have anyone here faced the problem with NTP-synch when subject platform has its mgmt interface in vrf?
i have found that if i transfer mgmt interface into global vrf it works, but not vice versa.
in case of MGT-vrf with debug ntp i can see switch sends messages to configured servers, but no responce arrives back. routing is configured properly & full IP-connectivity (except of NTP's one) is in place in both MGT- & global vrf cases.
Can you post the configuration, is the MGMT VRF is point to point interface, what is other side connected to ?
like to look both the side port configuration. check you can ping to NTP Server using MGMT vrf as source ?
!when below vrf belonging is removed NTP works just fine
vrf forwarding Mgt-vrf
ip address 10.250.67.19 255.255.255.0
no ip proxy-arp
ipv6 address dhcp
ipv6 dhcp client request vendor
!default when in global vrf
ip route 0.0.0.0 0.0.0.0 10.250.67.1
!default when MGMT G0/0 is operational
ip route vrf Mgmt-vrf 0.0.0.0 0.0.0.0 10.250.67.1
!default when Vlan2767 belongs to Mgt-vrf
ip route vrf Mgt-vrf 0.0.0.0 0.0.0.0 10.250.67.1
ntp source Vlan2767
ntp server NTP-1 minpoll 10
ntp server NTP-2 prefer
& yes, servers are pingable in both cases. switch can be managed in both cases, tacacs&radius aaa works under Mgt-vrf just fine. As i told before: full connectivity is in place in both cases except NTP.
I think you will need to be more expansive with your NTP config
May be try using the actual IP adds of the NTP servers & define the VRF - something like below
ntp server vrf Mgt-vrf 10.10.10.10
ntp server vrf Mgt-vrf 10.10.110.10
exactly like this, Sir :0)
it resolved my problem. tons of thanks & have a nice weekend!