Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2044
Views
2
Helpful
5
Replies

NTP Master and NTP Server

Go to solution
vitumbiko nkhwazi
Level 1
Level 1

‎05-20-2023 02:08 AM - last edited on ‎05-24-2023 02:13 PM by Community Manager

Hello.

I have a Cisco 4351 router that i configured as an NTP Master, all other routers and switches synchronize to this router. I have configured a Windows server as an NTP Server that synchronizes with Internet time servers, i need the 4351 router to synchronize its clock to the windows server, and then in turn distribute the time to the rest of the routers. 

The problem is that even when i configure the windows server as an NTP server on the router, its still preferring to synchronize to its local NTP server on IP address 127.127.1.1,  how can make the router to not use its local reference?  below is the NTP configuration and output for some show commands:

NBS-BT-DC-C4351-EDGE#sh run | sec ntp
ntp authentication-key 2 md5 107A514A3705180E30002E1D73086831 7
ntp authenticate
ntp trusted-key 2
ntp source Loopback0
ntp access-group serve ACL_NTP
ntp master 15
ntp server 10.40.129.153 prefer




NBS-BT-DC-C4351-EDGE#sh ntp associations
Load for five secs: 2%/1%; one minute: 3%; five minutes: 3%
Time source is NTP, 11:04:06.671 CAT Sat May 20 2023

address             ref clock      st      when       poll reach delay offset disp
*~127.127.1.1    .LOCL.      14        5           16 377 0.000 0.000 1.204
~10.40.129.153    .INIT.       16         -          1024 0 0.000 0.000 15937.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

 

 

1 person had this problem
Labels:
1 Accepted Solution

Accepted Solutions

Go to solution
M02@rt37
VIP
VIP

‎05-20-2023 05:40 AM

Hello @vitumbiko nkhwazi

In the NTP output you provided, the IP address 10.40.129.153 has a reference clock status of ".INIT." and a stratum value of 16. A stratum value of 16 indicates that the device is unsynchronized and is being used to initialize the NTP association. Then, your routeur prefer to synchronied with its local reference, even if you configure stratum 15 on it! The stratum value represents the level of hierarchy in the NTP network, with lower numbers indicating higher accuracy and reliability. Stratum 1 devices are considered the most accurate and reliable time sources, while stratum 15 is the highest value, indicating that the router is not synchronized to any external time source.

You have to troubleshoot and find the reason why your router is not synchronised with WIndows NTP server:

-- Verify that the IP address of the Windows server is correct and reachable from the Cisco 4351 route

--Check for any ACLs or firewall rules that may be blocking NTP traffic between the router and the Windows server.

-- Check for any NTP authentication settings on both the router and the Windows server, ensuring they are correctly configured and matching.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

0 Helpful
5 Replies 5

Go to solution
paul driver
VIP
VIP

‎05-20-2023 02:52 AM - last edited on ‎05-24-2023 03:02 PM by Community Manager

Hello
One reason why a rtr wont sync with a lower stratum would be  due to the clock timing being to much out of sync in the first place, Also make sure the rtr is set to be able to query the windows ntp server and its not set by mistake just to serve it.

Suggest you create two acls so you can peer with the windows server and serve your lan clients ntp queries, decrease your stratum, as 15 is quite a high value..

access−list 10 permit  host 10.40.129.153
access−list 10 deny any

access−list 11 permit <lan subnets>
access−list 11 deny any

ntp access−group peer 10
ntp access−group serve−only 11
ntp master 8


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Go to solution
MHM Cisco World
VIP
VIP

‎05-20-2023 03:13 AM - last edited on ‎05-24-2023 02:16 PM by Community Manager 

ntp master 15

remove this from the config 
check other cisco device is sync with router or not 

ntp server 10.40.129.153 prefer key 2

this also needed

Go to solution
M02@rt37
VIP
VIP

‎05-20-2023 05:40 AM

Hello @vitumbiko nkhwazi

In the NTP output you provided, the IP address 10.40.129.153 has a reference clock status of ".INIT." and a stratum value of 16. A stratum value of 16 indicates that the device is unsynchronized and is being used to initialize the NTP association. Then, your routeur prefer to synchronied with its local reference, even if you configure stratum 15 on it! The stratum value represents the level of hierarchy in the NTP network, with lower numbers indicating higher accuracy and reliability. Stratum 1 devices are considered the most accurate and reliable time sources, while stratum 15 is the highest value, indicating that the router is not synchronized to any external time source.

You have to troubleshoot and find the reason why your router is not synchronised with WIndows NTP server:

-- Verify that the IP address of the Windows server is correct and reachable from the Cisco 4351 route

--Check for any ACLs or firewall rules that may be blocking NTP traffic between the router and the Windows server.

-- Check for any NTP authentication settings on both the router and the Windows server, ensuring they are correctly configured and matching.

 

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.
0 Helpful

Go to solution
Rich R
VIP
VIP

‎05-20-2023 06:40 AM - last edited on ‎05-24-2023 02:37 PM by Community Manager

Yep remove the

ntp master

command.
To get it to sync quicker it can sometimes help to remove the

ntp server

commands, set the time as close to correct as possible manually (clock set), then replace the

ntp server

commands.

------------------------------
Please click Helpful if this post helped you and Select as Solution (drop down menu at top right of this reply) if this answered your query.
------------------------------
TAC recommended codes for AireOS WLC's   and   TAC recommended codes for 9800 WLC's
Best Practices for AireOS WLC's,   Best Practices for 9800 WLC's   and   Cisco Wireless compatibility matrix
Check your 9800 WLC config with Wireless Config Analyzer using "show tech wireless" output or "config paging disable" then "show run-config" output on AireOS and use Wireless Debug Analyzer to analyze your WLC client debugs
Field Notice: FN63942 APs and WLCs Fail to Create CAPWAP Connections Due to Certificate Expiration
Field Notice: FN72424 Later Versions of WiFi 6 APs Fail to Join WLC - Software Upgrade Required
Field Notice: FN72524 IOS APs stuck in downloading state after 4 Dec 2022 due to Certificate Expired
- Fixed in 8.10.196.0, latest 9800 releases, 8.5.182.12 (8.5.182.13 for 3504) and 8.5.182.109 (IRCM, 8.5.182.111 for 3504)
Field Notice: FN70479 AP Fails to Join or Joins with 1 Radio due to Country Mismatch, RMA needed
How to avoid boot loop due to corrupted image on Wave 2 and Catalyst 11ax Access Points (CSCvx32806)
Field Notice: FN74035 - Wave2 APs DFS May Not Detect Radar After Channel Availability Check Time
Leo's list of bugs affecting 2800/3800/4800/1560 APs
0 Helpful

Go to solution
Joseph W. Doherty
Hall of Fame
Hall of Fame

‎05-20-2023 07:21 AM

BTW, don't know if this still applies to Windows NTP servers, but I recall (?) it used to be their "NTP" service wasn't fully compatible with other NTP devices.  I recall you needed to install "extra" NTP software to get full NTP compatibility.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card