cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2543
Views
40
Helpful
12
Replies

Unable to change stratum on NTP entry

Jan Slabber
Level 1
Level 1

Hello All,

 

I updated a customers NTP settings on a 3925 but unable to change the stratum to a lower value (currently 16) to make it the default NTP to point to.  The master is set to the Router and I am unable to change that to point to 172.17.7.254.

 

VG#sh ntp associations

address             ref clock        st      when    poll      reach delay offset disp
*~127.127.1.1 .LOCL.            7       11        16        377 0.000 0.000 0.231
~172.17.7.254 .INIT.              16       -         1024     0 0.000 0.000 15937.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured

Any help will greatly be appreciated, have searched loads of pages but nothing to point me in the right direction or what am I missing?

 

Keep safe!

J Slabber

2 Accepted Solutions

Accepted Solutions

Isn’t 172.17.7.254 the VG, at least that is the IP you gave in the first post as the ntp server that CM uses to get its time? If so it would look like you have the VG set to get time from itself and I doubt that it is correct. If I misunderstood this completely can you please show a show ntp status of the VG?

Have a look at this post on how to configure the IOS device (VG) as a NTP server. https://www.google.se/amp/s/blog.noblinkyblinky.com/2019/08/02/configuring-ntp-on-a-cisco-device/amp/

As per it you can point the IOS device to a NTP source for it to get it’s time or it can use its own internal clock, then you define what stratum value it will advertise by setting the value it got from its server, if any, and add 1. In the blog post it is set to 3 by the use of ntp master 3.



Response Signature


View solution in original post

This is the configuration on my gateway. Gateway Sync from time.google.com and CUCM sync from VG. When making the gateway as NTP i kept the stratum value 2.

 

 

jlrvg#sh run | sec ntp
ntp master 2
ntp server time.google.com

 

 

 

 

jlrvg#sh ntp associations

address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 1 8 16 377 0.000 0.000 1.204
*~216.239.35.12 .GOOG. 1 662 1024 377 119.00 -0.278 1.109
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured



Response Signature


View solution in original post

12 Replies 12

Doesn’t the stratum get set by the value of the NTP system you point to and that in its turn is set to the value of the NTP system that it points to plus one. Meaning that the NTP system advertises the stratum value to its clients. I don’t think that you can change this on the client.



Response Signature


Kaloyan
Cisco Employee
Cisco Employee

Hello,

 

The upper limit for stratum is 15; stratum 16 is used to indicate that a device is unsynchronized. The NTP is most likely unreachable from CUCM. You need to verify the NTP connectivity. I suggest running a packet capture on the publisher. 

 

1. Log in to the publisher CLI and start the capture with the command "utils network capture eth0 port 123 file PCAP count 100000 size all"

2. Restart the NTP using "utils ntp restart"

3. Wait until the service is restarted and wait for about a minute after that

4. Stop the packet capture with CTRL+C

5. Obtain via RTMT > Trace & Log central > Collect files > Packet capture logs

6. Open Wireshark and verify that you have a bidirectional NTP communication between the CUCM and the NTP server

Hello Kaloyan,

 

Thanks for the information but the problem is on the Voice Gateway 3925.  I can ping the NTP server and visa versa. Also the networks team confirmed I should be able to reach the NTP from the VG.  I do not wish to change NTP on CUCM or CUC as it's pointed to the VG.

 

Appreciate your feedback.

@Kaloyan is absolutely correct, a value of 16 does indeed indicate that the client is not synchronised with the specific server. See this wiki post for additional information. https://en.m.wikipedia.org/wiki/Network_Time_Protocol



Response Signature


Kaloyan
Cisco Employee
Cisco Employee

Hello Jan,

 

Ping only proves that you have ICMP connectivity and IP routing. It doesn't prove that you have all kinds of connectivity. There might be something in your network that blocks communication on port 123 (used by the NTP).

 

If you've followed my steps and taken the packet capture, you would've been able to verify that. I'm 95% sure that the CUCM doesn't receive any NTP traffic from the VG. 

Hello again,

 

Yes the CUCM gets time from the VG; in the CUCM NTP settings it has the VG IP, but where does the VG get the time? That is why I said the problem lies between the VG and 172.17.7.254 which is the firewall.  I will ask the security guys to check again and see if there is any issue not recognized before but they were certain all is open to send/receive data.

 

Regards,

Jan

Could you post the VG ntp configurations  ?

 

 

 



Response Signature


ntp source Loopback0
ntp master
ntp server 172.17.7.254 prefer

Isn’t 172.17.7.254 the VG, at least that is the IP you gave in the first post as the ntp server that CM uses to get its time? If so it would look like you have the VG set to get time from itself and I doubt that it is correct. If I misunderstood this completely can you please show a show ntp status of the VG?

Have a look at this post on how to configure the IOS device (VG) as a NTP server. https://www.google.se/amp/s/blog.noblinkyblinky.com/2019/08/02/configuring-ntp-on-a-cisco-device/amp/

As per it you can point the IOS device to a NTP source for it to get it’s time or it can use its own internal clock, then you define what stratum value it will advertise by setting the value it got from its server, if any, and add 1. In the blog post it is set to 3 by the use of ntp master 3.



Response Signature


This is the configuration on my gateway. Gateway Sync from time.google.com and CUCM sync from VG. When making the gateway as NTP i kept the stratum value 2.

 

 

jlrvg#sh run | sec ntp
ntp master 2
ntp server time.google.com

 

 

 

 

jlrvg#sh ntp associations

address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 1 8 16 377 0.000 0.000 1.204
*~216.239.35.12 .GOOG. 1 662 1024 377 119.00 -0.278 1.109
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured



Response Signature


Hello Nithin,

 

Thanks for the response, that seemed to have helped.  I also saw that my ntp source address was Loopback 0 so I changed it to G0/2

!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/2
ntp master 2
ntp server time.google.com
!

VG#sh ntp associations

address ref clock st when poll reach delay offset disp
~127.127.1.1 .LOCL. 1 7 16 17 0.000 0.000 937.66
*~216.239.35.12 .GOOG. 1 51 128 1 165.06 0.167 1937.7
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
VG#

 

Thank you again and thank you to all other respondents!

Keep safe!

 

 

Might I ask what in that answer is different than what I answered earlier that led you to not mark my response as an answer?



Response Signature


Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: