Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

NTP issue

Hi,

I have a strange issue with a client who has a cisco based network. They have a catalyst 2900 switch and a Pix 515 firewall. The issue is that if a windows machine tries to syn its time up with any internet time provider it fails and never syncs. I have read through the config for both the catalyst switch and the pix firewall and there are no ACL's blocking UTP access. NAT is enabled for all networks behind the pix and I can get internet on all machines behind the pix. There are no acl's whatsoever on the PIX and I read that by default it will allow internal clients outbound on all ports. The switch does have acl's but allow ip any any across vlans. It is very strange. The only thing I did find is that the catalyst is the NTP master. I kind of wondered if because it is the NTP master and a client machine is trying to sync with an external time source that the catalyst sees this and discards the packet.

Would anyone have any ideas?

Many thanks,

Paul

3 REPLIES
Cisco Employee

Re: NTP issue

What version is your PIX firewall? Are you seeing the NTP traffic from your client towards the Internet NTP server traversing through the PIX? You might want to do a packet capture on the PIX interface to see if the traffic is actually coming into the firewall.

Community Member

Re: NTP issue

hi,

thanks for the response. The pix is running firmware 6.3. Unfortunately I can't get to the switch for a few days as its a remote site. I was just wondering if there was somthing with NTP master that perhaps might block it. here are the configs...

PIX...

ip address outside xxxxx 255.255.255.248
ip address inside 192.168.60.254 255.255.255.0
ip audit info action alarm
ip audit attack action alarm
ip local pool VPN-xx-POOL 192.168.254.1-192.168.254.14
ip local pool VPN-xx-POOL 192.168.254.17-192.168.254.30
ip local pool VPN-xxL-POOL 192.168.254.33-192.168.254.46
ip local pool VPN-xx-POOL 192.168.254.49-192.168.254.62
pdm history enable
arp timeout 14400
global (outside) 1 interface
nat (inside) 0 access-list NO_NAT
nat (inside) 1 0.0.0.0 0.0.0.0 0 0
static (inside,outside) xxxx 192.168.45.11 netmask 255.255.255.255 0 0
access-group OUTSIDE-ACCESS-IN in interface outside
router ospf 1
  network 192.168.60.0 255.255.255.0 area 1
  log-adj-changes
  default-information originate
route outside 0.0.0.0 0.0.0.0 87.127.61.57 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 rpc 0:10:00 h225 1:00:00
timeout h323 0:05:00 mgcp 0:05:00 sip 0:30:00 sip_media 0:02:00
timeout sip-disconnect 0:02:00 sip-invite 0:03:00
timeout uauth 0:05:00 absolute
aaa-server TACACS+ protocol tacacs+
aaa-server TACACS+ max-failed-attempts 3
aaa-server TACACS+ deadtime 10
aaa-server RADIUS protocol radius
aaa-server RADIUS max-failed-attempts 3
aaa-server RADIUS deadtime 10
aaa-server LOCAL protocol local
http server enable
http xxxx 255.255.255.224 outside
http 192.168.60.0 255.255.255.0 inside
http 192.168.100.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server community public
no snmp-server enable traps
floodguard enable
sysopt connection permit-ipsec
crypto ipsec transform-set REMOTE esp-3des esp-sha-hmac
crypto dynamic-map DYNAMICMAP 10 set transform-set REMOTE
crypto map VPN 100 ipsec-isakmp dynamic DYNAMICMAP
crypto map VPN client authentication LOCAL
crypto map VPN interface outside
isakmp enable outside
isakmp identity address
isakmp nat-traversal 20
isakmp policy 10 authentication pre-share
isakmp policy 10 encryption 3des
isakmp policy 10 hash sha
isakmp policy 10 group 2
isakmp policy 10 lifetime 86400
vpngroup REMOTE address-pool VPN-GENERAL-POOL
vpngroup REMOTE dxx
vpngroup REMOTE idle-time 1800
telnet 192.168.60.0 255.255.255.0 inside
telnet 192.168.100.0 255.255.255.0 inside
telnet timeout 5
ssh 195.224.109.64 255.255.255.240 outside
ssh 78.33.22.160 255.255.255.224 outside
ssh timeout 5
console timeout 0

Cisco Catalyst....


version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service compress-config
!

!

no aaa new-model
qos dbl
qos map dscp 24 25 26 27 28 29 30 31 to tx-queue 4
qos map dscp 32 33 34 35 36 37 38 39 to tx-queue 4
qos map cos 3 to dscp 26
qos map cos 5 to dscp 46
qos
ip subnet-zero
no ip domain-lookup
ip dhcp excluded-address 192.168.100.1 192.168.100.200
ip dhcp excluded-address 192.168.100.210 192.168.100.254
!
ip dhcp pool MANAGEMENT
   network 192.168.100.0 255.255.255.0
   default-router 192.168.100.1
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 10,20,30,40,50,100 priority 4096
power redundancy-mode redundant
!
!
!
vlan internal allocation policy ascending
!
class-map match-any CLASS-VIDEO-OUTPUT
  match ip dscp cs4
class-map match-all CLASS-DOORS
  match access-group name QOS-ACL-DOORS
class-map match-all CLASS-CAMERAS
  match access-group name QOS-ACL-CAMERAS
class-map match-all CLASS-VoIP-Control
  match access-group name QOS-ACL-VoIP-Control
class-map match-any CLASS-DATA-OUTPUT
  match ip dscp af11
class-map match-any CLASS-MANAGEMENT-OUTPUT
  match ip dscp cs2
class-map match-any CLASS-VOIP-OUTPUT
  match ip dscp ef
  match ip dscp cs3
class-map match-any CLASS-CRITICAL-OUTPUT
  match ip dscp af31
class-map match-all CLASS-MANAGEMENT
  match access-group name QOS-ACL-MANAGEMENT
class-map match-all CLASS-DATA
  match access-group name QOS-ACL-DATA
class-map match-all CLASS-VoIP-RTCP
  match access-group name QOS-ACL-VoIP-RTCP
class-map match-all CLASS-CALLPOINTS
  match access-group name QOS-ACL-CALLPOINTS
!
!
policy-map autoqos-voip-policy
  class class-default
    dbl
!
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet2/1
description LINK TO CAB1
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   bandwidth percent 33
   priority high
   shape percent 33
!
interface GigabitEthernet2/2
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   bandwidth percent 33
   priority high
   shape percent 33
!
interface GigabitEthernet2/3
description LINK TO CAB3
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/4
description LINK TO CAB4
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/5
description LINK TO CAB5
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/6
description LINK TO CAB6
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/7
description LINK TO CAB7
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/8
description LINK TO CAB8
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/9
description LINK TO CAB9
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/10
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/11
switchport trunk native vlan 100
switchport mode access
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/12
switchport trunk native vlan 100
switchport mode access
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/13
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/14
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/15
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/16
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/17
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet2/18
switchport trunk native vlan 100
switchport mode trunk
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet3/1
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/2
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/3
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/4
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/5
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/6
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/7
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/8
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/9
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/10
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/11
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/12
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/13
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/14
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/15
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/16
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/17
switchport trunk encapsulation dot1q
switchport trunk native vlan 100
switchport mode trunk
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface GigabitEthernet3/18
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/19
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/20
switchport access vlan 40
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
duplex full
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/21
switchport access vlan 60
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/22
switchport access vlan 30
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/23
switchport access vlan 30
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface GigabitEthernet3/24
switchport access vlan 30
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
spanning-tree portfast
!
interface FastEthernet4/1
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/2
switchport access vlan 45
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/3
switchport access vlan 45
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/4
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/5
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/6
switchport access vlan 40
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/7
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/8
switchport access vlan 18
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/9
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/10
switchport access vlan 40
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/11
switchport access vlan 40
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/12
switchport access vlan 40
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/13
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/14
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/15
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/16
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/17
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/18
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/19
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/20
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/21
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/22
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/23
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/24
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/25
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/26
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/27
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/28
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/29
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/30
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/31
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/32
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/33
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/34
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/35
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/36
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/37
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/38
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/39
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/40
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/41
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/42
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/43
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/44
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/45
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/46
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/47
switchport access vlan 100
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface FastEthernet4/48
switchport access vlan 10
switchport mode access
switchport voice vlan 30
service-policy output autoqos-voip-policy
qos trust device cisco-phone
qos trust cos
auto qos voip cisco-phone
tx-queue 3
   priority high
   shape percent 33
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan18
no ip address
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
interface Vlan30
ip address 192.168.30.1 255.255.255.0
!
interface Vlan40
ip address 192.168.40.1 255.255.255.0
!
interface Vlan45
ip address 192.168.45.1 255.255.255.0
!
interface Vlan50
ip address 192.168.50.1 255.255.255.0
!
interface Vlan60
ip address 192.168.60.1 255.255.255.0
ip access-group VLAN60-INBOUND in
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
interface Vlan150
ip address 192.168.150.1 255.255.255.0
!
interface Vlan200
ip address 192.168.200.1 255.255.255.0
!
interface Vlan300
ip address 10.45.0.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
redistribute connected subnets
network 192.168.60.0 0.0.0.255 area 1
!
ip http server
!
!
!
ip access-list standard RESTRICT-TELNET
permit 192.168.30.254
permit 192.168.100.0 0.0.0.255
permit 192.168.254.0 0.0.0.255
!
ip access-list extended QOS-ACL-CALLPOINTS
remark CALLPOINTS NETWORK
permit ip 192.168.50.0 0.0.0.255 any
permit ip any 192.168.50.0 0.0.0.255
ip access-list extended QOS-ACL-CAMERAS
remark CAMERA NETWORK
permit ip 192.168.10.0 0.0.0.255 any
permit ip any 192.168.10.0 0.0.0.255
ip access-list extended QOS-ACL-DATA
remark DATA NETWORK
permit ip 192.168.40.0 0.0.0.255 any
permit ip any 192.168.40.0 0.0.0.255
ip access-list extended QOS-ACL-DOORS
remark DOORS NETWORK
permit ip 192.168.20.0 0.0.0.255 any
permit ip any 192.168.20.0 0.0.0.255
ip access-list extended QOS-ACL-MANAGEMENT
remark MANAGEMENT NETWORK
permit ip 192.168.100.0 0.0.0.255 any
permit ip any 192.168.100.0 0.0.0.255
ip access-list extended QOS-ACL-VoIP-Control
permit tcp any any eq 1720
permit tcp any any range 11000 11999
permit udp any any eq 2427
permit tcp any any eq 2428
permit tcp any any range 2000 2002
permit udp any any eq 1719
permit udp any any eq 5060
ip access-list extended QOS-ACL-VoIP-RTCP
permit udp any any range 16384 32767
ip access-list extended VLAN60-INBOUND
remark PERMIT GENERAL VPN ACCESS TO ALL VLANS
permit ip 192.168.254.0 0.0.0.15 any
remark PERMIT VPN-xxx ACCESS TO xxx
permit ip 192.168.254.16 0.0.0.15 192.168.40.0 0.0.0.255
deny   ip 192.168.254.16 0.0.0.15 any
remark PERMIT VPN-xxx ACCESS TO xxx VLAN
permit ip 192.168.254.32 0.0.0.15 192.168.20.0 0.0.0.255
deny   ip 192.168.254.32 0.0.0.15 any
remark PERMIT VPN-xxx ACCESS TO xxx VLAN
permit ip 192.168.254.48 0.0.0.15 10.45.0.0 0.0.0.255
deny   ip 192.168.254.48 0.0.0.15 any
remark PERMIT ALL OTHER DATA
permit ip any any

!
ntp master

Cisco Employee

Re: NTP issue

Only if the external NTP servers are not available, the switch with the "ntp master" will assume the role as ntp server.

Here is the command reference:

http://www.cisco.com/en/US/docs/ios/12_2/configfun/command/reference/frf012.html#wp1123474

Would probably better if the switch is configured to synchronize the time from the external NTP server, and the internal hosts to use the switch as their NTP server, but there is no reason why the internal hosts can't synchronize to the internet NTP servers (btw PIX config looks OK).

190
Views
0
Helpful
3
Replies
CreatePlease to create content