Regards

Majed Zouhairy · ‎09-04-2015

thanks for clearing things up :)