05-30-2008 06:23 AM - edited 03-05-2019 11:19 PM
I am trying to sync and NTP master to a more relaible time source.
I have tried internal servers and internet based time servers and they are all coming back with validty test failures.
Config is as follows:
ntp source Loopback99
ntp access-group serve 40
ntp master 10
ntp update-calendar
ntp peer vrf X:X 192.43.244.18
ntp server vrf X:X 128.105.37.11 version 2 prefer
ntp peer vrf X:X 130.149.17.8
The errors are as follows:
089610: May 30 15:35:32 CEST: NTP: xmit packet to 192.43.244.18:
089611: May 30 15:35:32 CEST: leap 0, mode 1, version 3, stratum 10, ppoll 1024
089612: May 30 15:35:32 CEST: rtdel 0000 (0.000), rtdsp 0002 (0.031), refid 7F7F0701 (127.127.7.1)
089613: May 30 15:35:32 CEST: ref CBEA80F9.7DB22E68 (15:34:49.491 CEST Fri May 30 2008)
089614: May 30 15:35:32 CEST: org CBEA7F3F.CC3584CB (15:27:27.797 CEST Fri May 30 2008)
089615: May 30 15:35:32 CEST: rec CBEA7F24.A39582C8 (15:27:00.639 CEST Fri May 30 2008)
089616: May 30 15:35:32 CEST: xmt CBEA8124.7DB22E68 (15:35:32.491 CEST Fri May 30 2008)
089617: May 30 15:35:32 CEST: NTP: rcv packet from 192.43.244.18 to x.x.x.x on Loopback99:
089618: May 30 15:35:32 CEST: leap 0, mode 2, version 3, stratum 1, ppoll 1024
089619: May 30 15:35:32 CEST: rtdel 0000 (0.000), rtdsp 0000 (0.000), refid 41435453 (65.67.84.83)
089620: May 30 15:35:32 CEST: ref CBEA8102.EC04A21D (15:34:58.921 CEST Fri May 30 2008)
089621: May 30 15:35:32 CEST: org CBEA8124.7DB22E68 (15:35:32.491 CEST Fri May 30 2008)
089622: May 30 15:35:32 CEST: rec CBEA813F.CE58C36E (15:35:59.806 CEST Fri May 30 2008)
089623: May 30 15:35:32 CEST: xmt CBEA813F.CE599FB7 (15:35:59.806 CEST Fri May 30 2008)
089624: May 30 15:35:32 CEST: inp CBEA8124.A7AE1648 (15:35:32.655 CEST Fri May 30 2008)
089625: May 30 15:35:32 CEST: NTP: packet from 192.43.244.18 failed validity tests 10
089626: May 30 15:35:32 CEST: Authentication failed
As you can see I am not using authentication, and we are syncing to the same internet time sources on different devices, using no authentication.
The access-list 40 is permitting the traffic. I just cant understand why it is failing on authentication when it is not in use.
Other devices are syncing successfully to the master with no issues.
Any assistance would be much appreciated.
05-31-2008 12:40 PM
Stuart
There are a couple of things that I believe may be issues in your config.
- you have configured this router as ntp master at stratum 10. In my experience configuring a router as ntp master means that the router does not sync to other devices since it believe that its own clock is authoritative. I suggest that you remove ntp master from the config.
- you have configured an ntp access-group serve. But you have not configured an ntp access-group peer. Since 192.43.244.18 is configured as a peer I suggest that you also configure an ntp access-group peer with an access list that permits the peer addresses.
HTH
Rick
06-01-2008 11:59 PM
Hi Rick,
I clocked the access-group serve cmd, late on friday, and replaced this as the peer instead of serve and this sorted it.
Thanks for the reply. Spot on.
Stuart
06-02-2008 09:59 AM
Stuart
I am glad that my suggestion was able to help you resolve your problem. Sometimes the use of the ntp access-group is not obvious. I am glad that you now have it sorted out.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide