Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
561
Views
0
Helpful
2
Replies

NTP Issue on WS-C3560CX-12PC-S, working on 3560X, 4500 and other devices

JHarris6117
Level 1
Level 1

‎11-08-2019 06:15 AM

Community,

 

We recently implemented a bunch of WS-C3560CX-12PC-S as credenza switches for AV.

 

We can't get these specific devices to stay synchronized with our NTP server.

 

The NTP server is a Cisco Nexus box and all other devices (cisco or not) are syncing just fine including (ASR's, 4500e's, 3650's 3560x's).

 

The config we are using on the 3560CX-12 is:

ntp logging
ntp access-group peer ACL-NTP-PEER
ntp access-group serve ACL-NTP-SERVE
ntp update-calendar
ntp server 10.1.1.1

 

service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
clock timezone EST -5 0

 

ip access-list standard ACL-NTP-PEER
permit 10.1.1.1
deny any log
ip access-list standard ACL-NTP-SERVE
deny any log

 

This is the status:

SW#show ntp associations detail
Load for five secs: 22%/0%; one minute: 23%; five minutes: 23%
Time source is NTP, .09:12:45.429 EST Fri Nov 8 2019

10.1.1.1 configured, ipv4, our_master, sane, valid, stratum 4
ref ID 8.8.8.8 , time E16FE2C4.51F2ED2F (07:49:08.320 EST Fri Nov 8 2019)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 25.46 msec, root disp 23.31, reach 1, sync dist 8049.26
delay 1.24 msec, offset 128.2183 msec, dispersion 7937.50, jitter 0.00 msec
precision 2**20, version 4
assoc id 28448, assoc name 10.200.1.1
assoc in packets 22446, assoc out packets 22447, assoc error packets 0
org time 00000000.00000000 (19:00:00.000 EST Thu Dec 31 1899)
rec time E16FE2CF.5760A6BE (07:49:19.341 EST Fri Nov 8 2019)
xmt time E16FE2CF.5760A6BE (07:49:19.341 EST Fri Nov 8 2019)
filtdelay = 1.24 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 128.21 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 0.00 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0
minpoll = 6, maxpoll = 10

 

SW#show ntp status
Load for five secs: 22%/0%; one minute: 23%; five minutes: 23%
Time source is NTP, .09:14:25.872 EST Fri Nov 8 2019

Clock is unsynchronized, stratum 5, reference is 10.200.1.1
nominal freq is 286.1023 Hz, actual freq is 286.0438 Hz, precision is 2**20
ntp uptime is 137766600 (1/100 of seconds), resolution is 3496
reference time is E16FE2CF.36B68FAA (07:49:19.213 EST Fri Nov 8 2019)
clock offset is 128.2183 msec, root delay is 26.71 msec
root dispersion is 8165.62 msec, peer dispersion is 7937.50 msec
loopfilter state is 'SPIK' (Spike), drift is 0.000204253 s/s
system poll interval is 64, last update was 5106 sec ago

 

Appreciate any help on this before I go down the TAC route.

Labels:
0 Helpful
2 Replies 2

pieterh
VIP
VIP

‎11-08-2019 07:22 AM

ntp access-group peer ACL-NTP-PEER
ntp access-group serve ACL-NTP-SERVE

 

this seems odd???

my guess is the 

     ntp access-group peer ACL-NTP-PEER

is overruled by
     ntp access-group serve ACL-NTP-SERVE

so only  the ACL-NTP-SERVE (which is deny any) is active 

 

 

  • The peer keyword enables the device to receive time requests and NTP control queries and to synchronize itself to the servers specified in the access list.
  • The serve keyword enables the device to receive time requests and NTP control queries from the servers specified in the access list but not to synchronize itself to the specified servers.
0 Helpful

Leo Laohoo
Hall of Fame
Hall of Fame

‎11-08-2019 04:10 PM

Nexus switches are not a reliable source of NTP.
Search this forum and there are known "issues" with them.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card