Posted on August 18, 2016 7:29 pm
 |  Asked by philippe bureau
 |  3110 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hi,

I am trying to use a 7050SX as time server for other switches.

The client switches tells me :

#show ntp status
unsynchronised
time server re-starting

#show ntp associations
remote refid st t when poll reach delay offset jitter
==============================================================================
x.x.42.65 .INIT. 16 u – 64 0 0.000 0.000 0.000
x.x.43.5 .INIT. 16 u – 64 0 0.000 0.000 0.000

Tcpdump show the server switch respond with ICMP “port unreachable” packets.

the NTP server switch is synced with master clock, has “permit” in control-plane ACL and configured with “ntp serve all” and “ntp serve” on loopback0 (x.x.43.5) and SVI which uses “ip address virtual x.x.x.x/x”

Is there a limitation that the switch cannot serve as NTP source on Loopbacks or interfaces using “ip address virtual”?

Thanks

 

0
Posted by philippe bureau
Answered on August 18, 2016 7:37 pm

formatting got messed up :

#show ntp status

unsynchronised

time server re-starting

 

#show ntp associations

remote refid st t when poll reach delay offset jitter

==============================================================================

10.192.42.65 .INIT. 16 u – 64 0 0.000 0.000 0.000

10.192.43.5 .INIT. 16 u – 64 0 0.000 0.000 0.000

0
Posted by John Frame
Answered on August 19, 2016 7:53 pm

Hi Phil,
The use of ”ip address virtual” is beneficial by saving on address space in a routed VXLAN environment but comes with the caveat that routing protocols will not work over these interfaces. To enable protocols to work, you would need to convert to the SVI+VIP format such as:

interface Vlan200
ip address 192.168.10.1/24
ip virtual-router address 192.168.10.254

I did a quick test on vEOS and indeed an NTP association comes up from a client when the switch is serving out of this interface but it does not when using ”ip address virtual”.

Hope that helps,
John.

0
Posted by Aesha Parikh
Answered on August 19, 2016 11:26 pm

Hi Phil,

While running virtual IP (VARP or VRRP IP) as NTP server on a switch, you need to configure ”ip fhrp accept-mode” to trap NTP requests. By default virtual IP address is not assigned a kernel interface and it does not accept any control packets (except ICMP). Maybe the behavior is different on vEOS.

Loopback IP as NTP server should work as long as Client switch is able to reach that IP.

Thanks

 

0
Posted by Nathan Kitchen
Answered on November 8, 2016 7:27 pm

As of Q4 2016, the NTP service in EOS does not have full integration with VRRP or VARP. If any ”[no] ntp serve” commands are configured on specific interfaces, they will have no effect on NTP through those interfaces’ virtual IP addresses.

This doesn’t apply to the case where there are no such commands, only ”ntp serve all”–”ip fhrp accept-mode” does allow access to NTP through virtual IP addresses in that case.

1
Posted by philippe bureau
Answered on January 20, 2017 6:42 pm

my issue was I sync on one VRF and I was trying to “ntp serve” in another VRF.  It is not supported.

Post your Answer

You must be logged in to post an answer.