HPE Community
Switches, Hubs, and Modems
1752800 Members
5723 Online
108789 Solutions
New Discussion юеВ

Re: 3500yl SNTP Question

 
jaredo_1
Frequent Advisor

тАО11-05-2010 06:46 AM

тАО11-05-2010 06:46 AM

3500yl SNTP Question

I have 2 3500yl switches configured as my core (VRRP/MSTP/VLANs).

VLAN1 is my management VLAN while my SNTP servers (Windows 2008) reside on VLAN10.

When I configure SNTP to the servers on vlan10, I do not get time updates. Everything else that runs from other vlans communicates fine, and the servers ntp servers respond accordingly. Additionally, I tried to setup remote syslog logging to a server on VLAN10, and the switches are not successfully sending syslog messages.

I can ping everything fine on any vlan from the switches, everything is running as normal otherwise.

timesync sntp
sntp unicast
sntp 30
sntp server priority 1 10.10.10.3 4
sntp server priority 2 10.10.10.4 4

Looking at local logs:
I 11/05/10 09:39:05 02631 SNTP: server not found at 10.10.10.3.
I 11/05/10 09:39:14 02631 SNTP: server not found at 10.10.10.4.
I 11/05/10 09:39:14 00414 SNTP: all configured servers failed

sh sntp reports:
SNTP Configuration

SNTP Authentication : Disabled
Time Sync Mode: Sntp
SNTP Mode : Unicast
Poll Interval (sec) [720] : 30
Source IP Selection: Outgoing Interface


Priority SNTP Server Address Version Key-id
-------- --------------------------------------- ------- ----------
1 10.10.10.3 4 0
2 10.10.10.4 4 0




Any ideas?

0 Kudos
14 REPLIES 14
Jeff Carrell
Honored Contributor

тАО11-05-2010 06:58 AM

тАО11-05-2010 06:58 AM

Re: 3500yl SNTP Question

Have you tried timep instead of sntp?

Seems like I had this issue in my lab with W2K8, but I'm not there at the moment to verify.

hth...Jeff
0 Kudos
jaredo_1
Frequent Advisor

тАО11-05-2010 07:09 AM

тАО11-05-2010 07:09 AM

Re: 3500yl SNTP Question

Yea nothing from timep either, also tried several ntp versions (3/4).

Also tried ip source-interface sntp vlan 10
0 Kudos
jaredo_1
Frequent Advisor

тАО11-05-2010 07:11 AM

тАО11-05-2010 07:11 AM

Re: 3500yl SNTP Question

There is a firmware update I'll try this weekend but don't see anything in the change log regarding ntp.

Currently running K.14.47
0 Kudos
jaredo_1
Frequent Advisor

тАО11-05-2010 07:12 AM

тАО11-05-2010 07:12 AM

Re: 3500yl SNTP Question

CORE1(config)# sh sntp

SNTP Configuration

SNTP Authentication : Disabled
Time Sync Mode: Sntp
SNTP Mode : Unicast
Poll Interval (sec) [720] : 30
Source IP Selection: 10.10.10.1


Priority SNTP Server Address Version Key-id
-------- --------------------------------------- ------- ----------
1 10.10.10.3 3 0
2 10.10.10.4 4 0

CORE1(config)# sh sntp statistics
SNTP Statistics

Received Packets : 0
Sent Packets : 86467
Dropped Packets : 0

SNTP Server Address Auth Failed Pkts
--------------------------------------- ----------------
10.10.10.3 0
10.10.10.4 0
0 Kudos
jaredo_1
Frequent Advisor

тАО11-05-2010 07:19 AM

тАО11-05-2010 07:19 AM

Re: 3500yl SNTP Question

Was able to point it to an external ntp server with ip source sntp vlan 1, guess I'll just do that for now.
0 Kudos
macrocozm
Advisor

тАО11-05-2010 08:23 AM

тАО11-05-2010 08:23 AM

Re: 3500yl SNTP Question


Can you ping between the switch <-> servers?
0 Kudos
jaredo_1
Frequent Advisor

тАО11-05-2010 09:06 AM

тАО11-05-2010 09:06 AM

Re: 3500yl SNTP Question

"I can ping everything fine on any vlan from the switches, everything is running as normal otherwise."

Same from the servers.
0 Kudos
Glen Van Lehn
Frequent Advisor

тАО11-05-2010 12:05 PM

тАО11-05-2010 12:05 PM

Re: 3500yl SNTP Question

jaredo, if routing works between v1 & v10, and your connection to the external ntp site also works, how does access-control work on the windows servers?

On my linux ntp servers, I need to add some config lines as to which ip ranges are allowed to query.

What are results of "#show sntp statistics" on the 3500?

0 Kudos
Olaf Borowski
Respected Contributor

тАО11-06-2010 10:31 AM

тАО11-06-2010 10:31 AM

Re: 3500yl SNTP Question

According to your statistics, the switch is querying the SNTP server but never gets a response. Check the firewall rules of the Win2008 server. Make sure UDP port 123 is allowed.
http://bchavez.bitarmory.com/archive/2009/12/21/how-to-setup-a-windows-2008-r2-sntp-ntp-server.aspx

ICMP (ping) is probably allowed so this is not a good test. Install a tool like wireshark are see if the server actually responds (assuming there is not other firewall in play).

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.