04-29-2017 10:56 AM - edited 07-05-2021 06:57 AM
Manual and/or NTP timing issue:
2504 WLC=poe Switch - couple of AP`s
When - for example accidentally power cut - your wlc is not having power
: for 5 minutes, but it doesn`t have an ntp -> it`s time might will come back same as the configured ap`s
:for longer then 5 minutes -> it will loose its time and get back to by default what is - - - Sat Jan 1 00:00:00 2000 , so you will never forget the first day of the 21 century was a Saturday. How good is that, Cisco reminds you where the 2K starts.
If you use an ntp server - I am only tested with cisco ios ntp - internal server, was not tested with external ntp, but later on I will do that - you will see, it might not working, the wlc and the router is "not in sync" , they not synchronizing the time with each other.
But lets dig deeper here:
- connection:
CiscoRouter 192.168.0.1 --- SW ---- 192.168.0.5 WLC
- config used in router:
ntp logging
ntp authentication-key 1 md5 CiscoTimeKey
ntp authenticate
ntp trusted-key 1
ntp source Vlan1
ntp access-group ipv4 peer 1
ntp master 5
ntp max-associations 5
ntp update-calendar
ntp server 192.168.0.1 prefer version 4 burst key 1 source Vlan 1
ntp peer 192.168.0.5
- config on wlc
config time ntp key-auth add 1 md5 ascii CiscoTimeKey
config time ntp auth enable 1 1
config time ntp server 1 192.168.0.1
Go to the GUI on wlc and check the "NTP" section / dont forget to save.
( on the wlc leave the "ntp time interval : 600 " as by default )
CiscoRouter#sh ntp associations
address ref clock st when poll reach delay offset disp
*~127.127.1.1 .LOCL. 4 12 16 377 0.000 0.000 0.232
~192.168.0.1 .INIT. 16 - 64 0 0.000 0.000 15937.
~192.168.0.5 .INIT. 16 - 512 0 0.000 0.000 15937.
* sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
CiscoRouter#
(Cisco Controller) show>time
Time............................................. Sat Jan 1 00:05:24 2000
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 600
Index NTP Key Index NTP Server Status NTP Msg Auth Status
------- ----------------------------------------------------------------------------------------------
1 1 192.168.0.1 Not Synched AUTH SUCCESS
CiscoRouter#sh ntp packets
Ntp In packets : 348
Ntp Out packets : 367
Ntp bad version packets : 348
Ntp protocol error packets : 0
... still nothing... so the router sending ntp pakets out and the coming back packets are flagged as "bad" packets..
CiscoRouter#sh ntp packets
Ntp In packets : 446
Ntp Out packets : 469
Ntp bad version packets : 446
Ntp protocol error packets : 0
..still nothing ...
CiscoRouter#sh ntp packet
Ntp In packets : 638
Ntp Out packets : 692
Ntp bad version packets : 638
Ntp protocol error packets : 0
... and suddenly something happens .. (after 18 minutes of misery)
Time............................................. Fri Apr 28 08:32:00 2017
Timezone delta................................... 0:0
Timezone location................................
NTP Servers
NTP Polling Interval......................... 600
Index NTP Key Index NTP Server Status NTP Msg Auth Status
------- ----------------------------------------------------------------------------------------------
1 1 192.168.0.1 In Sync AUTH SUCCESS
..and all your AP`s are back again.
.. if you know the right - detailed answer why, please let me know !!!
SHARE IT !
04-29-2017 10:59 AM
confirmation about the AP`s uptime:
UP Time
0 d, 01 h 50 m 37 s
Controller Associated Time
0 d, 01 h 32 m 22 s
Controller Association Latency
0 d, 00 h 18 m 14 s
so you should wait around 18 minutes. Tested on three different router-sw-wlc setup, all works with the configuration above.
SHARE IT !
04-29-2017 04:45 PM
Makes sense.
The router(s), 192.168.0.1 & 192.168.0.15, is classed as "Stratum 16". This means it's the "least" trustworthy. So the WLC, I guess is cycling through "shopping" for a trustworthy NTP packets being offered.
We use InfoBlox as our NTP server and I've got 12 controllers and I have never seen a problem with our type of setup. Our InfoBlox is classed as "Stratum 2". We also have a Linux server with a second job of being an NTP server and >1k routers and switches are pointed to it. Like our InfoBlox it's classed as a "Stratum 2" and we've got no issues with NTP synchronizing after a reboot or power outages.
NOTE: The only time I saw where NTP synchronize took >4 minutes, more like 10 minutes, after a reboot or power outage was due to a bug with the IOS code.
So what happens if your router goes out to the internet and gets synchronized to an authoritative time-source.
Another thing, NTP can get slowed down by a lot of things, like ACL and authentication. Want to speed things up? Keep it simple. The command "ntp server <IP ADDRESS>" is as simple as it gets.
04-30-2017 07:13 AM
Hello Leo,
Thanks for your advice, I will test later what can speed this process up.
I will also try what if when the ios router also have ntp external and ntp internal in the same time, but what I more concern is this:
CiscoRouter#sh ntp packet
Ntp In packets : 638
Ntp Out packets : 692
Ntp bad version packets : 638
Ntp protocol error packets : 0
no error on the ntp packets, but the "not forming ntp synchronization, because the version of the ntp packet..
This example is with the by default ntp version 4, but when I tried with verson 3 or version 2, got exactly the same result .. ( more or less, with ver3 was 18:35 , with ver2 was 18:10 )
The "ntp master 5 " said this example on Stratum 5, I will also try what if I will change it to Startum 2.
Thanks for the comments !
04-30-2017 01:52 PM
The command "ntp master" will only make matters a lot worst. The command, literally, translate to the router telling everyone "Hey, look. I am an authoritative time source." when it's not. It's not because Cisco routers cannot keep an accurate time without synchronizing to an authoritative time source.
May we, if it's possible, ask the logic or the reasoning behind this exercise of having the router NOT get authoritative NTP time synchronization?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide