Solved: NTP Not Synching

Daniel Mckibbin · ‎12-07-2010

Hello I've tried many different combinations and have not been able to get NTP to synch. My current configuration is having host 172.16.1.66 act as an NTP server with NTP server software. It is currently synched to an outside NTP server. My router and switch then use the 172.16.1.66 address for their ntp server. My configuration for the router is as below:

ntp clock-period 17179824
ntp source Ethernet1/1.400
ntp server 172.16.1.66

I'm getting responses from the server, but it will not associate or synch up with it:

Dec 7 10:41:06.414: NTP: xmit packet to 172.16.1.66:
.Dec 7 10:41:06.414: leap 3, mode 3, version 3, stratum 0, ppoll 64
.Dec 7 10:41:06.414: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000 (0.0.0.0)
.Dec 7 10:41:06.414: ref 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
.Dec 7 10:41:06.414: org 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
.Dec 7 10:41:06.414: rec 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
.Dec 7 10:41:06.414: xmt D0A88DC2.6A1A1471 (03:41:06.414 MST Tue Dec 7 2010)
.Dec 7 10:41:06.418: NTP: rcv packet from 172.16.1.66 to 172.16.1.65 on Ethernet1/1.400:se
.Dec 7 10:41:06.418: leap 0, mode 3, version 4, stratum 1, ppoll 1
.Dec 7 10:41:06.418: rtdel 0000 (0.000), rtdsp 0000 (0.000), refid 20202020 (32.32.32.32)
.Dec 7 10:41:06.418: ref 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
.Dec 7 10:41:06.418: org D0A88DC2.6A1A1471 (03:41:06.414 MST Tue Dec 7 2010)
.Dec 7 10:41:06.418: rec D0A89386.A0000000 (04:05:42.624 MST Tue Dec 7 2010)
.Dec 7 10:41:06.422: xmt D0A89386.A0000000 (04:05:42.624 MST Tue Dec 7 2010)
.Dec 7 10:41:06.422: inp D0A88DC2.6B858815 (03:41:06.420 MST Tue Dec 7 2010)n

address ref clock st when poll reach delay offset disp
~172.16.1.66 0.0.0.0 16 9 64 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

I believe the issue has to do with the bolded line above. It looks like the reference date is from the year 1899. I tried disabling NTP, setting the clock manually, and re-enabling NTP with no success. I've set server statements to use the public ip addresses of the NTP servers as well with no success. Anyone know what is going on? The same thing is happening with both the router an the switch. I was able to get it working once with the same settings, but once the router reloaded it never synched again, and I've never been able to synch it since.

Thanks,

Daniel M.

cadet alain · ‎12-07-2010

You said your xp machine which is your NTP server is stratum 15 but it is getting ntp from stratum 1 servers so it should be startum 2.

Take a look here: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080a23d02.shtml

Don't forget to rate helpful posts.

View solution in original post

cadet alain · ‎12-07-2010

Hi,

Can you post ntp config of ntp server as well as touting table and the same for your router and switch.

Can you also put on each: sh ntp status and sh ntp assoc detail

Regards.

Don't forget to rate helpful posts.

Daniel Mckibbin · ‎12-07-2010

The NTP server is a windows XP machine running Time tools NTP servers. It is using stratum 15. I've included a screenshot of its status.

Router Routing table:
     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback1
     70.0.0.0/24 is subnetted, 1 subnets
C       70.162.56.0 is directly connected, FastEthernet2/0
     172.16.0.0/16 is variably subnetted, 4 subnets, 2 masks
C       172.16.1.32/27 is directly connected, Ethernet1/1.300
C       172.16.1.0/27 is directly connected, Ethernet1/1.200
C       172.16.2.0/30 is directly connected, Ethernet1/1.100
C       172.16.1.64/27 is directly connected, Ethernet1/1.400
     172.19.0.0/32 is subnetted, 1 subnets
S       172.19.73.49 [254/0] via 70.162.56.1, FastEthernet2/0
S*   0.0.0.0/0 [254/0] via 70.162.56.1

Router NTP Config:

ntp clock-period 17179824
ntp source Ethernet1/1.400 ------ I have tried removing the source command. it doesn't help

ntp server 172.16.1.66

Router Show Commands:

Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 250.0006 Hz, precisio
reference time is 00000000.00000000 (17:00:00.000 MST Wed Dec 31
clock offset is 0.0000 msec, root delay is 0.00 msec

root dispersion is 0.00 msec, peer dispersion is 0.00 msec

172.16.1.66 configured, insane, invalid, unsynced, stratum 16
ref ID 0.0.0.0, time 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000
delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00
precision 2**5, version 3
org time 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
rcv time 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
xmt time D0A8F8C2.57A83DA9 (11:17:38.342 MST Tue Dec 7 2010)
filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

Switch config:

ntp clock-period 17180166
ntp source FastEthernet0/15
ntp server 172.16.1.66

Switch show commands:

LAN_SWITCH#show ntp associations detail
172.16.1.66 configured, insane, invalid, unsynced, stratum 16
ref ID 0.0.0.0, time 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
our mode client, peer mode unspec, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000
delay 0.00 msec, offset 0.0000 msec, dispersion 16000.00
precision 2**5, version 3
org time 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
rcv time 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
xmt time AF3C5812.704F213B (02:38:26.438 MST Mon Mar 1 1993)
filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.00
filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0

Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 250.0000 Hz, actual freq is 249.9956 Hz, precision is 2**18
reference time is 00000000.00000000 (17:00:00.000 MST Wed Dec 31 1899)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec

I still think the issue has to the with the highlighted command above. No matter how I set up NTP the reference time is that same date. Why and how do you change it?

Ganesh Hariharan · ‎12-07-2010

Hi,

As per the output following observation followin is the points to be observed

The 'reach' counter shows a value of 0 for the following configured NTP server IP address(es):
172.16.1.66
This means that the router did not receive at least the last eight NTP packets it expects to receive. Usually this counter shows a value of "377" which means that device has received at least the last eight NTP packets.

Check out the below points in your netwrok for troubleshooting purpose

1. Make sure that NTP server IP address(es) mentioned above is reachable by pinging the server IP address(es).
2. Enable the debug ntp packet command to make sure that NTP packets are received from the server(s).
3. Make sure that NTP packets are not blocked by the access-list statement.

The output shows a NTP clock status of 'unsynced' with the following NTP server(s):
172.16.1.66

1. Verify that the 'stratum' value configured on the server is valid for your setup. Configure a high stratum number to ensure that this router does not override the clock on another system with a lower stratum number. The lower stratum number indicates a more reliable clock.
2. If authentication is configured between the server and the client, make sure that authentication-key number and md5 key value matches. Also, verify that the command ntp server {server_address} key {key} is included in the client configuration.
3. Make sure that NTP packets are not blocked by the access-list statement.

Hope to Help !!

Ganesh.H

Daniel Mckibbin · ‎12-07-2010

I've tried high and low stratum numbers, Connectivity is fine, no authentication, and there are no access lists blocking ntp. If there was an access list wouldn't it block those packets from being received in my debug ntp packets command?

cadet alain · ‎12-07-2010

You said your xp machine which is your NTP server is stratum 15 but it is getting ntp from stratum 1 servers so it should be startum 2.

Take a look here: http://www.cisco.com/en/US/tech/tk648/tk362/technologies_tech_note09186a0080a23d02.shtml

Don't forget to rate helpful posts.

Daniel Mckibbin · ‎12-08-2010

Hey cade,

I tried doing that and ntp packets were no longer being received at all. I went back to what I was doing before and added the public NTP servers on the router and the switch. The router is now associated and sychronized. No idea why it wasn't doing it before since it's the same config:

ntp clock-period 17179824

ntp server 207.200.81.113

ntp server 69.25.96.13

ntp server 64.147.116.229

ntp server 216.171.124.36

      address         ref clock     st when poll reach delay offset    disp
+~207.200.81.113   .ACTS.            1   139   256   77    32.6    3.51   375.2
*~69.25.96.13      .ACTS.            1   252   256 377    37.5   -1.05     0.7
+~64.147.116.229   .ACTS.            1   154   512   77    22.8    0.52   376.2
-~216.171.124.36   .ACTS.            1   168   256   77    33.4   -3.14   376.5
* master (synced), # master (unsynced), + selected, - candidate, ~ configured

Clock is synchronized, stratum 2, reference is 69.25.96.13
nominal freq is 250.0000 Hz, actual freq is 250.0006 Hz, precision is 2**24
reference time is D0AA9788.DDE90C33 (16:47:20.866 MST Wed Dec 8 2010)
clock offset is -0.2313 msec, root delay is 38.86 msec
root dispersion is 4.18 msec, peer dispersion is 3.62 msec

The switch is still having problems. It has the same configuration as the router except it has a source of vlan 100 which is my management vlan. I've tried it with and without with no success. It looks like the issue is because there is no connectivity even though there is a gateway defined, I'm surfing the net through the switch. From a host on vlan 200 I'm able to ping all addresses except for the first one.

From host on vlan 200:

Ping statistics for 207.200.81.113:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\Daniel>
C:\Users\Daniel>ping google.com

Pinging google.com [66.102.7.99] with 32 bytes of data:
Reply from 66.102.7.99: bytes=32 time=25ms TTL=57
Reply from 66.102.7.99: bytes=32 time=23ms TTL=57
Reply from 66.102.7.99: bytes=32 time=22ms TTL=57
Reply from 66.102.7.99: bytes=32 time=23ms TTL=57

Ping statistics for 66.102.7.99:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 22ms, Maximum = 25ms, Average = 23ms

\

C:\Users\Daniel>ping 69.25.96.13

Pinging 69.25.96.13 with 32 bytes of data:
Reply from 69.25.96.13: bytes=32 time=40ms TTL=55
Reply from 69.25.96.13: bytes=32 time=36ms TTL=55
Reply from 69.25.96.13: bytes=32 time=45ms TTL=55
Reply from 69.25.96.13: bytes=32 time=38ms TTL=55

Ping statistics for 69.25.96.13:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 45ms, Average = 39ms

C:\Users\Daniel>ping 64.147.116.229

Pinging 64.147.116.229 with 32 bytes of data:
Reply from 64.147.116.229: bytes=32 time=24ms TTL=56
Reply from 64.147.116.229: bytes=32 time=23ms TTL=56
Reply from 64.147.116.229: bytes=32 time=23ms TTL=56
Reply from 64.147.116.229: bytes=32 time=21ms TTL=56

Ping statistics for 64.147.116.229:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 21ms, Maximum = 24ms, Average = 22ms

C:\Users\Daniel>ping 216.171.124.36

Pinging 216.171.124.36 with 32 bytes of data:
Reply from 216.171.124.36: bytes=32 time=35ms TTL=52
Reply from 216.171.124.36: bytes=32 time=34ms TTL=52
Reply from 216.171.124.36: bytes=32 time=36ms TTL=52
Reply from 216.171.124.36: bytes=32 time=34ms TTL=52

Ping statistics for 216.171.124.36:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 34ms, Maximum = 36ms, Average = 34ms

C:\Users\Daniel>

From the Switch:

LAN_SWITCH>ping 207.200.81.113

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 207.200.81.113, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LAN_SWITCH>ping 69.25.96.13

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 69.25.96.13, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LAN_SWITCH>ping 64.147.116.229

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 64.147.116.229, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LAN_SWITCH>ping 216.171.124.36

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 216.171.124.36, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5)

LAN_SWITCH>

Configured Default Gateway

ip default-gateway 172.16.2.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms

Vlan100 172.16.2.1 YES NVRAM up up - On Switch

I tried disabling ARP Inspection with no luck. Anyone have any ideas on this strange behavior? You would think all of those addresses on the switch would be forwarded to the router which has a static route to reach them, like it is doing with the hosts attached to the vlans.

Thanks,

Daniel

Daniel Mckibbin · ‎12-08-2010

Guys,

I figured it out!

the problem had nothing to do with ntp at all. The follow subnets are on both my router and switch:

Vlan1                  unassigned      YES NVRAM administratively down down
Vlan100                172.16.2.1      YES NVRAM up                    up
Vlan200                172.16.1.3      YES NVRAM up                    up
Vlan300                172.16.1.34     YES NVRAM up                    up
Vlan400                172.16.1.94     YES NVRAM up                    up
FastEthernet0/1        unassigned      YES unset up                    up
FastEthernet0/2        unassigned      YES unset up                    up

Vlan's 200-400 were being matched by acl 1 to be nat'd

Standard IP access list 1
10 permit 172.16.1.0, wildcard bits 0.0.0.95 (13745 matches)

Vlan 100 is not being matched by the ACL statement and since 172.16.2.2 is being used at the default gateway 172.16.1.1 must have been the source when trying to reach those addresses. Because it wasn't being matched in the acl statement it was being dropped. I added sequence # 20 permitting this subnet and everything works flawlessly now!

Added sequence # - 20 permit 172.16.2.0, wildcard bits 0.0.0.3 (8 matches)

Show Commands:

LAN_SWITCH#ping 207.200.81.113

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 207.200.81.113, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
LAN_SWITCH#ping 69.25.96.13

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 69.25.96.13, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/40 ms
LAN_SWITCH#ping 64.147.116.229

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 64.147.116.229, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/24/32 ms
LAN_SWITCH#ping 216.171.124.36

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 216.171.124.36, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 32/32/36 ms

      address         ref clock     st when poll reach delay offset    di
+~207.200.81.113   .ACTS.            1     9    64    3    31.2    6.99 7879
+~69.25.96.13      .ACTS.            1     5    64    3    36.5    1.64 7882
*~64.147.116.229   .ACTS.            1    19    64    3    21.3    4.99 7879
+~216.171.124.36   .ACTS.            1    16    64    3    32.2   -0.05 7879
* master (synced), # master (unsynced), + selected, - candidate, ~ configure

Clock is synchronized, stratum 2, reference is 64.147.116.229
nominal freq is 250.0000 Hz, actual freq is 249.9956 Hz, precision is 2**18
reference time is D0AAA8D7.9EA33855 (18:01:11.619 MST Wed Dec 8 2010)
clock offset is 3.3923 msec, root delay is 21.29 msec
root dispersion is 7899.69 msec, peer dispersion is 7894.70 msec

As you can see the first server still seems to be unreachable. Oh well it's working now. I appreciate everyones help!

Thanks,

Daniel

Daniel Mckibbin · ‎12-08-2010

Cadetalain,

Even though your's was not the correct answer I selected one of the posts as "correct answer" since you've been so helpful to me!

cadet alain · ‎12-09-2010

Hi Daniel,

Thanks for feedback.

regards.

Don't forget to rate helpful posts.