Re: Cisco 2600 and NTP

bsisco · ‎01-30-2006

I have followed a couple of articles on how to configure NTP on a cisco router (something I've done before) but seem to be having trouble this time.

Using a 2600 series (IOS 12.2) I have configured an NTP server (using the ntp server command) but no matter where I choose to synch time (public NTP server list) the 'sh ntp associations' command only shows that I have a server configured no other attributes. The clock never recieves any ntp updates and this is evident by the 'sh ntp status' command.

At one point I even had an access-list prepared (123 permit udp host <ntp-server> any eq ntp) but that didn't seem to help either.

The router is an edge router and only serves to terminate our local connectivity to the internet.

Any suggestions on what may be wrong?

Any suggestions on how to troubleshoot?

pkhatri · ‎01-30-2006

Hi,

I presume that you have done all relevant checks such as ensuring basic IP reachability to the configured ntp servers...

Could you run a 'debug ntp packets' and see if the 2600 is actually sending out any NTP packets ?

Paresh

Georg Pauwen · ‎01-30-2006

Hello,

you might want to try and reload the router. If the NTP client's clock differs by more than 4000 miliseconds from the NTP server´s clock, on Cisco routers, a time difference of greater than 4000 miliseconds is considered out of range, and prevents the router from synching to the server. This doesn't apply when you first configure an NTP peer on a Cisco router or at a reload. In this case, the NTP client's (the Cisco router's) clock is changed to match the NTP server's clock, no matter how large the difference.

HTH,

GP

bsisco · ‎02-02-2006

Thanks for the info.

Yes I have verified the ability to reach the NTP servers I have chosen (they are in use on another device inside the firewall).

Running debug NTP *anything* produces absolutely no feedback whatsoever. This would lead me to believe that I am not even attempting to sync with the time servers.

I will have to wait to perform a reload as this is our primary connection outside the office. I will write back the results when I have had a chance to reload - likely to be this Friday night.

Thanks,

Ben

thisisshanky · ‎02-02-2006

Ben,

Do you have any ACLs that may be preventing NTP packets ?

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

bsisco · ‎02-02-2006

No. I only have a couple of access lists none of which will DENY any packets related to NTP. It's a good thought as most issues are overlooked simple items, but I think I'm chasing something a bit deeper here.

thisisshanky · ‎02-02-2006

Ben,

When you tested reachability to the NTP server, I assume you pinged the server from the router's console?

Also can you paste a sh version...? we can try to see if any related bugs are posted..

Sankar Nair
UC Solutions Architect
Pacific Northwest | CDW
CCIE Collaboration #17135 Emeritus

bsisco · ‎02-06-2006

Cisco Internetwork Operating System Software

IOS (tm) C2600 Software (C2600-I-M), Version 12.3(6), RELEASE SOFTWARE (fc3)

Compiled Wed 11-Feb-04 19:24 by kellythw

ROM: System Bootstrap, Version 11.3(2)XA4, RELEASE SOFTWARE (fc1)

SpExtRtr uptime is 51 weeks, 2 days, 2 minutes

System returned to ROM by power-on

System restarted at 09:56:19 MST Sat Feb 12 2005

System image file is "flash:c2600-i-mz.123-6.bin"

cisco 2620 (MPC860) processor (revision 0x102) with 39936K/9216K bytes of memory.

M860 processor: part number 0, mask 49

Bridging software.

X.25 software, Version 3.0.0.

Primary Rate ISDN software, Version 1.1.