Solved: Catalyst 3560 - NTP unsynchronized

cpremo · ‎12-28-2012

We've implemented new Catalyst 3560 switches and have noticed that the NTP status of the switch is unsynchronized:

Cerritos-Dist06B#sh ntp status

Clock is unsynchronized, stratum 16, no reference clock

nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17

reference time is 00000000.00000000 (16:00:00.000 UTC Wed Dec 31 1899)

clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 29.20 msec, peer dispersion is 0.00 msec

loopfilter state is 'FSET' (Drift set from file), drift is 0.000000000 s/s

system poll interval is 64, never updated.

******************************************************************************************************

Review of the NTP Associations details shows this:

Cerritos-Dist06B#sh ntp associations detail
165.235.25.141 configured, insane, invalid, stratum 3
ref ID 65.55.21.23   , time D4883EB5.E65729B2 (07:52:21.899 UTC Fri Dec 28 2012)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 93.61 msec, root disp 7865.06, reach 7, sync dist 9972.31
delay 19.62 msec, offset 63.9057 msec, dispersion 1952.27
precision 2**6, version 2
org time D48843B4.96366516 (08:13:40.586 UTC Fri Dec 28 2012)
rec time D48843B4.87ADDDCF (08:13:40.529 UTC Fri Dec 28 2012)
xmt time D48843B4.829708BD (08:13:40.510 UTC Fri Dec 28 2012)
filtdelay =    19.87   20.67   19.62    0.00    0.00    0.00    0.00    0.00
filtoffset =   66.71   69.21   63.90    0.00    0.00    0.00    0.00    0.00
filterror =    15.63   16.60   17.58 16000.0 16000.0 16000.0 16000.0 16000.0
minpoll = 6, maxpoll = 10

********************************************************************************************

Here is the configuration information on the swtich:

ntp server 165.235.25.141 prefer version 2

The IP address referenced is pointing to our AD PDC which is our internal NTP server.

Richard Burts · ‎12-29-2012

When you use the clock set command you are setting the local time for the switch. The Cisco Network Assistant and the command line show clock will display that time, which currently is correct for that switch. These do not have anything to do with the reference time which is related to NTP.

John has posted a link to an article which I think should be quite helpful. The important thing in the section related to NTP and Windows time servers is that by default Windows servers do not use NTP. They run Windows Time Service, which is similar but not the same as NTP. So your switch does not sync with the PDC since it is not sending NTP time. And without sync the reference time will not be set correctly. So to change the switch's reference time you should either configure the switch to use an NTP server that is not a Windows PDC or you should change the PDC to run NTP.

HTH

Rick

HTH

Rick

View solution in original post

John Blakley · ‎12-28-2012

Try this:

http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080a23d02.shtml#wtm

HTH,
John

*** Please rate all useful posts ***

HTH, John *** Please rate all useful posts ***

cpremo · ‎12-28-2012

So how do I change the switch's referenced time?

reference time is 00000000.00000000 (16:00:00.000 UTC Wed Dec 31 1899)

On the device I issued the following command:

clock set 09:22:45 28 december 2012

I also looked at the switches "System Time" in my Cisco Network Assistant software and it shows the correct time and Timezone.

Richard Burts · ‎12-29-2012

When you use the clock set command you are setting the local time for the switch. The Cisco Network Assistant and the command line show clock will display that time, which currently is correct for that switch. These do not have anything to do with the reference time which is related to NTP.

John has posted a link to an article which I think should be quite helpful. The important thing in the section related to NTP and Windows time servers is that by default Windows servers do not use NTP. They run Windows Time Service, which is similar but not the same as NTP. So your switch does not sync with the PDC since it is not sending NTP time. And without sync the reference time will not be set correctly. So to change the switch's reference time you should either configure the switch to use an NTP server that is not a Windows PDC or you should change the PDC to run NTP.

HTH

Rick

HTH

Rick

david.tran · ‎12-29-2012

The important thing in the section related to NTP and Windows time  servers is that by default Windows servers do not use NTP. They run  Windows Time Service, which is similar but not the same as NTP. So your  switch does not sync with the PDC since it is not sending NTP time. And  without sync the reference time will not be set correctly. So to change  the switch's reference time you should either configure the switch to  use an NTP server that is not a Windows PDC or you should change the PDC  to run NTP

I don't think this is accurate because I can sync a really old Cisco Catalyst 2924 running version 12.0.5 with a Windows 2003 or 2008R2 Active Directory Servers without any issues. Not only the "show ntp associations" shows that the ntp is being synced correctly but the tcpdump is also showing correctly as well. By the way, I am not running an 3rd parties NTP server on either the 2003 or 2008R2 AD servers, just native Windows Time Service. What you said "might" be true with Windows 2000 (I don't have one to test); however, if you point your router or switch to a Windows Server that is also a PDC Windows 2003 or 2008R2, it WILL work. See below:

nospaningtree#sh ntp associations

address ref clock st when poll reach delay offset disp

+~192.168.74.60 192.168.75.98 3 43 64 377 2.4 5.43 3.7

*~192.168.75.112 192.168.75.98 3 37 64 377 4.2 2.43 2.7

* master (synced), # master (unsynced), + selected, - candidate, ~ configured

nospaningtree#

[Expert@rkv-cpfw]# tcpdump -nnni eth4 port 123

tcpdump: listening on eth4

23:54:35.685826 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 0 poll 6 prec -17

23:54:35.686314 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:36.687252 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 0 poll 6 prec -17

23:54:36.687653 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:37.682893 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 4 poll 6 prec -17

23:54:37.683371 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:38.684323 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 4 poll 6 prec -17

23:54:38.684706 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:39.685775 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 4 poll 6 prec -17

23:54:39.686276 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:40.727361 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 4 poll 6 prec -17

23:54:40.727695 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:41.718653 192.168.1.2.123 > 192.168.75.112.123: v3 client strat 4 poll 6 prec -17

23:54:41.719027 192.168.75.112.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:41.719271 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 4 poll 6 prec -17

23:54:41.719720 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:42.715609 192.168.1.2.123 > 192.168.75.112.123: v3 client strat 4 poll 6 prec -17

23:54:42.715982 192.168.75.112.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:42.716362 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 4 poll 6 prec -17

23:54:42.717015 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:43.711374 192.168.1.2.123 > 192.168.75.112.123: v3 client strat 4 poll 6 prec -17

23:54:43.711756 192.168.75.112.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:43.712168 192.168.1.2.123 > 192.168.74.60.123: v3 client strat 4 poll 6 prec -17

23:54:43.712622 192.168.74.60.123 > 192.168.1.2.123: v3 +1s server strat 3 poll 6 prec -6

23:54:44.718227 192.168.1.2.123 > 192.168.75.112.123: v3 client strat 4 poll 6 prec -17

Leo Laohoo · ‎12-29-2012

Hi David,

How do you keep your Windows servers' time accurate? Do you let the PDC go out to the world and get time sync?

Cisco Catalyst 2924 running version 12.0.5 with

Oh shoot! Not 12.0(5)XU???? As in INTERIM Software "XU"???

david.tran · ‎12-29-2012

I let the PDC time sync with my Linux server. I let my Linux server sync'ed with other U.S. Government Internet NTP servers through my Checkpoint firewalls.

The code on my 2924-XL that I use "for lab purpose" is c2900xl-c3h2s-mz.120-5.WC11.bin. It is really old but it works.

Leo Laohoo · ‎12-29-2012

I let the PDC time sync with my Linux server.  I let my Linux server sync'ed with other U.S. Government Internet NTP servers through my Checkpoint firewalls.

Ok. So something goes out to get sync. In the last two places I've worked, we never use Windows as a time source. We always have at least two Cisco appliance (router or core switch) go out and get sync. Then the distro router/switches sync to those and the rest trickle through.

The code on my 2924-XL that I use "for lab purpose" is c2900xl-c3h2s-mz.120-5.WC11.bin.  It is really old but it works.

Yeah. I've familiar of the WC codes. It's been awhile.

david.tran · ‎12-29-2012

This is my lab environment that I use for testing. In my lab environment, I let my Linux server(s) to go out and get sync with external US government NTP servers. Then everything else in my lab environment is sync'ed with my linux server(s) because I am a Linux guy, not a windows person, and that I find linux to be a much better platform, IMHO.

The reason I brought up Windows as a time source is to prove a point that it also works just as well with other Cisco equipments.

Jeff Van Houten · ‎12-30-2012

As Richard pointed out, by default, a windows PDc is not an authoritative ntp source. Uncle google proves that beyond any doubt. You can put in some registry hacks to start up ntp on a dc, but its not running by default.

Sent from Cisco Technical Support iPad App

cpremo · ‎12-31-2012

That was the key. Somehow my PDC got converted back to using Windows Time Service instead of NTP. Once I reset it back to using NTP all was good on my switches.