Second time i encounter this ntp problem but still have no clue.

Its from VOL4 Lab 6 ticket 7 and i have solved ticket 9, R5 is configured to reference bb3 as server ,but on show ntp ass detail command is shows:

204.12.3.254 configured, authenticated, insane, invalid, unsynced, stratum 16

ref ID .INIT., time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)

our mode client, peer mode unspec, our poll intvl 1024, peer poll intvl 1024

root delay 0.00 msec, root disp 0.00, reach 0, sync dist 15.94

delay 0.00 msec, offset 0.0000 msec, dispersion 15937.50

precision 2**24, version 4

org time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)

rec time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)

xmt time D496F36F.355EEEED (19:35:11.208 UTC Tue Jan 8 2013)

filtdelay =     0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00

filtoffset =    0.00    0.00    0.00    0.00    0.00    0.00    0.00    0.00

filterror =    16.00   16.00   16.00   16.00   16.00   16.00   16.00   16.00

minpoll = 6, maxpoll = 10

 

R5's confige:

Rack3R5#show runn | inc ntp  

ntp authentication-key 1 md5 13263E212823 7

ntp authenticate

ntp trusted-key 1

ntp access-group peer 5

ntp master 5

ntp peer 148.3.57.7

ntp server 204.12.3.254 key 1 prefe

 

i have tried to removed the authentication but no luck.Pls anyone??

 

 

Comments

  • i have tried to removed the authentication but no luck.Pls anyone??

    I don't remember the exact ticket, but have you tried to debug this problem?  Are you able to reach 204.12.X.254 from a layer 3 perspective?

    What happens if you remove the ntp access-group peer 5 from the config?

    How long did you wait - although from the output I don't think polling is working. Can you provide output from show ntp association too?

    Have you tried debugging the NTP process with debug ntp ... ?

    HTH

  • never mind....wrong thread.

    sorry..

    Tox

  •  Thanks for your reply Welshy.

      The reachability is ok.The access-group is working properly because the hit count of the access-list statement is increasing.And i must have wait at least 20 mins.The first output in my original post is the command show ntp association detail.

     About the last request since the lab is over,so [:(]

  • The show ntp association command is a little bit more helpful for seeing whether your NTP server is responding using the reach column.  This number is represented in Octal so should end up as 377 if the previous 8 polls have been successful.

    These should follow this pattern

     

    00000001b = 001 base 8
    00000011b = 003 base 8
    00000111b = 007 base 8
    00001111b = 017 base 8
    00011111b = 037 base 8
    00111111b = 077 base 8
    01111111b = 177 base 8
    11111111b = 377 base 8

    Essentially the binary number is shifted right and a binary 1 set in the LSB postion if the previous poll was sucessful.

    I guess we really need to see the debug ntp ...  results to get a better understanding.  No chance of that now though!

  • Did you have 127.127.7.1 permitted within the "peer" access-list 5?

  • hi Nich,i have done everything in the SG,but it just doesnt work.

  • Can you post the NTP config of your BB3 router and 'show access-list 5' on R5?

     

  • Sure,here's the ACL on R5

    access-list 5 permit 127.127.1.1

    access-list 5 permit 204.12.3.254

    access-list 5 permit 148.3.57.7

     


    BB3's config

    ntp authentication-key 1 md5 CISCO

    ntp authenticate

    ntp trusted-key 1

    ntp server 172.16.4.1 key 

     

    what's strange is SW1 is also referencing bb3 and its working properly.

    config:ntp authentication-key 1 md5 02252D682829 7

    ntp authenticate

    ntp trusted-key 1

    ntp clock-period 36028747

    ntp server 204.12.3.254 key 1 prefer

  • Thanks for this info. The problem is very strange, but there's usually simple reasons for strange behaviour.

    I'm guessing you've tried copying and pasting your SW1 NTP config to R5?

    It sounds like a reachability issue. I'm guessing the path R5 takes to BB3 is via the direct serial link to R4? If so, R5 will be sourcing it's NTP packets from that interface's IP Address (155.3.45.5?). Check that BB3 has a route back to that IP (155.3.45.5?) Also, if BB3 has a route to R5's Loopback (150.3.5.5?), try configuring R5 to use it's loopback as the NTP source-interface.

    My money is on BB3 not having a route to R5. Check the IGP running between R4 and BB3 (RIP?).

    Sorry, it's been a while since I've looked at these labs, hence the (?)...

     

  • Its all based on the inital config of R5 I just added 2 commands to it.

    May be you're right! R5 may be sourcing the ntp packet from other interface which bb3 doesnt has the route back.

Sign In or Register to comment.