Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4666
Views
0
Helpful
8
Replies

NTP questions

Go to solution
NormMuelleman
Level 1
Level 1

‎12-30-2012 10:25 AM - edited ‎03-07-2019 10:50 AM

I've posted NTP questions before, and having NTP issues again.

We are a smaller network, with about 30 switches. The access and distro switches all are configured with

ntp server 192.168.xxx.xxx

So in essence, all switches point to the core switch for NTP time.

Our core has ntp server 10.xxx.xxx.xxx, where it's pointing to our router for NTP. The router is pointed to an authenticated time source.

Also, our core has another entry in the config

ntp source vlan xxx

If I understand this correctly, the core is using the 10.xxx.xxx.xxx as it's time server. But ntp source indicates where the device should get it's time from on which interface. This just seems duplicated....

Now, let's say the core's source is being blocked (ntp got blocked on the firewall). So the core loses it's time, and goes back to the cisco default time.

My follow-up question is this: if I manually set the time on the CORE switch, should it not propagate the time to the distro/access switches, since they are all pointing to it as the ntp server? I've done this, but the access/distro switches aren't picking up the correct time.

I also did a debug ntp sync, debug ntp packets, debug ntp events, etc.....and have never seen any ntp packets or anything pop up.

How often does Cisco IOS do ntp time packets for time synch?

I have IOS 12.2 (53), and have tried to issue ntp master on the core. It won't take the command.

Thoughts and replies are most appreciated

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to NormMuelleman

‎12-30-2012 01:40 PM

Norm,

The 3750 series switches can't be configured as NTP master:

From the config guide:

The switch does not have a hardware-supported  clock and cannot function as an NTP master clock to which peers  synchronize themselves when an external NTP source is not available. The  switch also has no hardware support for a calendar. As a result, the ntp update-calendar and the

ntp master

global configuration commands are not available.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swadmin.html

HTH

View solution in original post

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to NormMuelleman

‎12-30-2012 02:10 PM

"NTP Master" can only be used in routers and the 6500, if I remembered correctly.  And I think the 4500 will also support this command.

Honestly, I've had my fair share of "ntp master" issues and I personally won't recommend it.

You have but two options for NTP, and they are:

1.  You need to sync your NTP to a source outside; or

2.  Get a DEDICATED GPS-based NTP server.  Don't get those "lite" NTP server which still has to go outside.

When you stick the command "ntp master" in your router, it tells everyone that the router is a trusted source.  So if your router has 01 March 2001 date and time, guess what?  Your entire network will be based off this time. 

View solution in original post

0 Helpful
8 Replies 8

Go to solution
cadet alain
VIP Alumni
VIP Alumni

‎12-30-2012 12:35 PM

hi,

For you core switch to provide time sync with ntp you must issue   global config command ntp master on the core switch.

regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
0 Helpful

Go to solution
NormMuelleman
Level 1
Level 1
In response to cadet alain

‎12-30-2012 01:23 PM

Cadet alain:

I have IOS 12.2 (53), and have tried to issue ntp master on the core. It won't take the command.

I have tried that. That's why I stated above. I don't know what's up with the switch not taking the ntp master command. I tried it in global config mode, and it keeps saying unrecognized command. NTP Peer, NTP Server, NTP authentication, etc. all show up. I've used NTP Master before. Our core is a stacked 3750..I dont think that would make a difference, but I've been wrong with that before...

So if I can't use NTP Master, I'm stuck until NTP blockage is corrected at the firewall I guess.

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to NormMuelleman

‎12-30-2012 01:40 PM

Norm,

The 3750 series switches can't be configured as NTP master:

From the config guide:

The switch does not have a hardware-supported  clock and cannot function as an NTP master clock to which peers  synchronize themselves when an external NTP source is not available. The  switch also has no hardware support for a calendar. As a result, the ntp update-calendar and the

ntp master

global configuration commands are not available.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swadmin.html

HTH

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to NormMuelleman

‎12-30-2012 02:10 PM

"NTP Master" can only be used in routers and the 6500, if I remembered correctly.  And I think the 4500 will also support this command.

Honestly, I've had my fair share of "ntp master" issues and I personally won't recommend it.

You have but two options for NTP, and they are:

1.  You need to sync your NTP to a source outside; or

2.  Get a DEDICATED GPS-based NTP server.  Don't get those "lite" NTP server which still has to go outside.

When you stick the command "ntp master" in your router, it tells everyone that the router is a trusted source.  So if your router has 01 March 2001 date and time, guess what?  Your entire network will be based off this time. 

0 Helpful

Go to solution
NormMuelleman
Level 1
Level 1
In response to Leo Laohoo

‎12-30-2012 03:54 PM

Reza and Leolahooo..

That's what I needed to know. I thought it had something to do with the 3750 not being allowed to be NTP master..just couldnt find the info and got sidetracked.

Yeah, we ARE pointing to an outside soure..it WAS working until the firewall team blocked NTP again...

Have to re-open NTP for our core switch.

The core points to our router..but again, NTP is blocked

Thanks for all your help! Bottom line, 3750 is useless for NTP Master

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to NormMuelleman

‎12-30-2012 04:00 PM

Thanks for the ratings.

Get an NTP server with GPS.  They are fairly cheap in the market nowadays.

Don't get the one without any GPS antennas (because they are NOT GPS-based NTP server). 

This method is going to be your "redundancy", in case you have issues (again) with something blocking access to S/NTP.

Another thing, some routers have a command "ntp update-calendar".  This is very useful when a router reboots power AND your NTP link is blocked.  The command allows the router to "save" NTP syncs regularly.  So when a router reboots, it'll search for this sync and goes immediately to correct time before NTP could sync.  Very handy. 

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Leo Laohoo

‎12-30-2012 04:14 PM

Hi Leo,

When you say "fairly cheap"  how much are you talking about?

Because I installed a brand new GPS system including Antenna, GPS Server, and Sync Servers, all made by Symmetricom

and that was not cheap.

http://www.symmetricom.com/

Reza

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame
In response to Reza Sharifi

‎12-30-2012 04:33 PM

Hi Reza,

A few years ago, we were looking and we saw a 1RU for about AU$900 and in the size of a computer HDD.  Now let me warn you that ANYTHING in Australia is VERY, VERY EXPENSIVE.

We didn't buy it then and we're now re-evaluating this.

Found this though:  http://www.veracityglobal.com/products/networked-video-integration/timenet.aspx

Like the bit that said "PoE".  Hmmmm ...

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card