Cisco Router (IOS) not syncing with NTP Server (unsynchronized)

Question

We are trying to get one of our routers to synchronise with a NTP server. We have a pretty simple config but we can't get it to synchronise.

This is our config:

ntp access-group serve-only 15
ntp server 94.125.132.7

This is the result of show ntp associations:

  address         ref clock     st  when  poll reach  delay  offset    disp
 ~94.125.132.7     0.0.0.0          16     -    64    0     0.0    0.00  16000.
 * master (synced), # master (unsynced), + selected, - candidate, ~ configured

This is the result of show ntp status

Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 249.5901 Hz, actual freq is 249.5907 Hz, precision is 2**16
reference time is 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec

We have tried setting the router clock to a more current time, that didn't work - we have waited for several hours in hope that it would sync - that didn't work either.

Does anyone have any ideas?

Thank you for your help in advance.

score 0 · Answer 1 · answered Jun 25 '16 at 04:19

It seems your router is not reaching the NTP server (94.125.132.7), probably a routing issue. Specifying the source interface may help you (Loopback0 in this example):

ntp server 94.125.132.7 source Loopback0

Also, this ntp access-group serve-only 15 means that your router will only serve as a NTP server to the IPs listed on ACL 15, and that's not what you want. Remove this line. If you must, you can set an ACL as shown in Ted Wilmont's post.

And you need to check if your server does not require authentication.

Finally, don't forget to set the ntp update-calendar to periodically update the hardware clock from the software clock.

Bora Akyol · Answer 2 · 2016-07-19T17:51:13.817

0

Do you use VRFs? If so, you may need to set the source VRF in addition to the source interface to be able to reach the NTP server. For example, on the Nexus 5000, you can set the vrf by using "use-vrf" command.

ntp server 2400::1 use-vrf default

edited Jul 19 '16 at 17:51

answered Jun 28 '16 at 19:54

Bora Akyol

61
4

score -1 · Accepted Answer · answered May 23 '16 at 21:47

-1

The fix for us in this case was to set a ntp access-group peer access list.

For example:

ntp access-group peer 10

access-list 10 remark NTP peers/servers we sync to/with
access-list 10 permit 94.125.132.7
access-list 10 deny any

answered May 23 '16 at 21:47

Ted Wilmont

463
2
9
20

Cisco Router (IOS) not syncing with NTP Server (unsynchronized)

3 Answers3