08-08-2005 07:07 PM
Okay all you CSS gurus, riddle me this one. I have a CSS11503 with SSL mod. This is a testing configuration very soon to become production sitting in a DMZ. We tried to get SNTP to sync to a known working NTP server inside the FW and couldn't. We finally moved the whole thing back inside to eliminate the FW being an issue and this is what is reflected in the config shown below. We can sync to an NTP server on the same network with the management interface. We cannot sync to an NTP server across a router. The NTP servers shown are actually two sides of the same router and other systems are successfully synchronizing to both addresses. This system can ping both and can also connect via FTP to systems on other networks along with being telnetted to from systems on other networks. Only the management interface is involved. The other interfaces are down. Check out the info below and tell me what you think. There is a reference in the forums to a similar problem on an 11000 back in 2003 that didn't seem to have an answer. I hope this one will go further.
CSS11503-01# show ver
Version: sg0750103 (07.50.1.03)
Flash (Locked): 07.50.0.04
Flash (Operational): 07.50.1.03
Type: PRIMARY
Licensed Cmd Set(s): Standard Feature Set
CSS11503-01# show run
!Generated on 08/08/2005 22:00:09
!Active version: sg0750103
configure
!*************************** GLOBAL ***************************
sntp primary-server-poll-interval 20
sntp secondary-server-poll-interval 20
no restrict web-mgmt
prelogin-banner "pre-login.txt"
sntp primary-server 172.20.1.1 version 3
sntp secondary-server 172.19.1.1 version 3
logging subsystem sntp level debug-7
ftp-record techsrv01 172.20.3.16 username des-password xxxxxxxxxxxxxxxx /CSS11503
ip management route 172.16.0.0 255.240.0.0 172.19.1.1
!************************* INTERFACE *************************
interface Ethernet-Mgmt
phy 10Mbits-FD
description "Ethernet Management Port"
CSS11503-01# show boot
!************************ BOOT CONFIG ************************
ip address 172.19.1.198
subnet mask 255.255.240.0
gateway address 172.19.1.1
primary boot-file sg0750103
primary boot-type boot-via-disk
CSS11503-01# show sntp global
SNTP Global Summary:
Primary SNTP Server
Server Address: 172.20.1.1
Version: 3
Poll Interval: 20
TimeSinceLastUpdate: 1008
Server status: DOWN
Secondary SNTP Server
Server Address: 172.19.1.1
Version: 3
Poll Interval: 20
TimeSinceLastUpdate: 17
Server Status: UP
CSS11503-01# show log sys.log | grep ntp
AUG 8 21:48:14 1/1 76 SNTP-7: Sntp server time stamp seconds: 14 fractions: = 0.697334 (0xb284808e)
AUG 8 21:48:14 1/1 77 SNTP-7: Sntp server time stamp being rounded up to next second
AUG 8 21:48:14 1/1 78 SNTP-7: Sntp server time changes 0 out of 3 sntp messages.
AUG 8 21:48:24 1/1 80 SNTP-7: Ipv4SntpSendRequest: forwEntry non-exist for 172.20.1.1
AUG 8 21:48:34 1/1 83 SNTP-7: Sntp server time stamp seconds: 34 fractions: = 0.697548 (0xb2928883)
08-09-2005 01:29 AM
The CSS can't use the management route for SNTP traffic.
A bug was opened to make this information appear in the configuration guide.
The bug is CSCee78500.
Regards,
Gilles.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide