NTP on switch not talking to server

  • 1
  • Question
  • Updated 2 months ago
  • Acknowledged
Good morning,

I'm having problems getting NTP to work on our ICX 7150/7650 switches.  Based on the documentation, the configuration should work, but it does not appear to even be sending any packets to the NTP server.

The NTP server is in the specified VLAN, the switch has an IP address on that VLAN also.  It can ping the NTP server IP, so I know that the two can communicate.

The NTP service is running, other devices (Cisco switches, printers, ...) can connect to it just fine.  But from running tcpdump on the server, I see no packets from the Ruckus switches.  Enabling debugging and enabling the NTP client on the switch generates several errors, but not entirely sure how to identify the root problem from those or how to correct it.

Does anyone have any thoughts?

configuration (I have tried with and without adding 'version 3' as the server software - openntpd - documentation says it is NTPv3, although it quite happily is responding to v4 requests from the Cisco switches):
ntp
 server 192.168.123.253
 access-control vlan 1000
!
debug logs:
Debug: Oct  8 13:04:56 NTP: ntp_print_cloud_info ntp_cu_msg_callback 2
Debug: Oct  8 13:04:56 NTP: UDP ports are opened
Debug: Oct  8 13:04:56 NTP: ntp_clock_filter: Adding offset 0, delay 0, disp 16 to filter[0] for peer 192.168.123.253
Debug: Oct  8 13:04:56 NTP: ntp_clock_filter: No acceptable samples available
Debug: Oct  8 13:04:56 NTP: ntp_peer_unfit: bad sync/stratum - peer 192.168.123.253 is not in sync [peer leap = 3, stratum = 16]
Debug: Oct  8 13:04:56 NTP: ntp_peer_unfit: dist exceeded - root dist 15.937 of peer 192.168.123.253 has exceeded max dist 1.50096000
Debug: Oct  8 13:04:56 NTP: ntp_peer_unfit: unreachable - peer 192.168.123.253 is not reachable [peer->reach 0]
Debug: Oct  8 13:04:56   NTP PEER 192.168.123.253 UNFIT 1600
Debug: Oct  8 13:04:56 NTP: ntp_clock_select: number of final survivors 0 and leap vote 0
Debug: Oct  8 13:04:56 NTP: No routing entry found for peer 192.168.123.253. Not sending the NTP packet
Debug: Oct  8 13:04:56 NTP: poll_update: for peer 192.168.123.253 hpoll 7 burst 0 retry 2 throttle 0 next poll 64

Photo of Steve Kersley

Steve Kersley

  • 2 Posts
  • 0 Reply Likes

Posted 2 months ago

  • 1
Photo of Michael Brado

Michael Brado, Official Rep

  • 2588 Posts
  • 353 Reply Likes
And nothing could be blocking UDP:123 ports?
Photo of Steve Kersley

Steve Kersley

  • 2 Posts
  • 0 Reply Likes
No.  Nothing on the server (and the packets would be received on the interface even if being blocked locally).  Server and switches are both on the management VLAN so no routers/firewalls between them.

If you look in the debug logs it actually says 'not sending packet' - although it says 'no routing entry found'.  I'm assuming it's not talking routing in the traditional sense as it doesn't need a routing entry to reach that network and can ping it.
Photo of Michael Brado

Michael Brado, Official Rep

  • 2588 Posts
  • 353 Reply Likes
Advice from a TSE:
Please use source-interface under NTP to use the correct VE in the Vlan for NTP. I assume it should be the VE in Vlan 100.

Debug:Oct  8 13:04:56 NTP: ntp_peer_unfit: unreachable - peer 192.168.123.253 isnot reachable [peer->reach 0]
(Edited)