Re: NTP question

From: George Goglidze (goglidze@gmail.com)
Date: Sun Nov 18 2007 - 12:08:18 ART

• Next message: Edison Ortiz: "RE: NTP question"
• Previous message: Edison Ortiz: "RE: NTP question"
• Maybe in reply to: George Goglidze: "NTP question"
• Next in thread: Edison Ortiz: "RE: NTP question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Ortiz,

Actually with my configuration it works just fine.

I have no problem with syncronization.

The only question was:

Why do I need to use ACL allowing : 127.127.7.1 as a peer.
As well DocCD says nothing about that!

Many thanks for your help,

On Nov 18, 2007 4:02 PM, Edison Ortiz <edisonmortiz@gmail.com> wrote:

> Ok,
>
> You were almost there with the ACL. 127.127.7.1 needs to be allowed but
> you placed it under ACL 2 not ACL 1.
>
> Try placing 127.127.7.1 on ACL 1 and it should work.
>
> Edison Ortiz
> Routing and Switching, CCIE # 17943
>
>
> ------------------------------
> *From:* George Goglidze [mailto:goglidze@gmail.com]
> *Sent:* Sunday, November 18, 2007 9:38 AM
> *To:* Edison Ortiz
> *Subject:* Re: NTP question
>
> Hi there,
>
> The clock is set manually to correct time.
> I do have correct time information on R1,
>
>
>
> On Nov 18, 2007 2:55 PM, Edison Ortiz < edisonmortiz@gmail.com> wrote:
>
> > What's the current time on R1 ?
> >
> > From your output it seems the hardware clock is supplying 'Mon Jan 1
> > 1900'
> >
> > Manually change the clock to a current time with the set clock command.
> >
> >
> > Edison Ortiz
> > Routing and Switching, CCIE # 17943
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > George Goglidze
> > Sent: Sunday, November 18, 2007 7:32 AM
> > To: Cisco certification
> > Subject: NTP question
> >
> > Hi all,
> >
> > I have been working on NTP and have noticed couple things I'd like to
> > share,
> >
> > I was working on ntp access-group
> > Especially when I'm filtering clients that can request time from the
> > server.
> >
> > here was initial configuration:
> >
> > server:
> > int lo 0
> > ip addr 192.168.1.1
> > exit
> >
> > ntp source Loopback0
> > ntp access-group serve-only 1
> > ntp master
> >
> > access-list 1 permit host 192.168.2.2
> >
> > client:
> >
> >
> > int lo 0
> > ip addr 192.168.2.2
> > exit
> >
> > ntp server 192.168.2.2
> >
> > ---------------
> >
> > for some reason this does not work:
> > and actually, even R1 does not have ntp association OK.
> >
> > it shows:
> >
> > R1#sh ntp associations detail
> > 127.127.7.1 configured, insane, invalid, unsynced, stratum 7 ref ID
> > 127.127.7.1, time 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
> > our
> > mode active, peer mode unspec, our poll intvl 64, peer poll intvl 64
> > root
> > delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000 delay 0.00msec,
> > offset 0.0000 msec, dispersion 16000.00 precision 2**24, version 3 org
> > time
> > 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900) rcv time
> > 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900) xmt time
> > 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
> > filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00
> > 0.00
> > filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00
> > 0.00
> > filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0
> > 16000.0
> > Reference clock status: Running normally
> > Timecode:
> >
> >
> > and for this reason on R2 we get following error on debug:
> >
> > .Jan 1 05:43:00.374: NTP: packet from 192.168.1.1 failed validity tests
> > 20
> > .Jan 1 05:43:00.374: Peer/Server Clock unsynchronized
> >
> > --------------------
> >
> >
> > So on R1 I had to add following line, to be able to let's say make sane
> > relationship with NTP master on loopback.
> > the final config of R1 server is:
> >
> > int lo 0
> > ip addr 192.168.1.1
> > exit
> >
> > ntp source Loopback0
> > ntp access-group peer 2
> > ntp access-group serve-only 1
> > ntp master
> >
> >
> >
> > access-list 1 permit host 192.168.2.2
> > access-list 2 permit 127.127.7.1
> >
> >
> > ---------------------------------------------------
> >
> > I did not find anywhere in DocCd information that I had to do that, but
> > it
> > seems like it does not work without that.
> >
> > Can anyone tell me if I'm wrong?
> > Maybe I'm doing something wrong after all.
> >
> >
> > Thanks,
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Edison Ortiz: "RE: NTP question"
• Previous message: Edison Ortiz: "RE: NTP question"
• Maybe in reply to: George Goglidze: "NTP question"
• Next in thread: Edison Ortiz: "RE: NTP question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART