Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NTP Clock

Hello Friends,

I m facing very strange issue with NTP, My core switches are 4506 and they are synchronizing with AD for time, though i have not specified any command to sync with AD.There is no NTP command in switch i have manually set the time purposely 1 hr behind the clock  after 10 to 15 min it picks up the correct time from AD.

I don't know why???? it is very strange for me.

Thanks

17 REPLIES
Cisco Employee

Re: NTP Clock

Hello,

Can you perhaps post your configuration? As far as I know, Catalyst switches do not synchronize their time until explicitly configured to. Also please post the output of the show ntp associations and show ntp status commands. Thanks!

Best regards,

Peter

Hall of Fame Super Gold

Re: NTP Clock

Peter,

Seems strange, but we cannot exclude some  interaction based on AD NTP broadcasts, causing the switch to adopt time.

http://technet.microsoft.com/en-us/library/cc773013%28WS.10%29.aspx

Perhaps an ACL could help in avoiding the undesired synchronization.

New Member

Re: NTP Clock

Hello,

Here is the output.

CS02#SHOW NTP ASSOC

      address         ref clock     st  when  poll reach  delay  offset    disp
*~127.127.7.1      127.127.7.1       2    42    64  377     0.0    0.00     0.0
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

CS02#SHOW NTP STATUS
Clock is synchronized, stratum 3, reference is 127.127.7.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19
reference time is D09C52AC.37091E20 (08:01:48.214 GST Sun Nov 28 2010)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec

Thanks

Cisco Employee

Re: NTP Clock

Hello,

There is definitely some explicit NTP configuration on your device. This output declares that the switch is configured as an NTP server and is providing NTP services to the network.

Can you post the entire configuration of the device (without, of course, sensitive data)?

Best regards,

Peter

Cisco Employee

Re: NTP Clock

Hello Paolo,

Absolutely agree - that's why I requested the configuration of the switch. But I assume that even for listening for AD time broadcasts, the switch would have to be configured explicitly, for example using the ntp broadcast client or ntp multicast client interface configuration command. I have not yet seen (though I am not sying that it is impossible) a switch without any explicit NTP configuration to "suddenly" synchronize its clock.

Best regards,

Peter

Hall of Fame Super Gold

Re: NTP Clock

For what we know there may be a bug filed and solved already.

If not, the matter should be given to the TAC.

Cisco Employee

Re: NTP Clock

Hello Paolo,

I haven't seen the configuration of the device yet. I do not have any basis to suppose that this is an IOS bug or a case that "deserves" the attention of a TAC specialist. I will wait for the OP to post the configuration and then we'll see.

Best regards,

Peter

Hall of Fame Super Gold

Re: NTP Clock

Per OP:

There is no NTP command in switch

May be it's my view, but in 18 years of working with Cisco products, I have seen so many bugs, that 1, 10 or 100 more do not surprise me a bit.

Cisco Employee

Re: NTP Clock

Hello Paolo,

Sure, I am not excluding the possibility of a bug per se. I am just trying to explore other possibilities before concluding that this is an errant behavior. I have also seen lots of bugs - surely not as many as you as you are working in the networking field considerably longer than me - and it would not surprise me neither, but I do not have enough reliable information to make any conclusion. If I stated that this is a bug basing on the scarce information available in this thread so far, I would be jumping to conclusions which is something I'd rather not do. Currently, I am not stating anything - I am just asking the OP to provide more information.

I find the OP's comment about "no NTP command present on the switch" somewhat suspicious and I'd like to verify that for myself (after all, the TAC person would do just the same). Note that the show ntp assoc produced an output that suggests that the switch is configured as NTP server (not default) with the stratum 3 (not default).

Best regards,

Peter

Hall of Fame Super Gold

Re: NTP Clock

I wouldn't configure Cisco appliance as an authoritative NTP server.

How to configure an authoritative time server in Windows XP

How to configure an authoritative time server in Windows Server

How to configure an authoritative time server in Windows 2000

Otherwise, use a dedicated NTP server that synchronizes itself using GPS.

Hall of Fame Super Gold

Re: NTP Clock

Leo, the point is that the OP does not want NTP, for whatever reason we are not called to judge.

Hall of Fame Super Gold

Re: NTP Clock

Leo, the point is that the OP does not want NTP, for whatever reason we are not called to judge.

Mea culpa. 

New Member

Re: NTP Clock

The IOS for swtich is System image file is "bootflash:cat4500e-entservices-mz.122-53.SG1.bin. After specifying the NTP commands on core,and treating core as a local time source still after 10 to 15 min it syn with AD time.

In switch there are no commands specifying AD as NTP source.

Here are the configs


Building configuration...

Current configuration : 22451 bytes
!
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service compress-config
service counters max age 10
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 8192

!

no aaa new-model
clock timezone GST 4
hw-module module 1 port-group 1 select gigabitethernet
hw-module module 1 port-group 2 select gigabitethernet
ip subnet-zero
ip domain-name XX
ip name-server 10.XX
ip name-server 10.XX
!
!
ip vrf mgmtVrf
!
!
power redundancy-mode redundant
!
!
!
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
spanning-tree backbonefast
!
spanning-tree mst configuration
instance 1 vlan 1-8, 13, 20-25, 30-38
instance 2 vlan 9-12, 14-19, 26-29, 39-49
!
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
!
vlan internal allocation policy ascending
!
!
!
!
ip route 0.0.0.0 0.0.0.0 10.XXXXX

no ip http server
!
!
!
logging trap notifications
logging source-interface Vlan6
logging 10.XXX
!
!
snmp-server community XXX
snmp-server trap-source Vlan6
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps ether-oam
snmp-server enable traps flash insertion removal
snmp-server enable traps power-ethernet police
snmp-server enable traps cpu threshold
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps port-security
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps energywise
snmp-server enable traps rtr
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps rf
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.XXX
!
line con 0
password
stopbits 1
line vty 0 4
password
login local
line vty 5 15
login
!
ntp logging
ntp source Vlan6
ntp master 3
ntp update-calendar
end

Thanks

New Member

Re: NTP Clock

I believe that in vlan 6 is an equipment set ntp sync with AD. Find the equipment that has ntp peer 127.127.7.1

Cisco Employee

Re: NTP Clock

Dartu,

Find the equipment that has ntp peer 127.127.7.1

No, that is not correct. This IP address is from the loopback IP address space 127.0.0.0/8. This merely means that the device is using its own internal clock as a synchronizing source.

I have to find out whether having a switch configured as an NTP server somehow also makes it to sync its time via AD.

Best regards,

Peter

New Member

Re: NTP Clock

Sry, you are right Peter

Hall of Fame Super Gold

Re: NTP Clock

[edited as  mistekenly posted]

1790
Views
0
Helpful
17
Replies
CreatePlease login to create content