Re: NTP issue

raoufesi · ‎05-22-2024

Hey community,

I configured the 'Linux' server above to be the NTP server, all devices in this network can ping the server normally, but they are not synching to it, I provided the output of 'show ntp associations' and 'show ntp status' as well as 'show run' for the ntp section.

knowing that the server is running fedora and chrony. Thank you for your help

M02@rt37 · ‎05-22-2024

Hello @raoufesi

no iptable on your Linux server ?

Do tcpdump on your linux - Do you see udp segment port (123) come from the sources identified ?

Are there any IP restrictions on chrony ? restriction abour IP sources authorized to pool that server for NTP services.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

balaji.bandi · ‎05-22-2024

what NTP server you installed on Linux, Chrony or NTP ?

what Linux distro ?

some linux have default firewall like UFW so check is that on or turned off ?

check iptables -xnvL see any Firewalls.

check ntp server ports listening - netstat -tunlp

also make sure you allow the clients to connect to server on NTP on Linux :

example : allow x.x.x.x

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

raoufesi · ‎05-23-2024

Chrony

fedora 40

firewall is allowing port 323 (chrony's default UDP port) and also allow NTP

there is no ip tables in this distro

here is the output of 'netstat' :

also all switches can ping the linux server and I allowed all nodes '0.0.0.0/0' within the chrony.conf file

balaji.bandi · ‎05-26-2024

i do not see your NTP Listening on 323. (using IPv4, its listing on Loopback ip) as per your screenshot.

i use NTP for my testing works as expected :

https://www.balajibandi.com/?p=50

i do not have chrony document in hand i used below guide to setup one works as expected with cisco switches :

https://opensource.com/article/18/12/manage-ntp-chrony

Note: if you move to Windows NTP and working, then you can carry on using Windows NTP, if you like to troubleshooting using Linux - check the document and output.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎05-22-2024

debug ntp packet <<- share this please

MHM

raoufesi · ‎05-23-2024

here you are, also I provided the chrony.conf file and the firewall settings...

MHM Cisco World · ‎05-23-2024

the SW only send the NTP packet without any reply, this meaning there is either reachability which need to check by ping with using source IP not only ping
ping <ntp server IP> source <ntp source interface or IP>

also the interface in debug is different than what you use as NTP source ?

MHM

raoufesi · ‎05-24-2024

hey again,

I switched to a windows server 2019 machine, everything was much easier to configure and now everything is working ,the only issue I am having is that the clock is 1hr late in my cisco devices, despite it being correct in the windows server machine, how to solve that ?

MHM Cisco World · ‎05-24-2024

Wait' it will sync but it sometime take long time' check after 1 hr or make SW clock less than ntp server by 5 min. This will faster the sync

MHM

raoufesi · ‎05-24-2024

can I just use the 'clock timezone' command to add a 1hr of difference ? will that affect the functioning of NTP ?

MHM Cisco World · ‎05-24-2024

date and timezone and clock (-5 or -10 min) all need to match between NTP server and client

or try

ntp server x.x.x.x iburst <<- this make SW ask many NTP message and hence faster the Sync

MHM

Richard Burts · ‎05-25-2024

I would think that clock timezone would solve the issue and it will not affect functioning of NTP.

HTH

Rick