Hello. This should be easy, but for some reason it is not....
Background: trying to configure NTP on a core switch. Edge ASA has NTP configured on it and it is working.
Issue: I cannot get core switch to synch NTP with either the ASA or the same NTP source ASA uses.
Configuration on ASA:
ntp server 184.108.40.206 source OUTSIDE prefer
ASA# sh ntp stat Clock is synchronized, stratum 2, reference is 220.127.116.11 nominal freq is 99.9984 Hz, actual freq is 100.0041 Hz, precision is 2**6 reference time is d04366ba.734ec938 (11:15:38.450 mdt Tue Sep 21 2010) clock offset is -17.3707 msec, root delay is 56.08 msec root dispersion is 36.09 msec, peer dispersion is 18.28 msec
ASA# sh ntp ass address ref clock st when poll reach delay offset disp *~18.104.22.168 .USNO. 1 6 64 377 56.4 -16.30 17.2 * master (synced), # master (unsynced), + selected, - candidate, ~ configured
Configuration on switch (directly connected to ASA):
ntp server 22.214.171.124 source GigabitEthernet6/1 prefer
4510#sh ntp stat Clock is unsynchronized, stratum 16, no reference clock nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18 reference time is D04363C5.AAFFBC27 (11:03:01.667 MDT Tue Sep 21 2010) clock offset is 0.0000 msec, root delay is 0.00 msec root dispersion is 0.02 msec, peer dispersion is 0.02 msec
On the switch if you want to sync with the ASA (assuming you can do this as i have never done it) then don't use the NTP server the ASA uses, you need to use an IP the switch can get to ie. the inside interface address of the ASA.
You can not use an ASA as a time source. The best practice is to have one of your routers to use a trusted time source then have all of your other network devices get time from it. The switch should be able to pull time from the public source. Do you see the NTP traffic traversing the firewall?
What I have since found out is that routers behind the switch can synch just fine with the NTP server, and the switch can synch just fine with any of those. But the switch still cannot synch directly with the NTP server.
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...