Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NTP not synchronizing within remote lan

NTP is configured in the central site core switch to get time from master clock on the internet. Switches at central site sync off the core switch fine. My first remote site router syncs off the core switch fine. However, my three remote LAN switches, I have pointed to remote router, and will not sync off of that. (They can PING the router). Is there some type of vaiance that I need to configure for NTP to allow me to Cascade NTP references?

THANKS!

18 REPLIES
New Member

Re: NTP not synchronizing within remote lan

Hi,

Could you post the NTP related configs on the upstream routers (the routers that serve the NTP requests from the non-synching remote LAN devices). Firstly, any access-lists on the routers ?

New Member

Re: NTP not synchronizing within remote lan

MASTER in core site:

!

ntp clock-period 36029347

ntp source Vlan1

ntp server 129.6.15.28

end

Huntington-SW3#sho ntp status

Clock is synchronized, stratum 2, reference is 129.6.15.28

nominal freq is 119.2092 Hz, actual freq is 119.2074 Hz, precision is 2**18

reference time is CAC34E61.EECFF3CC (11:40:17.932 EDT Fri Oct 19 2007)

clock offset is -11.7683 msec, root delay is 253.54 msec

root dispersion is 37.40 msec, peer dispersion is 25.62 msec

Huntington-SW3#

----------------------------

Remote site router:

!

interface FastEthernet0/0

description ***

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex full

speed 100

no mop enabled

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.2.1.1 255.255.255.0

!

!

scheduler allocate 20000 1000

ntp clock-period 17180237

ntp server 10.1.1.3

!

end

Chicago-RT1#sho ntp status

Clock is synchronized, stratum 3, reference is 10.1.1.3

nominal freq is 250.0000 Hz, actual freq is 249.9946 Hz, precision is 2**18

reference time is CAC34F54.899F2E7D (10:44:20.537 CDT Fri Oct 19 2007)

clock offset is -1.1574 msec, root delay is 294.22 msec

root dispersion is 40.22 msec, peer dispersion is 1.65 msec

Chicago-RT1#

----------------------------------------

Remote site switch that will not sync:

!

ntp server 10.2.1.1

end

Chicago-SW1#sho ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

Chicago-SW1#ping 10.2.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Chicago-SW1#

Re: NTP not synchronizing within remote lan

Hi,

First, don't put "ntp disable" in the interface of the remote switch that is use to sync to the central site.

The service port is UDP 123 one way from switch to central site, make sure there is no ACL blocking it.

Regards,

Dandy

Hall of Fame Super Silver

Re: NTP not synchronizing within remote lan

Michael

There is not any variance to configure with NTP to accommodate remote sites. The NTP protocol provides the variance without special configuration which should facilitate cascading NTP server references.

There are several things which might cause the symptoms. As mentioned there is the possibility that some access list might be denying traffic and you should check for that. It is also possible to configure ntp access-group which can impact learning NTP. It might be on the server or on the client. Ot there might be ntp authentication configured which could impact operations. Perhaps you can post the ntp configuration of the client which is having problems and of the router from which it is attempting to learn time? It would also be helpful to have the output of show ntp association detail. Perhaps you could post this also?

HTH

Rick

New Member

Re: NTP not synchronizing within remote lan

Rick,

Below is my configurations: (Thanks for looking.)MASTER in core site:

!

ntp clock-period 36029347

ntp source Vlan1

ntp server 129.6.15.28

end

Huntington-SW3#sho ntp status

Clock is synchronized, stratum 2, reference is 129.6.15.28

nominal freq is 119.2092 Hz, actual freq is 119.2074 Hz, precision is 2**18

reference time is CAC34E61.EECFF3CC (11:40:17.932 EDT Fri Oct 19 2007)

clock offset is -11.7683 msec, root delay is 253.54 msec

root dispersion is 37.40 msec, peer dispersion is 25.62 msec

Huntington-SW3#

----------------------------

Remote site router:

!

interface FastEthernet0/0

description ***

no ip address

no ip redirects

no ip unreachables

no ip proxy-arp

ip route-cache flow

duplex full

speed 100

no mop enabled

!

interface FastEthernet0/0.1

encapsulation dot1Q 1 native

ip address 10.2.1.1 255.255.255.0

!

!

scheduler allocate 20000 1000

ntp clock-period 17180237

ntp server 10.1.1.3

!

end

Chicago-RT1#sho ntp status

Clock is synchronized, stratum 3, reference is 10.1.1.3

nominal freq is 250.0000 Hz, actual freq is 249.9946 Hz, precision is 2**18

reference time is CAC34F54.899F2E7D (10:44:20.537 CDT Fri Oct 19 2007)

clock offset is -1.1574 msec, root delay is 294.22 msec

root dispersion is 40.22 msec, peer dispersion is 1.65 msec

Chicago-RT1#

----------------------------------------

Remote site switch that will not sync:

!

ntp server 10.2.1.1

end

Chicago-SW1#sho ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

Chicago-SW1#ping 10.2.1.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 10.2.1.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Chicago-SW1#

Hall of Fame Super Silver

Re: NTP not synchronizing within remote lan

Michael

Thank you for posting additional information. It does show ntp achieving sync out to the router before the switch. And the configs posted do show no authentication and no access-groups. So it is strange that the switch is not getting to sync. Could you post the output of show ntp association detail from the switch that is not getting sync?

HTH

Rick

New Member

Re: NTP not synchronizing within remote lan

Rick, I also did a debug ntp packet and I see it leaving the unsynched client switch but do not see it received at the synced router. I've tried sourcing the router NTP packets from a loopback interface and tried defining a specific NTP access group peer. Again, I can PING the router, the only anomoly about the config is that it is a dot1q trunk between the switch and router. NTP is riding on the default/native vlan1.

Chicago-SW1#sho ntp associat

Chicago-SW1#sho ntp associations detail

10.2.1.1 configured, insane, invalid, unsynced, stratum 16

ref ID 0.0.0.0, time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64

root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000

delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00

precision 2**5, version 3

org time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

rcv time 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

xmt time AF3BF7D8.5A3BED80 (20:47:52.352 CST Sun Feb 28 1993)

filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00

filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

Chicago-SW1#sho ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**18

reference time is 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

Chicago-SW1#debug ntp packet

NTP packets debugging is on

Chicago-SW1#term mon

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

Chicago-SW1#

*Mar 1 02:53:12: NTP: xmit packet to 10.2.1.1:

*Mar 1 02:53:12: leap 3, mode 3, version 3, stratum 0, ppoll 64

*Mar 1 02:53:12: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000 (0

.0.0.0)

*Mar 1 02:53:12: ref 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: org 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: rec 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: xmt AF3BF918.5A48D69F (20:53:12.352 CST Sun Feb 28 1993)

Rmote site router NTP debug:

022862: Oct 19 13:43:59.703 CDT: NTP: xmit packet to 10.1.1.3:

022863: Oct 19 13:43:59.703 CDT: leap 0, mode 3, version 3, stratum 3, ppoll 64

022864: Oct 19 13:43:59.703 CDT: rtdel 59B6 (350.433), rtdsp 1490 (80.322), ref

id 0A010103 (10.1.1.3)

022865: Oct 19 13:43:59.703 CDT: ref CAC377AF.BC35268D (13:36:31.735 CDT Fri Oc

t 19 2007)

022866: Oct 19 13:43:59.703 CDT: org CAC377AF.B6DE21B9 (13:36:31.714 CDT Fri Oc

t 19 2007)

022867: Oct 19 13:43:59.703 CDT: rec CAC377AF.BC35268D (13:36:31.735 CDT Fri Oc

t 19 2007)

022868: Oct 19 13:43:59.703 CDT: xmt CAC3796F.B43406DC (13:43:59.703 CDT Fri Oc

t 19 2007)

Thanks for your assistance.

New Member

Re: NTP not synchronizing within remote lan

Hello,

This should work.

On the router create an access-list like

access-list 4 per any

Then

ntp access-group serve-only 4

The switch should sync up to the router.

Or you could just add the ntp server address you have on the router to the switch. That should work as well.

New Member

Re: NTP not synchronizing within remote lan

If I do the access-list/access-group it still doesn't work.

If I set the unsynced client's NTP server address to the switch across the WAN, he syncs up no problem. It's like it's something buggy with the 802.1q trunk between the router and switch.

New Member

Re: NTP not synchronizing within remote lan

Do you have a loopback address on the router?

Or on the router, try 'ntp source fa x/x'

Or on the router, try 'ntp source lo0'

Then on the switch point to the loopback address or the fa address.

I got it to sync on a 8021q trunk similiar to yours.

Hall of Fame Super Silver

Re: NTP not synchronizing within remote lan

Michael

With all due respect to Bill I would suggest that you not configure an ntp access-group - at least not yet. Until you have the basic functionality going I do not believe it is wise to start complexity like ntp access-group.

Would it be possible for you to post the output of a traceroute from the switch to the ntp router and from the ntp router to the switch? I would like to see traffic patterns in both directions.

HTH

Rick

Hall of Fame Super Bronze

Re: NTP not synchronizing within remote lan

Do us a favor and manually change the time in the switch to a date closer to the present date.

The current time in the switch is unreal, I didn't think it was possible to have a default time set so far back.

Per your log

*Mar 1 02:53:12: ref 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: org 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

*Mar 1 02:53:12: rec 00000000.00000000 (18:00:00.000 CST Thu Dec 31 1899)

December 31st 1899 ? WOW. I believe when trying to sync the time with your cascading NTP server, they can't agree.

New Member

Re: NTP not synchronizing within remote lan

Thanks for the suggestion- I will give that a whirl when I get back to the customer site next week. I'll let you know.

Re: NTP not synchronizing within remote lan

Hi Michael,

I think I see your problem.

This is your current configuration

CORE Switch sync to 129.6.15.28 (time-a.nist.gov). Successful!

CORE Switch is NTP Master (Stratum 3).

Remote Router sync to CORE Switch (10.1.1.3). Successful!

Remote Switches sync to Remote Router (10.2.1.1). Fail, because NTP Server is not running in Remote Router!

Recommended solution:

Run NTP Server in Remote Router, add the command line "ntp master 8" to run NTP Server in Stratum 8.

Do not put any ACL/Access-group until you have successfully sync the time (CORE Switch, Remote Router, and Remote Switches). If you put ACL/Access-group in Remote Router, include the folllowing IP Addresses;

CORE Switch IP Address: 10.1.1.3

Remote Switches IP Address: ?

Regards,

Dandy

Hall of Fame Super Silver

Re: NTP not synchronizing within remote lan

Dandy

It is not necessary to configure ntp master to have an IOS device serve as an NTP server. And unintended consequences can result from configuring ntp master on a device that does not have a reliable time source.

In Cisco's implementation of NTP in IOS when a device has learned authoritative time it will function as an NTP server and no other configuration is required to get the device to function as an NTP server.

HTH

Rick

New Member

Re: NTP not synchronizing within remote lan

Hi,

My suggestion --

Why don't you try to run NTP in the 'broadcast' mode instead of server-client mode ?

Or You could enable a specific multicast group for NTP for this remote site.

I wouldn't suggest you set up a 'peer'ing association with the router but since your server-client mode isn't working, you could try multicast/bcast client out with authentication keys & md5 ..

And, FYI, 'ntp disable' on the switch won't stop it from sending out NTP requests to its connected router. It just stops the switch from acting as an NTP server on the disabled interface.

HTH.

Please let us all know how you get on with this.

Cheers

arav

New Member

Re: NTP not synchronizing within remote lan

I'll let you know how I make out when I return to the customer site next week. Thanks for the suggestions.

New Member

Re: NTP not synchronizing within remote lan

I ran into a similar problem. It was due to pasting in a 'ntp clock-period' command (copied from another router). This value should never be configured/copy-pasted from another router. It is computed and inserted into the config by the router when it successfully time sync's.

358
Views
0
Helpful
18
Replies
CreatePlease login to create content