cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2988
Views
0
Helpful
9
Replies
Highlighted
Beginner

Cst 9300 NTP Error

Hi,

when migrated the NTP configuration from c3560 to c9300 i have this error:

 

NTP Core (ERROR): Invalid-NAK error at 659 192.168.10.140<-172.17.3.110

this ip address 192.168.10.140 is management switch and 172.17.3.110 is ntp server.

 

anyone can help.

 

Thanks

9 REPLIES 9
Highlighted
VIP Advocate

 

 - Post the output of show ntp information , show ntp server ,        show ntp assoc and show run |  inc ntp

M.

Highlighted

Hi Marcel:

 

show ntp information
Ntp Software Name : Cisco-ntpv4
Ntp Software Version : Cisco-ntpv4-1.0
Ntp Software Vendor : CISCO
Ntp System Type : Cisco IOS / X86

#sh ntp associations

address ref clock st when poll reach delay offset disp
~172.17.3.110 .INIT. 16 858 128 0 0.000 0.000 15937.

#sh ntp associations
#sh ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 249.9982 Hz, precision is 2**10
ntp uptime is 171773200 (1/100 of seconds), resolution is 4016
reference time is DFDC5CC2.05604198 (13:53:54.021 UTC Sun Jan 6 2019)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 4.89 msec, peer dispersion is 0.00 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000007065 s/s
system poll interval is 64, last update was 868 sec ago.

#sh ntp config
ntp server 172.17.3.110 key 3

#sh run | int ntp
permit udp any host 172.17.3.110 eq ntp
ntp authentication-key 3 md5 0218155F352A14164D6B15251326220C5D 7
ntp authenticate
ntp trusted-key 3
ntp server 72.17.3.110 key 3

 

Thanks

Highlighted

 

 - Turn off ntp authentication as a test ; check whether it works then, if so re-generate the authentication key 'in cooperation' with the NTP server.      And check again , then with authentication.

M.

Highlighted

Hi Marce,

i have turned off the authentication and the error disappeared but ntp not sync, and configured the authentication again, the error came back again.

 

Thanks

 

 

Highlighted

 

 - Did you also re-generate the key ? Also -> Cisco is sometimes prone to NTP bugs in their software , is the 9300 on  a recent software release ? If not ; upgrade and try again.

Highlighted

yes  i re-generate the key and the same issue, the current software is recommended image "16.06.04a"

 

Thanks

Highlighted
VIP Expert

Hello,

 

in addition to the other post, also post the output of 'show ntp status'. Is access between both IP addresses restricted by an access list, or do you have NTP authentication configured ?

Highlighted

Did you ever find a fix for this? I'm having this same exact error on a 9410 running 16.08.01a

 

Thanks

Highlighted

Same issue on our network which is a mixture of 9500's, 9300's and 3850's.

NTP invalid-nak errors occurred immediately when upgrading from Gibraltar to Amsterdam.

To "fix" NTP we changed:

 

ntp server 192.168.10.100 key 1

to...

ntp server 192.168.10.100

 

NTP works again but without authentication.

Content for Community-Ad