They need to allow NTP (TCP 123) inbound and outbound.

Sean:

As I suspected, you do not have connectivity to the NTP server. If the firewall is what is blocking you, you must contact the security group, assuming you have one, and ask them to allow NTP traffic from your router. They may want you to configure a loopback interface and source the NTP traffic from there (use the command I gave you above to make that happen).

Once they configure the firewall, try PINGing the NTP server and executing a telnet to the NTP server address on port 123 and make sure you source the loopback interface, IF you ended up having to soucre the loopback interface.

HTH

If so, kindly rate this post.

If there is a 7206 at the main site which is accessing the NTP server with no problem, then I am guessing that the firewall has permit statements for NTP. There may be an issue if the source addresses are restricted in the permit statements.

I still wonder if the issue could be translation of addresses is not translating the request sourced from the router. It is probably using its outward facing interface address as the source address. I wonder if it would work better if the router used the ntp source command to specify using the LAN interface as the source of the NTP request.

Sean

It occurs to me that if your 7206 is learning NTP that it might be an option to have the router at the school(s) learn NTP from the 7206 rather than having it also go to the Internet source for NTP.

HTH

Rick

Rick-

So basically what you are saying is that the 2651 school router should source NTP from the 7206? Also would I configure the FE0/0 interface on the 2651 to point to the 7206 or the ATM1/0.10 interface?

Sean

Sean

Yes I am suggesting that having the 2651 learn NTP from the 7206 would probably be easier and would be adequate. On the 2651 change the ntp server command so that it points to the 7206 rather than to the Internet NTP server.

If you are going to the 7206 it probably does not matter which address is the source address. So for now do not worry about the ntp source command. If we think later that we might need it then we will figure it out later.

HTH

Rick

Rick-

Would I use the following command based on my timezone for DST(I'm in the East):

Router(config)# clock summer-time CDT or EDT recurring

I noticed the 7206 is an hour off.

Sean

Sean

First it does not really matter whether you use CDT or EDT in the command. All that is doing is establishing a label that the router will apply when it timestamps things like log records. Since you are in the East it would probably be logical to use EDT, but frankly you can use anything there that you want and the only thing it will impact is your log records.

There might be a couple of reasons why your 7206 is an hour off. Was it right and then got wrong when we went to daylight saving last weekend? If so then the reason that it is an hour off is that the version of code that it is running is operating with the old date for daylight savings and it will get right in a couple of weeks. Or you can modify the configuration to allow for the different dates. You could use this in the config if you wish the router to process the new dates:

clock summer-time EDT recurring 2 Sun Mar 2:00 1 Sun Nov 2:00

If the issue is not the change in daylight savings dates then perhaps the 7206 does not have the correct offset for NTP. In the clock timezone command what offset is specified. For the East it should be -5. If it were -4 or -6 it would explain the router being 1 hour off.

HTH

Rick