Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
9016
Views
6
Helpful
4
Replies

Remove FMC NTP 127.127.1.1

Go to solution
johnlloyd_13
Level 9
Level 9

‎02-05-2019 01:56 AM - edited ‎02-21-2020 08:46 AM

hi,

i've added google NTP in FMCv but i can still see 127.127.1.1. see photo attached.

is there any way to remove it or is this a system default?

 

2 people had this problem
Preview file
62 KB
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-05-2019 07:38 PM

Your screenshot show you have synced with the external ntp server.

 

FMC retains 127.127.1.1 (local clock from the underlying Linux OS based on hardware the system is running on) as a potential backup in the event that the defined time server in unreachable. This is normal and expected behavior.

 

More details on FMC and NTP here:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118626-technote-firesight-00.html

View solution in original post

4 Replies 4

Go to solution
Alessandro Roberto Alves
Level 1
Level 1

‎02-05-2019 11:26 AM

In Time Synchronization, how did you leave it configured? Serve Time via NTP (Enable / Disable)? Set My Clock (Manually ... or Via NTP from). This information changes in Time.
0 Helpful

Go to solution
johnlloyd_13
Level 9
Level 9

‎02-05-2019 04:16 PM

hi,

i've set 'Enabled' for 'Serve Time via NTP' and chose 'Via NTP from' for 'Set My Clock' and typed 'time.google.com'

see attached photo.

i can also ping FQDN from FMC terminal:

admin@FMCv:~$ sudo ping time.google.com
Last login: Tue Feb  5 09:43:46 UTC 2019
PING time.google.com (216.239.35.8) 56(84) bytes of data.
64 bytes from time3.google.com (216.239.35.8): icmp_req=1 ttl=41 time=241 ms
64 bytes from time3.google.com (216.239.35.8): icmp_req=2 ttl=41 time=236 ms
64 bytes from time3.google.com (216.239.35.8): icmp_req=3 ttl=41 time=235 ms
^C
--- time.google.com ping statistics ---
4 packets transmitted, 3 received, 25% packet loss, time 3003ms
rtt min/avg/max/mdev = 235.460/237.887/241.468/2.584 ms

Preview file
80 KB
0 Helpful

Go to solution
Alessandro Roberto Alves
Level 1
Level 1
In response to johnlloyd_13

‎02-05-2019 05:13 PM

Hi, The 127.127.1.1 address you see in the simply says that the router is using its own internal clock as the time source. Do not worry about it, it is the correct behavior.

Go to solution
Marvin Rhoads
Hall of Fame
Hall of Fame

‎02-05-2019 07:38 PM

Your screenshot show you have synced with the external ntp server.

 

FMC retains 127.127.1.1 (local clock from the underlying Linux OS based on hardware the system is running on) as a potential backup in the event that the defined time server in unreachable. This is normal and expected behavior.

 

More details on FMC and NTP here:

 

https://www.cisco.com/c/en/us/support/docs/security/firesight-management-center/118626-technote-firesight-00.html

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card