11-27-2010 10:03 AM - edited 03-04-2019 10:35 AM
Hello Friends,
I m facing very strange issue with NTP, My core switches are 4506 and they are synchronizing with AD for time, though i have not specified any command to sync with AD.There is no NTP command in switch i have manually set the time purposely 1 hr behind the clock after 10 to 15 min it picks up the correct time from AD.
I don't know why???? it is very strange for me.
Thanks
11-27-2010 10:16 AM
Hello,
Can you perhaps post your configuration? As far as I know, Catalyst switches do not synchronize their time until explicitly configured to. Also please post the output of the show ntp associations and show ntp status commands. Thanks!
Best regards,
Peter
11-27-2010 08:04 PM
Peter,
Seems strange, but we cannot exclude some interaction based on AD NTP broadcasts, causing the switch to adopt time.
http://technet.microsoft.com/en-us/library/cc773013%28WS.10%29.aspx
Perhaps an ACL could help in avoiding the undesired synchronization.
11-27-2010 09:35 PM
Hello,
Here is the output.
CS02#SHOW NTP ASSOC
address ref clock st when poll reach delay offset disp
*~127.127.7.1 127.127.7.1 2 42 64 377 0.0 0.00 0.0
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
CS02#SHOW NTP STATUS
Clock is synchronized, stratum 3, reference is 127.127.7.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19
reference time is D09C52AC.37091E20 (08:01:48.214 GST Sun Nov 28 2010)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec
Thanks
11-28-2010 12:11 AM
Hello,
There is definitely some explicit NTP configuration on your device. This output declares that the switch is configured as an NTP server and is providing NTP services to the network.
Can you post the entire configuration of the device (without, of course, sensitive data)?
Best regards,
Peter
11-27-2010 11:42 PM
Hello Paolo,
Absolutely agree - that's why I requested the configuration of the switch. But I assume that even for listening for AD time broadcasts, the switch would have to be configured explicitly, for example using the ntp broadcast client or ntp multicast client interface configuration command. I have not yet seen (though I am not sying that it is impossible) a switch without any explicit NTP configuration to "suddenly" synchronize its clock.
Best regards,
Peter
11-27-2010 11:53 PM
For what we know there may be a bug filed and solved already.
If not, the matter should be given to the TAC.
11-28-2010 12:13 AM
Hello Paolo,
I haven't seen the configuration of the device yet. I do not have any basis to suppose that this is an IOS bug or a case that "deserves" the attention of a TAC specialist. I will wait for the OP to post the configuration and then we'll see.
Best regards,
Peter
11-28-2010 09:17 AM
Per OP:
There is no NTP command in switch
May be it's my view, but in 18 years of working with Cisco products, I have seen so many bugs, that 1, 10 or 100 more do not surprise me a bit.
11-28-2010 10:55 AM
Hello Paolo,
Sure, I am not excluding the possibility of a bug per se. I am just trying to explore other possibilities before concluding that this is an errant behavior. I have also seen lots of bugs - surely not as many as you as you are working in the networking field considerably longer than me - and it would not surprise me neither, but I do not have enough reliable information to make any conclusion. If I stated that this is a bug basing on the scarce information available in this thread so far, I would be jumping to conclusions which is something I'd rather not do. Currently, I am not stating anything - I am just asking the OP to provide more information.
I find the OP's comment about "no NTP command present on the switch" somewhat suspicious and I'd like to verify that for myself (after all, the TAC person would do just the same). Note that the show ntp assoc produced an output that suggests that the switch is configured as NTP server (not default) with the stratum 3 (not default).
Best regards,
Peter
11-28-2010 01:38 PM
I wouldn't configure Cisco appliance as an authoritative NTP server.
How to configure an authoritative time server in Windows XP
How to configure an authoritative time server in Windows Server
How to configure an authoritative time server in Windows 2000
Otherwise, use a dedicated NTP server that synchronizes itself using GPS.
11-28-2010 02:03 PM
Leo, the point is that the OP does not want NTP, for whatever reason we are not called to judge.
11-28-2010 02:22 PM
Leo, the point is that the OP does not want NTP, for whatever reason we are not called to judge.
Mea culpa.11-28-2010 11:16 PM
The IOS for swtich is System image file is "bootflash:cat4500e-entservices-mz.122-53.SG1.bin. After specifying the NTP commands on core,and treating core as a local time source still after 10 to 15 min it syn with AD time.
In switch there are no commands specifying AD as NTP source.
Here are the configs
Building configuration...
Current configuration : 22451 bytes
!
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
no service password-encryption
service compress-config
service counters max age 10
!
hostname
!
boot-start-marker
boot-end-marker
!
logging buffered 8192
!
no aaa new-model
clock timezone GST 4
hw-module module 1 port-group 1 select gigabitethernet
hw-module module 1 port-group 2 select gigabitethernet
ip subnet-zero
ip domain-name XX
ip name-server 10.XX
ip name-server 10.XX
!
!
ip vrf mgmtVrf
!
!
power redundancy-mode redundant
!
!
!
!
!
!
spanning-tree mode mst
spanning-tree extend system-id
spanning-tree backbonefast
!
spanning-tree mst configuration
instance 1 vlan 1-8, 13, 20-25, 30-38
instance 2 vlan 9-12, 14-19, 26-29, 39-49
!
spanning-tree mst 1 priority 28672
spanning-tree mst 2 priority 24576
!
vlan internal allocation policy ascending
!
!
!
!
ip route 0.0.0.0 0.0.0.0 10.XXXXX
no ip http server
!
!
!
logging trap notifications
logging source-interface Vlan6
logging 10.XXX
!
!
snmp-server community XXX
snmp-server trap-source Vlan6
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps transceiver all
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps eigrp
snmp-server enable traps ospf state-change
snmp-server enable traps ospf errors
snmp-server enable traps ospf retransmit
snmp-server enable traps ospf lsa
snmp-server enable traps ospf cisco-specific state-change nssa-trans-change
snmp-server enable traps ospf cisco-specific state-change shamlink interface-old
snmp-server enable traps ospf cisco-specific state-change shamlink neighbor
snmp-server enable traps ospf cisco-specific errors
snmp-server enable traps ospf cisco-specific retransmit
snmp-server enable traps ospf cisco-specific lsa
snmp-server enable traps fru-ctrl
snmp-server enable traps entity
snmp-server enable traps ether-oam
snmp-server enable traps flash insertion removal
snmp-server enable traps power-ethernet police
snmp-server enable traps cpu threshold
snmp-server enable traps rep
snmp-server enable traps vtp
snmp-server enable traps vlancreate
snmp-server enable traps vlandelete
snmp-server enable traps auth-framework sec-violation
snmp-server enable traps dot1x auth-fail-vlan guest-vlan no-auth-fail-vlan no-guest-vlan
snmp-server enable traps envmon fan shutdown supply temperature status
snmp-server enable traps entity-diag boot-up-fail hm-test-recover hm-thresh-reached scheduled-test-fail
snmp-server enable traps port-security
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps ethernet cfm alarm
snmp-server enable traps ethernet evc status create delete
snmp-server enable traps energywise
snmp-server enable traps rtr
snmp-server enable traps bgp
snmp-server enable traps bulkstat collection transfer
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps ipmulticast
snmp-server enable traps isis
snmp-server enable traps msdp
snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-message
snmp-server enable traps rf
snmp-server enable traps bridge newroot topologychange
snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistency
snmp-server enable traps syslog
snmp-server enable traps vlan-membership
snmp-server enable traps mac-notification change move threshold
snmp-server host 10.XXX
!
line con 0
password
stopbits 1
line vty 0 4
password
login local
line vty 5 15
login
!
ntp logging
ntp source Vlan6
ntp master 3
ntp update-calendar
end
Thanks
11-29-2010 12:32 AM
I believe that in vlan 6 is an equipment set ntp sync with AD. Find the equipment that has ntp peer 127.127.7.1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide