From: Vladimir Sousa (vladrac@gmail.com)
Date: Mon Nov 19 2007 - 21:43:53 ART
Hello are you talking about the master or the client?
Because it seems that the ntp master will use itself as a peer to get the
clock information.
r1(config)#ntp master 1
r1(config)#end
.Nov 19 22:39:08.887: NTP: 127.127.7.1 reachable
.Nov 19 22:39:08.891: NTP: synced to new peer 127.127.7.1
Nov 19 22:39:08.891: NTP: 127.127.7.1 synced to new peer
Nov 19 22:39:08.891: NTP: sync change
Nov 19 22:39:08.895: NTP: peer stratum change
So, it makes sense to set an access-group peer for our own internal address.
vlad
On 11/19/07, Ali.Huang <zero5291@gmail.com> wrote:
>
> I think you should check your clinet configuration,because your client
> uses itslef as ntp server.
>
> On 11/19/07, Edison Ortiz <edisonmortiz@gmail.com> wrote:
> > Frank,
> >
> > I'm afraid if you wait enough time it will go 'insane' :)
> > If you want to verify, create add an entry with deny log on that ACL and
> you
> > will see 127.127.7.1 packets.
> >
> > Edison Ortiz
> > Routing and Switching, CCIE # 17943
> >
> >
> > _____
> >
> > From: fanggao@gmail.com [mailto:fanggao@gmail.com] On Behalf Of Frank
> Gao
> > Sent: Sunday, November 18, 2007 11:50 AM
> > To: Edison Ortiz; George Goglidze
> > Cc: Cisco certification
> > Subject: Re: NTP question
> >
> >
> > I duplicated this behavior in the real rack. The symptom is same.
> >
> > There is another way to resolve it.
> > Step 1: ntp master
> >
> > Wait the ntp master "sane" with 127.127.7.1
> > Step 2: ntp access-group serve-only 1
> >
> > It works without 127.127.7.1 in access-list 1.
> >
> > If you configure "ntp access-group serve-only" before "ntp master", you
> have
> > to put 127.127.7.1 in access-list. You can include 127.127.7.1
> > <http://127.127.7.1> in access-list for either "ntp access-group peer"
> or
> > "ntp access-group serve-only".
> >
> > Frank
> >
> > On Nov 18, 2007 10:22 AM, Edison Ortiz <edisonmortiz@gmail.com> wrote:
> >
> >
> > Well, you do have problems with synchronization. Per your output, your
> NTP
> > master status is 'insane'.
> > The correct status is 'sane'. You need to allow the loopback address in
> the
> > 'serve-only ACL'.
> >
> > I duplicated your scenario with Dynamips and I believe you are using the
> > same. I wonder if this behavior
> > is only seen with Dynamips (I don't have any live gear at the moment)
> hence
> > the omission in the DocCD.
> >
> >
> >
> > Edison Ortiz
> > Routing and Switching, CCIE # 17943
> >
> >
> > _____
> >
> > From: George Goglidze [mailto:goglidze@gmail.com]
> >
> > Sent: Sunday, November 18, 2007 10:08 AM
> > To: Edison Ortiz
> > Cc: Cisco certification
> > Subject: Re: NTP question
> >
> >
> >
> > Hi Ortiz,
> >
> > Actually with my configuration it works just fine.
> >
> > I have no problem with syncronization.
> >
> > The only question was:
> >
> >
> > Why do I need to use ACL allowing : 127.127.7.1 <http://127.127.7.1/>
> > <http://127.127.7.1/> as
> >
> > a peer.
> > As well DocCD says nothing about that!
> >
> > Many thanks for your help,
> >
> >
> >
> >
> > On Nov 18, 2007 4:02 PM, Edison Ortiz <edisonmortiz@gmail.com
> > <mailto:edisonmortiz@gmail.com> > wrote:
> >
> >
> > Ok,
> >
> > You were almost there with the ACL. 127.127.7.1 <http://127.127.7.1/
> > needs
> > to be allowed but you
> > placed it under ACL 2 not ACL 1.
> >
> > Try placing 127.127.7.1 <http://127.127.7.1/> on ACL 1 and it should
> work.
> >
> > Edison Ortiz
> > Routing and Switching, CCIE # 17943
> >
> >
> > _____
> >
> > From: George Goglidze [mailto:goglidze@gmail.com]
> > Sent: Sunday, November 18, 2007 9:38 AM
> > To: Edison Ortiz
> > Subject: Re: NTP question
> >
> >
> > Hi there,
> >
> > The clock is set manually to correct time.
> > I do have correct time information on R1,
> >
> >
> >
> >
> >
> > On Nov 18, 2007 2:55 PM, Edison Ortiz < <mailto:edisonmortiz@gmail.com>
> >
> > edisonmortiz@gmail.com> wrote:
> >
> >
> > What's the current time on R1 ?
> >
> > From your output it seems the hardware clock is supplying 'Mon Jan 1
> 1900'
> >
> > Manually change the clock to a current time with the set clock command.
> >
> >
> > Edison Ortiz
> > Routing and Switching, CCIE # 17943
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> > George Goglidze
> > Sent: Sunday, November 18, 2007 7:32 AM
> > To: Cisco certification
> > Subject: NTP question
> >
> > Hi all,
> >
> > I have been working on NTP and have noticed couple things I'd like to
> share,
> >
> > I was working on ntp access-group
> > Especially when I'm filtering clients that can request time from the
> server.
> >
> >
> >
> > here was initial configuration:
> >
> > server:
> > int lo 0
> > ip addr 192.168.1.1 <http://192.168.1.1/>
> > exit
> >
> > ntp source Loopback0
> > ntp access-group serve-only 1
> > ntp master
> >
> > access-list 1 permit host 192.168.2.2 <http://192.168.2.2/>
> >
> > client:
> >
> >
> > int lo 0
> > ip addr 192.168.2.2 <http://192.168.2.2/>
> > exit
> >
> > ntp server 192.168.2.2 <http://192.168.2.2/>
> >
> > ---------------
> >
> > for some reason this does not work:
> > and actually, even R1 does not have ntp association OK.
> >
> > it shows:
> >
> > R1#sh ntp associations detail
> > 127.127.7.1 <http://127.127.7.1/> configured, insane, invalid,
> unsynced,
> > stratum 7 ref ID
> > 127.127.7.1 <http://127.127.7.1/> , time 00000000.00000000 (00:00:00.000UTC
> > Mon Jan 1 1900) our
> > mode active, peer mode unspec, our poll intvl 64, peer poll intvl 64
> root
> > delay 0.00 msec, root disp 0.00, reach 0, sync dist 0.000 delay 0.00msec,
> > offset 0.0000 msec, dispersion 16000.00 precision 2**24, version 3 org
> time
> > 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900) rcv time
> > 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900) xmt time
> > 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
> > filtdelay = 0.00 0.00 0.00 0.00 0.00 0.00 0.00
> 0.00
> > filtoffset = 0.00 0.00 0.00 0.00 0.00 0.00 0.00
> 0.00
> > filterror = 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0 16000.0
> 16000.0
> > Reference clock status: Running normally
> > Timecode:
> >
> >
> > and for this reason on R2 we get following error on debug:
> >
> > .Jan 1 05:43:00.374: NTP: packet from 192.168.1.1 <http://192.168.1.1/>
> > failed validity tests 20
> > .Jan 1 05:43:00.374: Peer/Server Clock unsynchronized
> >
> > --------------------
> >
> >
> > So on R1 I had to add following line, to be able to let's say make sane
> > relationship with NTP master on loopback.
> > the final config of R1 server is:
> >
> > int lo 0
> > ip addr 192.168.1.1 <http://192.168.1.1/>
> > exit
> >
> > ntp source Loopback0
> > ntp access-group peer 2
> > ntp access-group serve-only 1
> > ntp master
> >
> >
> >
> > access-list 1 permit host 192.168.2.2 <http://192.168.2.2/>
> > access-list 2 permit 127.127.7.1 <http://127.127.7.1/>
> >
> >
> > ---------------------------------------------------
> >
> > I did not find anywhere in DocCd information that I had to do that, but
> it
> > seems like it does not work without that.
> >
> > Can anyone tell me if I'm wrong?
> > Maybe I'm doing something wrong after all.
> >
> >
> > Thanks,
> >
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
>
>
> --
> THX.
> Ali.huang
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:30 ART