03-11-2010 10:40 AM
I'm trying to get NTP from my internal hosts to synch against a router on the edge. I control all of the devices involved.
Currently, I have been able to get my switches in the DMZ to synch to the router but not my internal switches.
Following is the config from the Router:
ntp logging
ntp authentication-key 2 md5 ------- 7
ntp authenticate
ntp trusted-key 2
ntp source Loopback0
ntp update-calendar
ntp server 192.5.41.41
ntp server 192.5.41.42 prefer
Following is the config for my DMZ switch which is synching up:
ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2
Following is the config for my internal switch which is not synching up:
ntp authentication-key 2 md5 ------ 7
ntp authenticate
ntp trusted-key 2
ntp clock-period 36029304
ntp source Loopback0
ntp server 10.y.x.214 key 2
Following is the logging from my router:
044142: Mar 11 13:32:10.225 EST: NTP message received from 10.y.w.214 on interface 'Loopback0' (10.y.x.214).
044143: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: message received
044144: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next action is 3.
044145: Mar 11 13:32:10.225 EST: NTP Core(DEBUG): ntp_receive: doing fast answer to client.
NTP debugging from the inside switch:
006078: .Mar 11 13:33:07 EST: Authentication key 2
006079: .Mar 11 13:33:07 EST: Authentication key 2
006080: .Mar 11 13:33:25 EST: Authentication key 2
006081: .Mar 11 13:33:25 EST: Authentication key 2
I can watch this traffic traverse my network, it's like it gets to my switch and the switch just dismisses it. Anyone got any input to this? Any ideas? I have been trying to figure this out for a while and getting nowhere fast.
Solved! Go to Solution.
03-11-2010 02:20 PM
NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?
03-11-2010 12:22 PM
please post the output of the following 2 commands issued on the inside switch:
sh ntp assoc
sh ntp status
03-11-2010 12:56 PM
CORE#show ntp stat
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 119.2092 Hz, actual freq is 119.2076 Hz, precision is 2**17
reference time is 00000000.00000000 (19:00:00.000 EST Thu Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
CORE#show ntp assoc
address ref clock st when poll reach delay offset disp
~10.y.x.214 0.0.0.0 16 - 64 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
03-11-2010 02:20 PM
NTP uses UDP port 123; is there any access list in place that blocks these packets? Can you ping the ntp server from the switch?
03-11-2010 03:51 PM
Firewalled between interior and exterior. Was looking at the traffic pass in and out and hitting the router. Ping clued me in and I went back to check the routing tables - low and behold, no route in place.
Configured route, gave it a couple of minutes and bingo, bango, she's working.
Thanks for the sanity check!
03-11-2010 02:21 PM
What's the version of your IOS and is the NTP server a Linux client?
03-11-2010 03:16 PM
Router is the server
Version of router: 12.4(24)T1
Version of switch: Version 12.2(50)SE3
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide