Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IPS not syncronizing with NTP

My IPS appliance is not synchronizing with the NTP, below are the logs that I am getting.

NTP Statistics
    =      remote           refid      st t when poll reach   delay   offset  jitter
    =  172.21.3.137    172.21.1.10      5 u  746 1024  377    1.409  -13801. 532.147
    = *LOCAL(0)        73.78.73.84      5 l    8   64  377    0.000    0.000   0.001
    = ind assID status  conf reach auth condition  last_event cnt
    =   1 20556  b0f4   yes   yes  none    reject   reachable 15
    =   2 20557  96f4   yes   yes  none  sys.peer   reachable 15
   status = Not Synchronized

........

Nov 20 21:53:37 sensor daemon.info ntpd[15975]: synchronized to 172.21.3.137, stratum=5
Nov 20 22:10:42 sensor daemon.info ntpd[15975]: synchronized to LOCAL(0), stratum=5
Nov 20 22:11:48 sensor daemon.info ntpd[15975]: synchronized to 172.21.3.137, stratum=5
Nov 20 22:27:35 sensor daemon.notice ntpd[15975]: time reset -3.797142 s
Nov 20 22:31:56 sensor daemon.info ntpd[15975]: synchronized to LOCAL(0), stratum=5
Nov 21 02:44:59 sensor daemon.info ntpd[15975]: synchronized to 172.21.3.137, stratum=5
Nov 21 03:02:05 sensor daemon.info ntpd[15975]: synchronized to LOCAL(0), stratum=5
Nov 21 03:10:38 sensor daemon.info ntpd[15975]: synchronized to 172.21.3.137, stratum=5
Nov 21 03:26:34 sensor daemon.notice ntpd[15975]: time reset -9.364510 s
Nov 21 03:30:58 sensor daemon.info ntpd[15975]: synchronized to LOCAL(0), stratum=5

...............

I tried changing the NTP server to other Cisco Devices, but still the IPS is not syncronizing with any NTP. How can I fix this.

Please help,

Thanks

7 REPLIES

Re: IPS not syncronizing with NTP

What version of IPS do you have? Is your NTP server a Cisco router? Could you please attach your IPS config and your NTP server configuration.

Please notice that IPS 6.x supports only Cisco routers as NTP servers.

New Member

Re: IPS not syncronizing with NTP

Thank you eduardoaliaga for replying,

The IPS version is 7.0(4)E4,  and we are using a Cisco router as the NTP server.

The IPS NTP configuration is attached. and NTP configuration on the router is

ntp source FastEthernet0/0
ntp master 10
ntp server 172.21.1.10
clock timezone AST 3

New Member

Re: IPS not syncronizing with NTP

Hello!

It seems that your problem is that your ips internal ntp server and ntp server at 172.21.3.137 both have the same ntp stratum - 5. From sent logs we see that your ips gets synchronized with both ntp servers:

Nov 20 21:53:37 sensor daemon.info ntpd[15975]: synchronized to 172.21.3.137, stratum=5
Nov 20 22:10:42 sensor daemon.info ntpd[15975]: synchronized to LOCAL(0), stratum=5
Nov 20 22:11:48 sensor daemon.info ntpd[15975]: synchronized to 172.21.3.137, stratum=5
Nov 20 22:27:35 sensor daemon.notice ntpd[15975]: time reset -3.797142 s


NTP stratum is like route metric - how far is your ntp server from a most accurate clock?(http://en.wikipedia.org/wiki/Network_Time_Protocol)

Please, try to set up ntp server 172.21.1.10 at you ips. This ntp server apparently will have 4 as ntp stratum.

With best regards

New Member

Re: IPS not syncronizing with NTP

Thanks mzimovets,

We even get the logs where 172.21.3.137 shows a stratum of 10, but the router is on the same network.

sensor daemon.info ntpd[15975]: synchronized to 172.21.3.137, stratum=10
sensor daemon.notice ntpd[15975]: time reset -8.712638 s
sensor daemon.info ntpd[15975]: synchronized to LOCAL(0), stratum=5

We had tried setting up 172.21.1.10 as NTP for the IPS, but still it is not syncronizing.

Re: IPS not syncronizing with NTP

So your router is 172.21.3.137, right? Your router don't need the command "ntp server 172.21.1.10".

By the way, what device have the IP 172.21.1.10 ? Do you have another NTP server besides 172.21.3.137 ?

Also, your configuration says router router have a stratum 10, and your logs says apparently there is another NTP server  with stratum 4.

Take into account that a NTP server with lower stratum is better.

New Member

Re: IPS not syncronizing with NTP

We had raised a Service Request with Cisco TAC for this issue. They have mentioned that it matches with Bug CSCtf02842 (details attached).

But the solution they mentioned did not help us.

New Member

IPS not syncronizing with NTP

folks

i have had similiar issues with a cople of aip-ssm cards not synchronising ntp to a non cisco ntp server

i tried a hw-module reset to sort it out but no joy

so far my only successful option has been to remove the ntp config on the aip-ssm and then reconfigure it

hope this helps

1221
Views
0
Helpful
7
Replies
CreatePlease to create content