Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2947
Views
12
Helpful
7
Replies

Nexus 3064 NTP Help

mkriss5681
Level 1
Level 1

‎03-12-2012 07:20 AM - edited ‎03-07-2019 05:30 AM

I'm having a little trouble setting up NTP on our new Nexus 3064s. We are using a local Meinberg M300 as our server and the Nexus 3064 as a client. Before I submitted a TAC I was wondering if the community would mind double checking what I have.

One major issue I've come across is that the Nexus 3064 will only take a 8 character NTP passphrase. We normally use a 32 char MD5 string. I setup a new 8 char passphrase on our Meinberg M300.

I am not using fabric extenders or distribution to other Nexuses. I am using an interface vlan as our management interface per our current network setup. I am using a VRF. Sorry, we use some public IPs so all IPs are xxx'ed out.

Thanks for ther help!

Here is my config:

ntp server xxx.xxx.xxx.xxx prefer use-vrf myMgmtVFR key 20

ntp source-interface  VlanX

ntp authenticate

ntp authentication-key 20 md5 "password" 7

ntp trusted-key 20

ntp logging

I issue the "clock protocol ntp" command but it does not seem to stick in the running config.

Here are some show commands:

(config)# show ntp session status

Last Action Time Stamp     : Mon Mar 12 09:24:05 2012

Last Action                : Commit

Last Action Result         : Fail

Last Action Failure Reason : ntp(0x40370035)- Fabric Distribution not enabled for NTP

(config)# show ntp statistics peer ipaddr xxx.xxx.xxx.xxx

remote host:          xxx.xxx.xxx.xxx (correct IP)

local interface:      Unresolved (unresolved bothers me)

time last received:   23s

time until next send: 12s

reachability change:  695s

packets sent:         27

packets received:     0

bad authentication:   0

bogus origin:         0

duplicate:            0

bad dispersion:       0

bad reference time:   0

candidate order:      0

Source interface:     xxx.xxx.xxx.xxx (correct interface IP)

(config)# show ntp peers

--------------------------------------------------

  Peer IP Address               Serv/Peer         

--------------------------------------------------

xxx.xxx.xxx.xxx               Server (configured)

(config)# show ntp peer-status

Total peers : 1

* - selected for sync, + -  peer mode(active),

- - peer mode(passive), = - polled in client mode

    remote               local                 st   poll   reach delay

------------------------------------------------------------------------

=xxx.xxx.xxx.xxx         0.0.0.0                16   16       0   0.00000

# show logging | inc ntp

ntp                     2                       2

2012 Mar 12 10:25:22 HOSTNAME ntpd[4513]: ntp:sendto(xxx.xxx.xxx.xxx): No such device or address

# ping xxx.xxx.xxx.xxx vrf myMgmtVFR

PING xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx): 56 data bytes

64 bytes from xxx.xxx.xxx.xxx: icmp_seq=0 ttl=62 time=1.285 ms

64 bytes from xxx.xxx.xxx.xxx: icmp_seq=1 ttl=62 time=0.772 ms

64 bytes from xxx.xxx.xxx.xxx: icmp_seq=2 ttl=62 time=0.654 ms

64 bytes from xxx.xxx.xxx.xxx: icmp_seq=3 ttl=62 time=0.774 ms

64 bytes from xxx.xxx.xxx.xxx: icmp_seq=4 ttl=62 time=0.653 ms

# ntp sync-retry

HOSTNAME# 2012 Mar 12 10:22:00.429575 ntp: ntp_process_mts_msg: Opcode received: MTS_OPC_NTP_RETRY_REQ

2012 Mar 12 10:22:00.429832 ntp: Successfully sent SIGKILL to ntpd

2012 Mar 12 10:22:00.430072 ntp: Sending cmi response with return_code = 0x0

2012 Mar 12 10:22:00.430282 ntp: setting global CMI msg req to NULL

2012 Mar 12 10:22:00.431828 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 7632

2012 Mar 12 10:22:00.432654 ntp: ntp_sigchld_wait_and_fetch_status: Got a SIGCHLD from pid : 7632

2012 Mar 12 10:22:00.432860 ntp: ntp_sigchld_wait_and_fetch_status: NTPD PID is 7632

2012 Mar 12 10:22:00.433063 ntp: ntp_sigchld_wait_and_fetch_status: Child exited due a signal, status 9

2012 Mar 12 10:22:00.433268 ntp: ntp_sigchld_wait_and_fetch_status: Child exited with status 0

2012 Mar 12 10:22:00.447248 ntp: ntp_spawn_ntpd: Command: killall ntpd failed with return code 256, errno: 4

2012 Mar 12 10:22:00.447510 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of -1

2012 Mar 12 10:22:00.447716 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() failed. No child exited, Errno = 10

2012 Mar 12 10:22:00.453463 ntp: ntp_spawn_ntpd: Parent gets the pid of child: 0

2012 Mar 12 10:22:00.455157 ntp: ntp_spawn_ntpd: Parent gets the pid of child: 7825

2012 Mar 12 10:22:00.455425 ntp: ntp_openhost: connecting to local address 0x100007f

2012 Mar 12 10:22:00.456290 ntp: getnetnum: Obtaining ip for host localhost

2012 Mar 12 10:22:00.456546 ntp: getnetnum: Trying a DNS query before mgmt 0 is up

2012 Mar 12 10:22:00.456751 ntp: ntp_open_events_socket: TO BIND address 2

2012 Mar 12 10:22:00.468321 ntp: ntp_doquery: sendrequest, num attempts = 30

2012 Mar 12 10:22:05.478278 ntp: getresponse: select timed out, nothing received

2012 Mar 12 10:22:05.498271 ntp: ntp_doquery: sendrequest, num attempts = 29

2012 Mar 12 10:22:05.538251 ntp: ntp_doquery: sendrequest, num attempts = 30

2012 Mar 12 10:22:05.578271 ntp: ntp_doquery: sendrequest, num attempts = 30

2012 Mar 12 10:22:05.618253 ntp: ntp_doquery: sendrequest, num attempts = 30

2012 Mar 12 10:22:05.638497 ntp: getnetnum: Obtaining ip for host localhost

2012 Mar 12 10:22:05.638752 ntp: getnetnum: Trying a DNS query before mgmt 0 is up

2012 Mar 12 10:22:05.658302 ntp: ntp_doquery: sendrequest, num attempts = 30

2012 Mar 12 10:22:05.679460 ntp: ntp_config_source_for_sync_retry: Reconfiguring Source IP for ntp sync-retry

2012 Mar 12 10:22:05.698241 ntp: ntp_doquery: sendrequest, num attempts = 30

2012 Mar 12 10:22:05.720703 ntp: ntp_config_source_intf_for_sync_retry: Reconfiguring Source interface for ntp sync-retry

2012 Mar 12 10:22:05.738532 ntp: ntp_doquery: sendrequest, num attempts = 30

2012 Mar 12 10:22:05.759305 ntp: ntp_pss_save_source_interface: 24 bytes sent for CFG_TYPE_NTP_SRC_INTF sync

# show ver

Cisco Nexus Operating System (NX-OS) Software

TAC support: http://www.cisco.com/tac

Copyright (c) 2002-2012, Cisco Systems, Inc. All rights reserved.

The copyrights to certain works contained herein are owned by

other third parties and are used and distributed under license.

Some parts of this software are covered under the GNU Public

License. A copy of the license is available at

http://www.gnu.org/licenses/gpl.html.

Software

  BIOS:      version 2.4.0

  loader:    version N/A

  kickstart: version 5.0(3)U3(1)

  system:    version 5.0(3)U3(1)

  power-seq: Module 1: version v4.1

  BIOS compile time:       08/29/2011

  kickstart image file is: bootflash:/n3000-uk9-kickstart.5.0.3.U3.1.bin

  kickstart compile time:  2/28/2012 16:00:00 [02/28/2012 20:01:58]

  system image file is:    bootflash:/n3000-uk9.5.0.3.U3.1.bin

  system compile time:     2/28/2012 16:00:00 [02/28/2012 20:58:39]

Hardware

  cisco Nexus3064 Chassis ("48x10GE + 16x10G/4x40G Supervisor")

  Intel(R) Celeron(R) CPU      with 4007284 kB of memory.

  Processor Board ID JAF1523CGKT

  Device name: 400-128-NX-1

  bootflash:    2007040 kB

Kernel uptime is 0 day(s), 0 hour(s), 44 minute(s), 15 second(s)

Last reset at 667819 usecs after  Mon Mar 12 10:23:12 2012

  Reason: Reset Requested by CLI command reload

  System version: 5.0(3)U3(1)

  Service:

plugin

  Core Plugin, Ethernet Plugin

Labels:
0 Helpful
7 Replies 7

Leo Laohoo
Hall of Fame
Hall of Fame

‎03-12-2012 05:31 PM

What happens if you remove the encryption.  Use the "ntp server 1.2.3.4" only.

mkriss5681
Level 1
Level 1
In response to Leo Laohoo

‎03-12-2012 05:43 PM

I have to verify with a coworker it will work unencrypted but thats a great idea. I'll try that next.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to mkriss5681

‎03-12-2012 09:19 PM 

I have to verify with a coworker it will work unencrypted but thats a great idea. I'll try that next.

Hmmmm ... Maybe I should've been clearer.

My statement of running without any encryption is just a TEST.  I want to determine, as simple as possible (by removing non-essential lines), if simple NTP lines will or will not work.  It the lines work without configuration, then you narrow down where the issue is.

mkriss5681
Level 1
Level 1
In response to Leo Laohoo

‎03-13-2012 05:36 AM

So this morning I tried a few things. The first is I put a similar config on a 3560 with the new sort NTP keyphrase and it synced. Second I tried unencrypted with the 3560 and it also worked.

On the Nexus 3064 I tried unencrypted and it did not work. This leads me to believe it is another NX-OS bug. I'll be opening a TAC Case.

Thank you for your advice.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to mkriss5681

‎03-13-2012 02:24 PM

Have you tried the command "NTP commit"?

Another thing, I'm not sure if this is related to Bug CSCtt17080.

mkriss5681
Level 1
Level 1
In response to Leo Laohoo

‎03-13-2012 03:27 PM

I did mess around with trying NTP with distribution on and off. I'll admit, only having limited experiences with NXOS and only having hands on experience with the 3064, my knowledge of redistribution is limited at best. I ran ntp distribute followed by ntp commit and it still did not sync.

Good find on the bug ticket. Its for the 7ks but its a very similar issue. I do have an output from sh ntp peers unlike that bug, but I am using a non-default VRF which could be the cause. I'll have to try to get NTP to work on a fresh config with the default VFR and see if that works.

Thanks again for the great advice.

0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame
In response to mkriss5681

‎03-13-2012 03:44 PM 

I'll admit, only having limited experiences with NXOS and only having hands on experience with the 3064

Me too.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card