Having an issue with NTP at my new location. Bit of background:
Access A Access B Distro Core
______ ______ ______ ______
| | | | | | | |
| |----| |----| |---| |
|______| |_____| |______| |______|
So, there is an NTP server hanging off the core. No firewall exists between the NTP server and the core (it's within the LAN)
All devices above had the same NTP statements.
All devices can ping the NTP server
Access B, Distro, and Core show that NTP is working. They have associations, the clocks are synched, etc.
Access A is NOT synched.
I've gone line by line thru the NTP configs; they are identical on all switches (IP addresses changed):
ntp authentication-key 1 md5 happyday
ntp trusted-key 1
ntp clock-period 36029132 (these vary with device)
ntp source Vlan150
ntp access-group peer 30
ntp access-group serve-only 31
ntp server 10.1.0.1 key 1
ntp server 10.1.15.1
ntp server 10.2.50.100 key 1 prefer
I turned on all debuging for NTP. I can see that accessA is sending packets to the three time devices. I can see that the devices are sending NTP packets with the correct times and timezone back to AccessA. But AccessA is NOT associating:
AccessA#sho ntp ass
address ref clock st when poll reach delay offset disp
I've tried to completely remove the NTP configs from the switch, and put them back in. No change.
I've tried to change the PREFER statement from 10.2.50.100 to 10.1.0.1...and back again..no change.
Like I said, all the other switches are having no issues. I even removed the accesslist for the management vlan just to ensure it was not blocking anything, and no change. Here is a sample of the debug output (ip's changed) Also note the *** in the xmit packets...
121708: .May 26 23:00:59.597 KBL: NTP: xmit packet to 10.1.0.1:
121735: .May 26 23:00:59.597 KBL: ref D54CD382.48C4F81B (23:01:30.284 KBL Sun May 26 2013)
121736: .May 26 23:00:59.597 KBL: org D54CD363.9976DD46 (23:00:59.599 KBL Sun May 26 2013)
121737: .May 26 23:00:59.597 KBL: rec D54CD384.9A828552 (23:01:32.603 KBL Sun May 26 2013)
121738: .May 26 23:00:59.597 KBL: xmt D54CD384.9A887AEC (23:01:32.603 KBL Sun May 26 2013)
121739: .May 26 23:00:59.597 KBL: inp D54CD363.9A68E2E3 (23:00:59.603 KBL Sun May 26 2013)
As you can see, AccessA is sending packets to the timeserver devices. I MANUALLY set the date/time on AccessA. It is correct with the rest of the network. But you can see AccessA in the statements with the *** at the end is sending incorrect date/time info out. BUT, the time servers are sending back the correct date/time timezone info. And there are NO authentication errors.
Several of us are at a quandry on what's up. Any thoughts?
Do you use Cisco DNA Center? Have you used and are you willing to provide your feedback in using the Cisco DNA Center help and documentation?
If so, we’d like you to complete the survey linked below. Your feedback will help provide more effective and easi...
Listen: https://smarturl.it/CCRS9E18Follow us: https://twitter.com/CiscoChampion Reaching the height of your career is no simple feat. It often requires a combination of pursuing the right education, building the right professional network and being ...
In a typical production SD-WAN deployment, we would probably have many remote sites connected via many different Internet connections to a centralized data center or a regional hub. In most regions in the world, Internet providers will always use some typ...