when migrated the NTP configuration from c3560 to c9300 i have this error:
NTP Core (ERROR): Invalid-NAK error at 659 192.168.10.140<-172.17.3.110
this ip address 192.168.10.140 is management switch and 172.17.3.110 is ntp server.
anyone can help.
show ntp information
Ntp Software Name : Cisco-ntpv4
Ntp Software Version : Cisco-ntpv4-1.0
Ntp Software Vendor : CISCO
Ntp System Type : Cisco IOS / X86
#sh ntp associations
address ref clock st when poll reach delay offset disp
~172.17.3.110 .INIT. 16 858 128 0 0.000 0.000 15937.
#sh ntp associations
#sh ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 249.9982 Hz, precision is 2**10
ntp uptime is 171773200 (1/100 of seconds), resolution is 4016
reference time is DFDC5CC2.05604198 (13:53:54.021 UTC Sun Jan 6 2019)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 4.89 msec, peer dispersion is 0.00 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000007065 s/s
system poll interval is 64, last update was 868 sec ago.
#sh ntp config
ntp server 172.17.3.110 key 3
#sh run | int ntp
permit udp any host 172.17.3.110 eq ntp
ntp authentication-key 3 md5 0218155F352A14164D6B15251326220C5D 7
ntp trusted-key 3
ntp server 18.104.22.168 key 3
- Turn off ntp authentication as a test ; check whether it works then, if so re-generate the authentication key 'in cooperation' with the NTP server. And check again , then with authentication.
i have turned off the authentication and the error disappeared but ntp not sync, and configured the authentication again, the error came back again.
- Did you also re-generate the key ? Also -> Cisco is sometimes prone to NTP bugs in their software , is the 9300 on a recent software release ? If not ; upgrade and try again.
in addition to the other post, also post the output of 'show ntp status'. Is access between both IP addresses restricted by an access list, or do you have NTP authentication configured ?
Same issue on our network which is a mixture of 9500's, 9300's and 3850's.
NTP invalid-nak errors occurred immediately when upgrading from Gibraltar to Amsterdam.
To "fix" NTP we changed:
ntp server 192.168.10.100 key 1
ntp server 192.168.10.100
NTP works again but without authentication.