Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
512
Views
0
Helpful
1
Replies

CSS11503 SNTP not working across router.

TYLER WEST
Level 1
Level 1

‎08-08-2005 07:07 PM

Okay all you CSS gurus, riddle me this one. I have a CSS11503 with SSL mod. This is a testing configuration very soon to become production sitting in a DMZ. We tried to get SNTP to sync to a known working NTP server inside the FW and couldn't. We finally moved the whole thing back inside to eliminate the FW being an issue and this is what is reflected in the config shown below. We can sync to an NTP server on the same network with the management interface. We cannot sync to an NTP server across a router. The NTP servers shown are actually two sides of the same router and other systems are successfully synchronizing to both addresses. This system can ping both and can also connect via FTP to systems on other networks along with being telnetted to from systems on other networks. Only the management interface is involved. The other interfaces are down. Check out the info below and tell me what you think. There is a reference in the forums to a similar problem on an 11000 back in 2003 that didn't seem to have an answer. I hope this one will go further.

CSS11503-01# show ver

Version: sg0750103 (07.50.1.03)

Flash (Locked): 07.50.0.04

Flash (Operational): 07.50.1.03

Type: PRIMARY

Licensed Cmd Set(s): Standard Feature Set

CSS11503-01# show run

!Generated on 08/08/2005 22:00:09

!Active version: sg0750103

configure

!*************************** GLOBAL ***************************

sntp primary-server-poll-interval 20

sntp secondary-server-poll-interval 20

no restrict web-mgmt

prelogin-banner "pre-login.txt"

sntp primary-server 172.20.1.1 version 3

sntp secondary-server 172.19.1.1 version 3

logging subsystem sntp level debug-7

ftp-record techsrv01 172.20.3.16 username des-password xxxxxxxxxxxxxxxx /CSS11503

ip management route 172.16.0.0 255.240.0.0 172.19.1.1

!************************* INTERFACE *************************

interface Ethernet-Mgmt

phy 10Mbits-FD

description "Ethernet Management Port"

CSS11503-01# show boot

!************************ BOOT CONFIG ************************

ip address 172.19.1.198

subnet mask 255.255.240.0

gateway address 172.19.1.1

primary boot-file sg0750103

primary boot-type boot-via-disk

CSS11503-01# show sntp global

SNTP Global Summary:

Primary SNTP Server

Server Address: 172.20.1.1

Version: 3

Poll Interval: 20

TimeSinceLastUpdate: 1008

Server status: DOWN

Secondary SNTP Server

Server Address: 172.19.1.1

Version: 3

Poll Interval: 20

TimeSinceLastUpdate: 17

Server Status: UP

CSS11503-01# show log sys.log | grep ntp

AUG 8 21:48:14 1/1 76 SNTP-7: Sntp server time stamp seconds: 14 fractions: = 0.697334 (0xb284808e)

AUG 8 21:48:14 1/1 77 SNTP-7: Sntp server time stamp being rounded up to next second

AUG 8 21:48:14 1/1 78 SNTP-7: Sntp server time changes 0 out of 3 sntp messages.

AUG 8 21:48:24 1/1 80 SNTP-7: Ipv4SntpSendRequest: forwEntry non-exist for 172.20.1.1

AUG 8 21:48:34 1/1 83 SNTP-7: Sntp server time stamp seconds: 34 fractions: = 0.697548 (0xb2928883)

Labels:
0 Helpful
1 Reply 1

Gilles Dufour
Cisco Employee
Cisco Employee

‎08-09-2005 01:29 AM

The CSS can't use the management route for SNTP traffic.

A bug was opened to make this information appear in the configuration guide.

The bug is CSCee78500.

Regards,

Gilles.

0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card