RE: NTP question

From: Edison Ortiz (edisonmortiz@gmail.com)
Date: Sun Nov 18 2007 - 15:32:06 ART

• Next message: Carlos Trujillo Jimenez: "RE: Frame-Relay Traffic Shaping"
• Previous message: Joseph Brunner: "RE: Frame-Relay Traffic Shaping"
• Maybe in reply to: George Goglidze: "NTP question"
• Next in thread: Ali.Huang: "Re: NTP question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Frank,
 
I'm afraid if you wait enough time it will go 'insane' :)
If you want to verify, create add an entry with deny log on that ACL and you
will see 127.127.7.1 packets.
 
Edison Ortiz
Routing and Switching, CCIE # 17943
 

  _____

From: fanggao@gmail.com [mailto:fanggao@gmail.com] On Behalf Of Frank Gao
Sent: Sunday, November 18, 2007 11:50 AM
To: Edison Ortiz; George Goglidze
Cc: Cisco certification
Subject: Re: NTP question

I duplicated this behavior in the real rack. The symptom is same.
 
There is another way to resolve it.
  Step 1: ntp master
 
  Wait the ntp master "sane" with 127.127.7.1
  Step 2: ntp access-group serve-only 1

   It works without 127.127.7.1 in access-list 1.
 
If you configure "ntp access-group serve-only" before "ntp master", you have
to put 127.127.7.1 in access-list. You can include 127.127.7.1
<http://127.127.7.1> in access-list for either "ntp access-group peer" or
"ntp access-group serve-only".
 
Frank

On Nov 18, 2007 10:22 AM, Edison Ortiz <edisonmortiz@gmail.com> wrote:

Well, you do have problems with synchronization. Per your output, your NTP
master status is 'insane'.
The correct status is 'sane'. You need to allow the loopback address in the
'serve-only ACL'.

I duplicated your scenario with Dynamips and I believe you are using the
same. I wonder if this behavior
is only seen with Dynamips (I don't have any live gear at the moment) hence
the omission in the DocCD.

Edison Ortiz
Routing and Switching, CCIE # 17943

 _____

From: George Goglidze [mailto:goglidze@gmail.com]

Sent: Sunday, November 18, 2007 10:08 AM
To: Edison Ortiz
Cc: Cisco certification
Subject: Re: NTP question

Hi Ortiz,

Actually with my configuration it works just fine.

I have no problem with syncronization.

The only question was:

Why do I need to use ACL allowing : 127.127.7.1 <http://127.127.7.1/>
<http://127.127.7.1/> as

a peer.
As well DocCD says nothing about that!

Many thanks for your help,

On Nov 18, 2007 4:02 PM, Edison Ortiz <edisonmortiz@gmail.com
<mailto:edisonmortiz@gmail.com> > wrote:

Ok,

You were almost there with the ACL. 127.127.7.1 <http://127.127.7.1/> needs
to be allowed but you
placed it under ACL 2 not ACL 1.

Try placing 127.127.7.1 <http://127.127.7.1/> on ACL 1 and it should work.

Edison Ortiz
Routing and Switching, CCIE # 17943

 _____

From: George Goglidze [mailto:goglidze@gmail.com]
Sent: Sunday, November 18, 2007 9:38 AM
To: Edison Ortiz
Subject: Re: NTP question

Hi there,

The clock is set manually to correct time.
I do have correct time information on R1,

On Nov 18, 2007 2:55 PM, Edison Ortiz < <mailto:edisonmortiz@gmail.com>

edisonmortiz@gmail.com> wrote:

What's the current time on R1 ?

• Next message: Carlos Trujillo Jimenez: "RE: Frame-Relay Traffic Shaping"
• Previous message: Joseph Brunner: "RE: Frame-Relay Traffic Shaping"
• Maybe in reply to: George Goglidze: "NTP question"
• Next in thread: Ali.Huang: "Re: NTP question"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART