Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4656
Views
5
Helpful
8
Replies

NTP stratum is 6 , need to minimize the stratum to 3

networkexpert
Level 1
Level 1

‎09-15-2019 07:19 AM

Hi all,

I am using my core switch cisco 4500E as NTP server for CUCM servers . the core switch sync its time with WAN firewall by stratum 6  which makes the core switch as stratum 7 for CUCM servers and this is not accepted.

how to make the core switch shows a valid NTP server with stratum 3 to my CUCM servers? 

Labels:
0 Helpful
8 Replies 8

marce1000
VIP
VIP

‎09-15-2019 09:18 AM

 

 - First of all you would be violating the NTP protocol by this requirement and introduce a 'spoofed' server to the CUCM servers. Besides that the NTP protocol must support 16-stratum levels. If the CUCM servers don't want  that then they are at fault and the problem should be  resolved at their site of the fence....

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

networkexpert
Level 1
Level 1
In response to marce1000

‎09-15-2019 11:50 PM

Thanks Marce ,
cisco call manager wants the stratum with maximum level 5 it is not fault.
cisco call manager can sync its time with any level under 16 however cisco recommend to keeb it under level 6

marce1000
VIP
VIP
In response to networkexpert

‎09-16-2019 12:40 AM

 

 - Consider this to be a recommendation only.

    M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

johnd2310
Level 8
Level 8

‎09-15-2019 07:47 PM

Hi,

You need to configure your core switch or WAN firewall to sync with an NTP server with better stratum.

What is the firewall syncing to? If the firewall is syncing to the Internet, you should be able to find stratum 1 servers.

Ideally, you should be able to buy your own stratum 1 appliance for you network

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

networkexpert
Level 1
Level 1
In response to johnd2310

‎09-15-2019 11:56 PM

Thanks Johnd ,
the main NTP server is in HQ and my firewall sync with . the problem is there is many firewalls on the path so my local Firewall sees the NTP with level 5 . I can NOT use stratum 1 locally as there is security constraints only I can use the NTP through HQ-WAN link.
I thought there is way to force my core switch to act as lower Stratum level.
0 Helpful

marce1000
VIP
VIP
In response to networkexpert

‎09-16-2019 12:39 AM

                >I thought there is way to force my core switch to act as lower Stratum level.

 - Because of the solidness of the NTP standard that is both not allowed and not possible.

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

johnd2310
Level 8
Level 8
In response to networkexpert

‎09-16-2019 06:36 AM

Hi,

If the NTP server is in HQ why can you not point your switch to the NTP server in HQ instead of the firewall?

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

networkexpert
Level 1
Level 1
In response to johnd2310

‎09-16-2019 07:26 AM

Hi Johnd ,
for security reason , the access is allowed only to WAN-firewall to reach the HQ-NTP server . the devices behind wan-FW in all branches are not alllowed to communicate directly with HQ-NTP server.
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card