Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
882
Views
0
Helpful
5
Replies

NTP time providing not anymore working

Go to solution
patoberli
VIP Alumni
VIP Alumni

‎07-25-2019 12:03 AM

Hi all

I recently exchanged a Cat 6509 Sup2t with a brand new Cat9500-24y4c running IOS 16.11.1. 

I copy pasted the NTP configuration from the old one, which was working, to the new, but now the other switches can't anymore synchronize the time.

It's a fairly simple configuration (please note I removed internal IPs):

 

ntp logging
ntp source Vlan24
ntp access-group peer 96
ntp master 6
ntp server 82.220.2.2
ntp server 195.141.190.190
ntp server 192.33.96.102

9500R-SWV#show ntp st
Clock is synchronized, stratum 2, reference is 192.33.96.102  
nominal freq is 250.0000 Hz, actual freq is 250.0002 Hz, precision is 2**10
ntp uptime is 414194100 (1/100 of seconds), resolution is 4000
reference time is E0E3CF80.DE76CB18 (08:49:36.869 CEST Thu Jul 25 2019)
clock offset is -0.4386 msec, root delay is 1.66 msec
root dispersion is 14.46 msec, peer dispersion is 1.10 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.000000986 s/s
system poll interval is 1024, last update was 741 sec ago.

9500R-SWV#show ntp ass

  address         ref clock       st   when   poll reach  delay  offset   disp
  ~127.127.1.1     .LOCL.           5     10     16   377  0.000   0.000  1.204
 ~82.220.2.2      .STEP.          16      -   1024     0  0.000   0.000 15937.
+~195.141.190.190 10.17.10.20      3    510   1024   377  1.863  -0.232  1.039
*~192.33.96.102   .PPS.            1    744   1024   377  1.663  -0.438  1.104
 
 * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

The ACL allows the other switches to access it. 

 

 

Output from an affected switch:

 

2948X-1206-1#show ntp st
Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 286.1023 Hz, actual freq is 286.0966 Hz, precision is 2**20
ntp uptime is 631180800 (1/100 of seconds), resolution is 3496
reference time is E0D21269.614CEE51 (21:54:17.380 CEST Thu Jul 11 2019)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 17364.98 msec, peer dispersion is 0.00 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000019952 s/s
system poll interval is 64, last update was 1162252 sec ago.

 

Any ideas?

 

 

Thanks

Patrick

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to patoberli

‎07-25-2019 03:08 AM

 

 - As far as matches shown in extended ACL's you may find the thread below useful : note that because of the platform change ; there might be a difference as to where the extended ACL's are now processed (software or hardware) :

                 https://community.cisco.com/t5/switching/acl-not-showing-matches/td-p/997343

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '

View solution in original post

0 Helpful
5 Replies 5

Go to solution
marce1000
Hall of Fame
Hall of Fame

‎07-25-2019 12:40 AM

 

 - For testing purposes try removing the ACL. check if there is any  improvement.

  M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to marce1000

‎07-25-2019 02:22 AM

Removed that one ntp ACL, but it didn't help.



But it seems the vlan interface ACL is blocking it. After I removed it, it started to work. Now I wonder why that exact same ACL isn't anymore working....



Thanks for the hint.






0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to patoberli

‎07-25-2019 02:33 AM

One more thing.

Do you know why an extended ACL isn't any more showing the 'matches' like a standard ACL? Has that some when changed?

Can I somehow see which lines of the extended ACL have matches?






0 Helpful

Go to solution
marce1000
Hall of Fame
Hall of Fame
In response to patoberli

‎07-25-2019 03:08 AM

 

 - As far as matches shown in extended ACL's you may find the thread below useful : note that because of the platform change ; there might be a difference as to where the extended ACL's are now processed (software or hardware) :

                 https://community.cisco.com/t5/switching/acl-not-showing-matches/td-p/997343

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Go to solution
patoberli
VIP Alumni
VIP Alumni
In response to marce1000

‎07-25-2019 03:34 AM

Thanks, I guess this has changed between the two platforms.
Also interesting is that the interface ACL was ignored for L2 traffic in the previous hardware, while it isn't anymore now. Sadly a show tcam command doesn't anymore exist on my cat9500 platform, so I can't see any acl hits. I little disappointing.
0 Helpful
Customers Also Viewed These Support Documents