09-02-2015 05:16 AM - edited 03-08-2019 01:36 AM
hello, i have a cisco switch connected to nexus 5500 which is synchronizing with the ntp server but the nexus is not.
here is the ntp configuration.
ntp server 10.1.32.3 key 1
ntp server 10.1.32.4 key 1
ntp source-interface loopback0
ntp authenticate
ntp authentication-key 1 md5 hidden 7
ntp trusted-key 1
interface loopback0
description Management
ip address 10.1.32.1/32
(config)# ping 10.1.32.3 vrf management
PING 10.1.32.3 (10.1.32.3): 56 data bytes
64 bytes from 10.1.32.3: icmp_seq=0 ttl=253 time=0.733 ms
64 bytes from 10.1.32.3: icmp_seq=1 ttl=253 time=0.797 ms
64 bytes from 10.1.32.3: icmp_seq=2 ttl=253 time=0.909 ms
64 bytes from 10.1.32.3: icmp_seq=3 ttl=253 time=0.923 ms
64 bytes from 10.1.32.3: icmp_seq=4 ttl=253 time=0.902 ms
(config)# ping 10.1.32.4
PING 10.1.32.4 (10.1.32.4): 56 data bytes
64 bytes from 10.1.32.4: icmp_seq=0 ttl=254 time=1.271 ms
64 bytes from 10.1.32.4: icmp_seq=1 ttl=254 time=2.409 ms
64 bytes from 10.1.32.4: icmp_seq=2 ttl=254 time=2.457 ms
64 bytes from 10.1.32.4: icmp_seq=3 ttl=254 time=2.487 ms
64 bytes from 10.1.32.4: icmp_seq=4 ttl=254 time=2.467 ms
output from debug ntp all:
2015 Sep 2 14:58:11.016496 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 27071
2015 Sep 2 14:58:11.017354 ntp: ntp_sigchld_wait_and_fetch_status: Non-ntp child exited ! Dont care !
2015 Sep 2 14:58:27.064185 ntp: Sending Time of day upd to standby
2015 Sep 2 14:59:57.064168 ntp: Sending Time of day upd to standby
what could be the problem?
Solved! Go to Solution.
09-04-2015 12:54 AM
Hi,
The output of the show ntp peer-status looks correct and the * indicates that time will be sync'd from the server 10.1.32.4.
The command show ntp status is for another purpose. According to the command reference it "shows whether Cisco Fabric Services (CFS) is enabled or disabled for the NTP application and whether a fabric lock is in place because a configuration is in progress". NTP distribution is discussed in the NTP CFS Distribution of the configuration guide.
Regards
09-02-2015 07:31 AM
Hi,
Was this setup working earlier or its new?
Can you double check your MD5 Password?
Regards,
Naveen
09-02-2015 11:53 PM
it's a new setup.
the md5 password is the same entered in clear text but when viewing in running config, it appears different between the router and the nexus
09-03-2015 12:03 AM
Hi,
When you ping you're specifying the management vrf, which means you would need to specify the VRF for NTP using the command ntp server <address> key 1 use-vrf management.
Regards
09-03-2015 01:17 AM
earlier i tried to synchronize with another ntp server which i could not ping, but now i allowed ip to him.
here is the new configuration:
ntp server 172.18.2.7 use-vrf management key 1
ntp source-interface mgmt0
ntp authenticate
ntp authentication-key 1 md5 qaxqsny 7
ntp trusted-key 1
(config)# ping 172.18.2.7 vrf management
PING 172.18.2.7 (172.18.2.7): 56 data bytes
64 bytes from 172.18.2.7: icmp_seq=0 ttl=61 time=1.721 ms
64 bytes from 172.18.2.7: icmp_seq=1 ttl=61 time=1.195 ms
64 bytes from 172.18.2.7: icmp_seq=2 ttl=61 time=3.462 ms
64 bytes from 172.18.2.7: icmp_seq=3 ttl=61 time=2.018 ms
64 bytes from 172.18.2.7: icmp_seq=4 ttl=61 time=1.692 ms
2015 Sep 3 11:08:12.016479 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 9856
2015 Sep 3 11:08:12.017335 ntp: ntp_sigchld_wait_and_fetch_status: Non-ntp child exited ! Dont care !
Pri-DC-Core-1(config)# 2015 Sep 3 11:09:02.741675 ntp: Sending Time of day upd to standby
now the status code is different. if the problem is with authentication, then why doesn't debug say so?i therefore assume it isn't with authentication.
09-03-2015 11:24 PM
according to https://learningnetwork.cisco.com/thread/48979
there is a bug in nexus os.
in order to set
clock protocol ntp
you have to first set
clock protocol none
i checked show ntp peer-status and found one reachable server:
sh ntp peer-status
Total peers : 2
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode
remote local st poll reach delay vrf
-------------------------------------------------------------------------------
=172.18.2.7 10.1.34.224 16 64 0 0.00000 management
*10.1.32.4 10.1.34.224 4 64 377 0.00084 management
so i configured the reachable server as an ntp server.
after correctly setting the time zone, the clock shows the right time without having reseted it.
except that :
# sh ntp status
Distribution : Disabled
Last operational state: No session
however,
# sh ntp statistics local
system uptime: 57608
time since reset: 57608
old version packets: 4323
new version packets: 0
unknown version number: 0
bad packet format: 0
packets processed: 3428
bad authentication: 0
Pri-DC-Core-1#
debug shows the following:
although the message:
2015 Sep 4 09:22:50.016437 ntp: ntp_sigchld_wait_and_fetch_status: waitpid() returns with status of 26565
2015 Sep 4 09:22:50.016810 ntp: ntp_sigchld_wait_and_fetch_status: Non-ntp child exited ! Dont care !
still exists but, now i get,
09:23:26.252163 ntp: get_control_msg: Got a valid ntp control pkt
could it be that nexus is synchronizing without showing that in the status?
09-04-2015 12:54 AM
Hi,
The output of the show ntp peer-status looks correct and the * indicates that time will be sync'd from the server 10.1.32.4.
The command show ntp status is for another purpose. According to the command reference it "shows whether Cisco Fabric Services (CFS) is enabled or disabled for the NTP application and whether a fabric lock is in place because a configuration is in progress". NTP distribution is discussed in the NTP CFS Distribution of the configuration guide.
Regards
09-04-2015 02:31 AM
thanks for clearing things up :)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide