04-09-2021 08:06 AM
Hello All,
I updated a customers NTP settings on a 3925 but unable to change the stratum to a lower value (currently 16) to make it the default NTP to point to. The master is set to the Router and I am unable to change that to point to 172.17.7.254.
VG#sh ntp associations
address ref clock st when poll reach delay offset disp
*~127.127.1.1 .LOCL. 7 11 16 377 0.000 0.000 0.231
~172.17.7.254 .INIT. 16 - 1024 0 0.000 0.000 15937.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
Any help will greatly be appreciated, have searched loads of pages but nothing to point me in the right direction or what am I missing?
Keep safe!
J Slabber
Solved! Go to Solution.
04-10-2021 11:47 PM - edited 04-11-2021 09:06 AM
Isn’t 172.17.7.254 the VG, at least that is the IP you gave in the first post as the ntp server that CM uses to get its time? If so it would look like you have the VG set to get time from itself and I doubt that it is correct. If I misunderstood this completely can you please show a show ntp status of the VG?
Have a look at this post on how to configure the IOS device (VG) as a NTP server. https://www.google.se/amp/s/blog.noblinkyblinky.com/2019/08/02/configuring-ntp-on-a-cisco-device/amp/
As per it you can point the IOS device to a NTP source for it to get it’s time or it can use its own internal clock, then you define what stratum value it will advertise by setting the value it got from its server, if any, and add 1. In the blog post it is set to 3 by the use of ntp master 3.
04-11-2021 04:18 AM
This is the configuration on my gateway. Gateway Sync from time.google.com and CUCM sync from VG. When making the gateway as NTP i kept the stratum value 2.
jlrvg#sh run | sec ntp
ntp master 2
ntp server time.google.com
jlrvg#sh ntp associations
address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 1 8 16 377 0.000 0.000 1.204
*~216.239.35.12 .GOOG. 1 662 1024 377 119.00 -0.278 1.109
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
04-09-2021 09:36 AM
Doesn’t the stratum get set by the value of the NTP system you point to and that in its turn is set to the value of the NTP system that it points to plus one. Meaning that the NTP system advertises the stratum value to its clients. I don’t think that you can change this on the client.
04-09-2021 12:59 PM
Hello,
The upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized. The NTP is most likely unreachable from CUCM. You need to verify the NTP connectivity. I suggest running a packet capture on the publisher.
1. Log in to the publisher CLI and start the capture with the command "utils network capture eth0 port 123 file PCAP count 100000 size all"
2. Restart the NTP using "utils ntp restart"
3. Wait until the service is restarted and wait for about a minute after that
4. Stop the packet capture with CTRL+C
5. Obtain via RTMT > Trace & Log central > Collect files > Packet capture logs
6. Open Wireshark and verify that you have a bidirectional NTP communication between the CUCM and the NTP server
04-10-2021 03:45 AM
Hello Kaloyan,
Thanks for the information but the problem is on the Voice Gateway 3925. I can ping the NTP server and visa versa. Also the networks team confirmed I should be able to reach the NTP from the VG. I do not wish to change NTP on CUCM or CUC as it's pointed to the VG.
Appreciate your feedback.
04-11-2021 12:02 AM
@Kaloyan is absolutely correct, a value of 16 does indeed indicate that the client is not synchronised with the specific server. See this wiki post for additional information. https://en.m.wikipedia.org/wiki/Network_Time_Protocol
04-10-2021 09:14 AM
Hello Jan,
Ping only proves that you have ICMP connectivity and IP routing. It doesn't prove that you have all kinds of connectivity. There might be something in your network that blocks communication on port 123 (used by the NTP).
If you've followed my steps and taken the packet capture, you would've been able to verify that. I'm 95% sure that the CUCM doesn't receive any NTP traffic from the VG.
04-10-2021 11:38 AM
Hello again,
Yes the CUCM gets time from the VG; in the CUCM NTP settings it has the VG IP, but where does the VG get the time? That is why I said the problem lies between the VG and 172.17.7.254 which is the firewall. I will ask the security guys to check again and see if there is any issue not recognized before but they were certain all is open to send/receive data.
Regards,
Jan
04-10-2021 07:09 PM
Could you post the VG ntp configurations ?
04-10-2021 10:32 PM
ntp source Loopback0
ntp master
ntp server 172.17.7.254 prefer
04-10-2021 11:47 PM - edited 04-11-2021 09:06 AM
Isn’t 172.17.7.254 the VG, at least that is the IP you gave in the first post as the ntp server that CM uses to get its time? If so it would look like you have the VG set to get time from itself and I doubt that it is correct. If I misunderstood this completely can you please show a show ntp status of the VG?
Have a look at this post on how to configure the IOS device (VG) as a NTP server. https://www.google.se/amp/s/blog.noblinkyblinky.com/2019/08/02/configuring-ntp-on-a-cisco-device/amp/
As per it you can point the IOS device to a NTP source for it to get it’s time or it can use its own internal clock, then you define what stratum value it will advertise by setting the value it got from its server, if any, and add 1. In the blog post it is set to 3 by the use of ntp master 3.
04-11-2021 04:18 AM
This is the configuration on my gateway. Gateway Sync from time.google.com and CUCM sync from VG. When making the gateway as NTP i kept the stratum value 2.
jlrvg#sh run | sec ntp
ntp master 2
ntp server time.google.com
jlrvg#sh ntp associations
address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 1 8 16 377 0.000 0.000 1.204
*~216.239.35.12 .GOOG. 1 662 1024 377 119.00 -0.278 1.109
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
04-11-2021 04:37 AM
Hello Nithin,
Thanks for the response, that seemed to have helped. I also saw that my ntp source address was Loopback 0 so I changed it to G0/2
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/2
ntp master 2
ntp server time.google.com
!
VG#sh ntp associations
address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 1 7 16 17 0.000 0.000 937.66
*~216.239.35.12 .GOOG. 1 51 128 1 165.06 0.167 1937.7
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
VG#
Thank you again and thank you to all other respondents!
Keep safe!
04-11-2021 05:01 AM
Might I ask what in that answer is different than what I answered earlier that led you to not mark my response as an answer?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide