Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
416
Views
0
Helpful
2
Replies

Bug with 17.6.4

Ruhtra
Level 1
Level 1

‎01-24-2023 11:37 AM

There might be a bug with 17.6.4 and NTP source interface command.

I have a 9606 setup with multiple vrf's.  Our NTP source server is on other side of firewall.  The direct link to the firewall network from the 9606 has no rules for allowing origin traffic to pass.  Which is fine.  I had a NTP SOURCE VLAN100 config command that is the management subnet for all of the network switches, which the 9606 is the router for.  Before updating from 17.6.3, ntp on the 9606 updated from the ntp source on other side of firewall just fine.  After updating to 17.6.4, it appears that the 9606 is ignoring the ntp source vlan100 command, and is trying to use the direct link interface, which the firewall doesn't allow.  I can ping the ntp sorce from the vlan100 interface, which is why I think it's ignoring the source command.  All the field switches connecting through the 9606 can still reach the ntp source just fine.  There were no configuration changes made in addition to the IOS change.  I would prefer not to go back to 17.6.3

Hopefully I described that well enough.

Labels:
0 Helpful
2 Replies 2

balaji.bandi
Hall of Fame
Hall of Fame

‎01-24-2023 12:21 PM

i have seen this issue on the OLD code when we are running on 16.12.x

can you try removing NTP config and re-apply to see if that fixes the issue?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Ruhtra
Level 1
Level 1
In response to balaji.bandi

‎01-25-2023 05:51 AM

The other team added a rule to allow the uplink network.  I don't know, other than checking a traffic sniff on the firewall, how to tell which interface the request is going out.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card