06-24-2009 07:16 AM - edited 03-06-2019 06:26 AM
Hi,
my customer has following NTP setup:
On C6500:
....
ntp clock-period 17180036
ntp source Vlan1
ntp master 2
ntp update-calendar
ntp peer 195.146.147.3 prefer
on ASA:
....
ntp server 217.118.109.178 source Outside prefer
I made same show commands to view current status:
C6500:
Central-C6506-E#show ntp status
Clock is synchronized, stratum 2, reference is 127.127.7.1
nominal freq is 250.0000 Hz, actual freq is 249.9975 Hz, precision is 2**18
reference time is CDECBB11.66582776 (16:47:45.399 GMT Wed Jun 24 2009)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec
--------------
Central-C6506-E#show ntp associations
address ref clock st when poll reach delay offset disp
*~127.127.7.1 .LOCL. 1 55 64 377 0.0 0.00 0.0
~195.146.147.3 0.0.0.0 16 - 1024 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
---------------
Central-C6506-E#show clock detail
16:48:46.860 GMT Wed Jun 24 2009
Time source is NTP
Summer time starts 02:00:00 GMT Sun Mar 29 2009
Summer time ends 03:00:00 GMT Sun Oct 25 2009
on ASA:
ASA# show ntp status
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 99.9984 Hz, actual freq is 100.0188 Hz, precision is 2**6
reference time is cd7dafda.e4f5dbf6 (11:18:18.894 CEDT Wed Apr 1 2009)
clock offset is -2.3843 msec, root delay is 0.50 msec
root dispersion is 52.11 msec, peer dispersion is 22.64 msec
--------------------
ASA# show ntp associations
address ref clock st when poll reach delay offset disp
~217.118.109.178 194.160.23.2 2 84d 64 0 -0.0 -2.38 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
--------------------
ASA# show clock detail
16:46:11.870 CEDT Wed Jun 24 2009
Time source is NTP
Summer time starts 02:00:00 CEST Sun Mar 29 2009
Summer time ends 03:00:00 CEDT Sun Oct 25 2009
Then i made clock comparison:
Real time was: 16:37:30
On C6500:
Central-C6506-E#show clock
16:41:46.716 GMT Wed Jun 24 2009
On ASA:
ASA# show clock
16:38:36.094 CEDT Wed Jun 24 2009
So the time on ASA is shifted front to one minute and on C6500 four minutes.
My questions:
Whats are reasons that the time is shifted?
How to setup time/change actual setting that the time will be right on this machines?
Many thanks.
Solved! Go to Solution.
06-29-2009 06:10 AM
the c6500 will be 1 hop away from an authoritive ntp source (stratum 1) and will therefore be stratum 2. any internal devices that use the c6500 as an ntp server will be stratum 3 and so on.
its essentially a hierarchical structure with the authoritative ntp source at the top - the url in my previous post explains it better.
06-29-2009 08:55 AM
I get the feeling that Lubos is looking at the issue believing that a device is either an NTP client or it is an NTP server. The way that Cisco implements NTP is that once a device has learned NTP time from an authoritative source (acting as a client) then the device will act as a server to other devices in the network. What Andrew is suggesting is generally considered as best practice in setting up NTP.
HTH
Rick
06-24-2009 08:58 AM
Lubos,
ASA# show ntp status
Clock is unsynchronized
This would be a reason why. To make sure that you allow the ip address of outside interface on ASA to access the NTP server,217.118.109.178. To make sure that this server,217.118.109.178 is running well.
HTH,
Toshi
06-25-2009 01:14 AM
Thank,
ntp server on address 217.118.109.178 was down so i configure new one.
So ASA is synchronized, but c6500 is not synchronized from ASA (195.146.147.3 is linux server).
If im right, c6500 is providing clock himself for all others devices on network (Clock is synchronized, stratum 2, reference is 127.127.7.1 - ntp master 2).
So how to set up right time? ... manualy set time on c6500 by clock command?
clock set xx.xx.xxxx .... ?
Thanks,
06-26-2009 03:23 AM
Nobody can help?
06-26-2009 06:44 AM
yes - looks like c6500 is providing clock itself. see
why don't you sync the c6500 with same external ntp source as the asa?
06-29-2009 04:30 AM
Because it is a customer system and i can't to change actual philosophy.
I want to synchronize it with external server but if i am right c6500 is always synchronized with himself at first.
C6506-E#show ntp associations
address ref clock st when poll reach delay offset disp
*~127.127.7.1 .LOCL. 1 55 64 377 0.0 0.00 0.0
~195.146.147.3 0.0.0.0 16 - 1024 0 0.0 0.00 16000.
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
So how to setup c6500 that will be synchronized from external internet server and at the same time provide clock synchronization for all other devices on network?
Thanks.
06-29-2009 04:50 AM
your 6500 config is currently setup not to use an external ntp source - see the following url for best practice and designs:
http://www.cisco.com/en/US/tech/tk869/tk769/technologies_white_paper09186a0080117070.shtml
to get the c6500 to sync with an external ntp source:
no ntp master 2
ntp server
you can then sync your internal network devices to the c6500.
06-29-2009 05:32 AM
Ok,
but if i do this then c6500 will not be a master clock to which peers synchronize themselves? - because c6500 wil not be longer a stratum 2 NTP server, it will act as a client like each other device on network....
Thats right?
Thanks.
06-29-2009 06:10 AM
the c6500 will be 1 hop away from an authoritive ntp source (stratum 1) and will therefore be stratum 2. any internal devices that use the c6500 as an ntp server will be stratum 3 and so on.
its essentially a hierarchical structure with the authoritative ntp source at the top - the url in my previous post explains it better.
06-29-2009 08:55 AM
I get the feeling that Lubos is looking at the issue believing that a device is either an NTP client or it is an NTP server. The way that Cisco implements NTP is that once a device has learned NTP time from an authoritative source (acting as a client) then the device will act as a server to other devices in the network. What Andrew is suggesting is generally considered as best practice in setting up NTP.
HTH
Rick
06-30-2009 01:07 AM
Thank you very much - problem is solved.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide