Re: Cisco router 887VA - NTP configuration doesn't persist after a rel

leam2 · ‎04-28-2023

Hello,

My problem is the following:
I am trying to configure my router so that it synchronizes with a NTP server.
I set up the configuration below.
Then I save my changes to the startup config. and reload the router.
Once it's running again, I check for NTP status and it says: "%NTP is not enabled."
The router is a CISCO887VA-SEC-K9 router.
Can you help me make this work?

router_887va# conf t

router_887va(config)# ip name-server 80.10.246.2

router_887va(config)# ntp server 0.pool.ntp.org
Translating "pool.ntp.org"...domain server (80.10.246.1) [OK]

router_887va(config)# do show ntp associations

address ref clock st when poll reach delay offset disp
~88.157.128.22 .INIT. 16 - 64 0 0.000 0.000 16000.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

router_887va(config)# ntp server 1.pool.ntp.org
Translating "1.pool.ntp.org"...domain server (80.10.246.1) [OK]

router_887va(config)# do show ntp associations

address ref clock st when poll reach delay offset disp
~62.197.219.18 217.31.202.100 2 1 64 1 52.019 8.444 7937.5
~88.157.128.22 .INIT. 16 - 64 0 0.000 0.000 16000.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

router_887va(config)# do show ntp associations

address ref clock st when poll reach delay offset disp
~62.197.219.18 217.31.202.100 2 8 64 3 51.533 10.632 3937.7
~88.157.128.22 212.113.174.24 3 62 64 1 61.176 10.587 7937.5
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

router_887va(config)# ntp server 2.pool.ntp.org
Translating "2.pool.ntp.org"...domain server (80.10.246.1) [OK]

router_887va(config)# do show ntp associations

address ref clock st when poll reach delay offset disp
~62.197.219.18 217.31.202.100 2 33 64 3 51.533 10.632 3937.7
~88.157.128.22 212.113.174.24 3 23 64 3 61.176 10.587 3937.9
~185.53.93.157 .INIT. 16 - 64 0 0.000 0.000 16000.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

router_887va(config)# ntp server 3.pool.ntp.org
Translating "3.pool.ntp.org"...domain server (80.10.246.1) [OK]

router_887va(config)# do show ntp associations

address ref clock st when poll reach delay offset disp
~62.197.219.18 217.31.202.100 2 17 64 7 51.442 13.176 1937.9
~88.157.128.22 212.113.174.24 3 8 64 7 61.176 10.587 1938.5
~185.53.93.157 202.70.69.81 2 21 64 1 36.214 13.615 7937.5
~194.177.34.116 .INIT. 16 - 64 0 0.000 0.000 16000.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

router_887va(config)# do show ntp status
Clock is synchronized, stratum 3, reference is 62.197.219.18
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**28
reference time is E7F6038F.EE236853 (09:34:23.930 CET Fri Apr 28 2023)
clock offset is 17.7413 msec, root delay is 58.41 msec
root dispersion is 483.19 msec, peer dispersion is 438.53 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 64, last update was 27 sec ago.

router_887va(config)# do show clock
09:35:01.395 CET Fri Apr 28 2023

router_887va(config)# clock timezone CET +1
router_887va(config)# clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00
router_887va(config)# exi

router_887va# show clock detail
10:37:18.625 CEST Fri Apr 28 2023
Time source is NTP
Summer time starts 02:00:00 CET Sun Mar 26 2023
Summer time ends 03:00:00 CEST Sun Oct 29 2023

router_887va# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

router_887va# reload
Proceed with reload? [confirm]

router_887va# show ntp status
%NTP is not enabled.

router_887va# show run | include clock
clock timezone CET 1 0
clock summer-time CEST recurring last Sun Mar 2:00 last Sun Oct 3:00

router_887va# show ntp associations
<empty>

router_887va# show clock
10:44:03.499 CEST Fri Apr 28 2023

Thank you.
Best regards.

katrin1701 · ‎04-28-2023

before you reboot, are the ntp configs in the startup config?

#show startup-config | i ntp

and does it really boot the startup-config?

#show version

...

Configuration register is 0x2102

leam2 · ‎04-28-2023

Hello katrin1701.
I reput everything below with the answers of the questions your are asking.

router_887va# show running-config | i ntp
<empty>

router_887va(config)# ntp server 0.pool.ntp.org
Translating "0.pool.ntp.org"...domain server (80.10.246.2) [OK]

router_887va(config)# ntp server 1.pool.ntp.org
Translating "1.pool.ntp.org"...domain server (80.10.246.2) [OK]

router_887va(config)# ntp server 2.pool.ntp.org
Translating "2.pool.ntp.org"...domain server (80.10.246.2) [OK]

router_887va(config)# ntp server 3.pool.ntp.org
Translating "3.pool.ntp.org"...domain server (80.10.246.2) [OK]

router_1#show running-config | i ntp
ntp server 2.pool.ntp.org
ntp server 3.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server 0.pool.ntp.org

router_887va(config)# ip access-list extended 100
router_887va(config-ext-nacl)# permit udp any any eq ntp
router_887va(config-ext-nacl)# permit udp any eq ntp any
router_887va(config-ext-nacl)# permit udp any eq ntp any eq ntp
router_887va(config-ext-nacl)# exit
router_887va# show run | i ntp
access-list 100 permit udp any any eq ntp
access-list 100 permit udp any eq ntp any
access-list 100 permit udp any eq ntp any eq ntp
ntp server 2.pool.ntp.org
ntp server 3.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server 0.pool.ntp.org

router_887va# show ntp status
Clock is synchronized, stratum 3, reference is 5.135.137.188
nominal freq is 250.0000 Hz, actual freq is 249.9999 Hz, precision is 2**28
reference time is E7F62F42.E551F848 (13:40:50.895 CEST Fri Apr 28 2023)
clock offset is 127.5715 msec, root delay is 45.90 msec
root dispersion is 168.54 msec, peer dispersion is 14.06 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000299 s/s
system poll interval is 256, last update was 1309 sec ago.

router_887va# show ntp associations

address ref clock st when poll reach delay offset disp
+~51.145.123.29 25.66.230.3 3 140 256 375 34.429 139.169 14.472
*~5.135.137.188 192.168.4.3 2 164 256 377 30.873 127.571 14.067
+~94.23.21.189 130.149.17.21 2 118 256 377 30.771 136.991 17.129
-~129.250.35.251 129.250.35.222 2 123 256 377 27.688 156.310 5.973
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

router_887va# show clock detail
14:02:54.178 CEST Fri Apr 28 2023
Time source is NTP
Summer time starts 02:00:00 CET Sun Mar 26 2023
Summer time ends 03:00:00 CEST Sun Oct 29 2023

router_887va# copy running-config startup-config
Destination filename [startup-config]?
Building configuration...
[OK]

Here are the answers to your questions:

router_887va# show startup-config | i ntp
access-list 100 permit udp any any eq ntp
access-list 100 permit udp any eq ntp any
access-list 100 permit udp any eq ntp any eq ntp
ntp server 2.pool.ntp.org
ntp server 3.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server 0.pool.ntp.org

router_887va# show version
[...]
Configuration register is 0x2102

After reloading the router:

router_887va# show ntp status
%NTP is not enabled.

router_887va# show startup-config | i ntp
access-list 100 permit udp any any eq ntp
access-list 100 permit udp any eq ntp any
access-list 100 permit udp any eq ntp any eq ntp
ntp server 2.pool.ntp.org
ntp server 3.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server 0.pool.ntp.org

router_887va# show running-config | i ntp
access-list 100 permit udp any any eq ntp
access-list 100 permit udp any eq ntp any
access-list 100 permit udp any eq ntp any eq ntp

Best regards.

katrin1701 · ‎04-28-2023

That seems fine to me. Startup config has the ntp config data and reload should use the startup config.

Now I'm out of idas, but I'm only a beginner.

Maybe there is something in the log?

leam2 · ‎04-28-2023

I edited my previous post by adding the results of commands ran after the reload.
Thanks.

katrin1701 · ‎04-28-2023

As I said, I think it should use ntp after reboot, because parameters are in the startup and startup should be used.

I can't imagine why it doesn't work.

leam2 · ‎04-28-2023

Thank you Katrin.

"show log" doesn't show anything abnormal.

I made a change in the running-config ("no ip domain name <a_domain_name>" (because it was not relevant anymore and I thought it could be a problem to keep that instruction)).
I copied the running-config to the startup-config and reloaded the router.
That change has been properly taken into account in both configs.

Unfortunately, after the reload the "ntp server X.pool.ntp.org" lines disappeared from the running-config and are still present in the startup-config.

I don't know either how to solve that problem

Best regards.

leam2 · ‎04-28-2023

Hi. I am reading this on StackExchange:

You are correct. This is a DNS resolution issue.

The ntp process internally uses addresses, not names. So, although you can enter a name, and the system may store the name in the configuration, the process needs an address. The name cannot be resolved during boot -- not at the point the ntp configuration is processed.

So, you will either need to configure ntp with an address, or re-enter the named configuration after each reboot.

Source: https://networkengineering.stackexchange.com/questions/68322/cisco-ios-ntp-do-not-sync-time-after-reboot

- If I were to use IP addresses instead of names, I wouldn't know what IPs to use...

- Is there a way to automate the entering of the "ntp server X.pool.ntp.org" commands after the router has completely rebooted?

Best regards.

katrin1701 · ‎04-28-2023

those ip addresses of ntp servers usually never change

you can find out by using ping, it should answer with the ip address you need

leam2 · ‎04-28-2023

Hi. I am trying to schedule the task of running the four ntp commands I need, using kron:

router_887va(config)# kron policy-list kron_ntp
router_887va(config-kron-policy)# cli ntp server 0.pool.ntp.org
router_887va(config-kron-policy)# cli ntp server 1.pool.ntp.org
router_887va(config-kron-policy)# cli ntp server 2.pool.ntp.org
router_887va(config-kron-policy)# cli ntp server 3.pool.ntp.org
router_887va(config-kron-policy)# exit

router_887va(config)# kron occurrence kron_day in 0:0:1 recurring
router_887va(config-kron-occurrence)# policy-list kron_ntp
router_887va(config-kron-occurrence)# exi

Until now, the commands are probably executed because I can see the countdown using the command "show kron schedule" but no "ntp server X.pool.ntp.org" lines get written in running-config...

Best regards.

katrin1701 · ‎04-28-2023

I can't help you with kron, never used it

I'd do this:

# ping 0.pool.ntp.org

the reply should come from 138.201.19.107

and then use the ip address instead of the names

ntp server 138.201.19.107

do that with the other three and it should work.

leam2 · ‎04-28-2023

Hi. I tried to add the "configure terminal" and the "exit" command at the beginning and at the end of the sequence, but it doesn't solve the problem...

kron policy-list kron_ntp
cli configure terminal
cli ntp server 0.pool.ntp.org
cli ntp server 1.pool.ntp.org
cli ntp server 2.pool.ntp.org
cli ntp server 3.pool.ntp.org
cli exit

Best regards.

katrin1701 · ‎04-28-2023

if that kron is done at startup it may have the same problem, that dns isn't working yet.

Try ip addresses.

leam2 · ‎04-28-2023

Hi Katrin.

You are right. These commands should be run after the router has completely rebooted...
which is what happens presently every 1 minute but with no effect, at least not the one I am expecting

If I do not manage to make this work, I'll do as you suggest, I'll use IPs.
But for now, I am opening a new ticket... maybe someone will know about kron...

Best regards.

Cisco router 887VA - NTP configuration doesn't persist after a reload