Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

3500yl SNTP Question

jaredo_1
Frequent Advisor

3500yl SNTP Question

I have 2 3500yl switches configured as my core (VRRP/MSTP/VLANs).

VLAN1 is my management VLAN while my SNTP servers (Windows 2008) reside on VLAN10.

When I configure SNTP to the servers on vlan10, I do not get time updates. Everything else that runs from other vlans communicates fine, and the servers ntp servers respond accordingly. Additionally, I tried to setup remote syslog logging to a server on VLAN10, and the switches are not successfully sending syslog messages.

I can ping everything fine on any vlan from the switches, everything is running as normal otherwise.

timesync sntp
sntp unicast
sntp 30
sntp server priority 1 10.10.10.3 4
sntp server priority 2 10.10.10.4 4

Looking at local logs:
I 11/05/10 09:39:05 02631 SNTP: server not found at 10.10.10.3.
I 11/05/10 09:39:14 02631 SNTP: server not found at 10.10.10.4.
I 11/05/10 09:39:14 00414 SNTP: all configured servers failed

sh sntp reports:
SNTP Configuration

SNTP Authentication : Disabled
Time Sync Mode: Sntp
SNTP Mode : Unicast
Poll Interval (sec) [720] : 30
Source IP Selection: Outgoing Interface


Priority SNTP Server Address Version Key-id
-------- --------------------------------------- ------- ----------
1 10.10.10.3 4 0
2 10.10.10.4 4 0




Any ideas?

14 REPLIES
Jeff Carrell
Honored Contributor

Re: 3500yl SNTP Question

Have you tried timep instead of sntp?

Seems like I had this issue in my lab with W2K8, but I'm not there at the moment to verify.

hth...Jeff
jaredo_1
Frequent Advisor

Re: 3500yl SNTP Question

Yea nothing from timep either, also tried several ntp versions (3/4).

Also tried ip source-interface sntp vlan 10
jaredo_1
Frequent Advisor

Re: 3500yl SNTP Question

There is a firmware update I'll try this weekend but don't see anything in the change log regarding ntp.

Currently running K.14.47
jaredo_1
Frequent Advisor

Re: 3500yl SNTP Question

CORE1(config)# sh sntp

SNTP Configuration

SNTP Authentication : Disabled
Time Sync Mode: Sntp
SNTP Mode : Unicast
Poll Interval (sec) [720] : 30
Source IP Selection: 10.10.10.1


Priority SNTP Server Address Version Key-id
-------- --------------------------------------- ------- ----------
1 10.10.10.3 3 0
2 10.10.10.4 4 0

CORE1(config)# sh sntp statistics
SNTP Statistics

Received Packets : 0
Sent Packets : 86467
Dropped Packets : 0

SNTP Server Address Auth Failed Pkts
--------------------------------------- ----------------
10.10.10.3 0
10.10.10.4 0
jaredo_1
Frequent Advisor

Re: 3500yl SNTP Question

Was able to point it to an external ntp server with ip source sntp vlan 1, guess I'll just do that for now.
macrocozm
Advisor

Re: 3500yl SNTP Question


Can you ping between the switch <-> servers?
jaredo_1
Frequent Advisor

Re: 3500yl SNTP Question

"I can ping everything fine on any vlan from the switches, everything is running as normal otherwise."

Same from the servers.
Glen Van Lehn
Frequent Advisor

Re: 3500yl SNTP Question

jaredo, if routing works between v1 & v10, and your connection to the external ntp site also works, how does access-control work on the windows servers?

On my linux ntp servers, I need to add some config lines as to which ip ranges are allowed to query.

What are results of "#show sntp statistics" on the 3500?

Olaf Borowski
Respected Contributor

Re: 3500yl SNTP Question

According to your statistics, the switch is querying the SNTP server but never gets a response. Check the firewall rules of the Win2008 server. Make sure UDP port 123 is allowed.
http://bchavez.bitarmory.com/archive/2009/12/21/how-to-setup-a-windows-2008-r2-sntp-ntp-server.aspx

ICMP (ping) is probably allowed so this is not a good test. Install a tool like wireshark are see if the server actually responds (assuming there is not other firewall in play).

EckerA
Respected Contributor

Re: 3500yl SNTP Question

Hi,
as u are running K.14.47 u need to update the switch software.
there was a problem with the authenticationfeature of ntp with windows servers.

hth
alex
terosa
Occasional Visitor

Re: 3500yl SNTP Question

Did you guys get this to work? I have latest firmware in my 3500yl (K.15.02.0005) and still cant reach SNTP-servers.. Statistics show that received packets is 0 but I confirmed from router that the packets are sent from NTP-server to switch without any problems.

Another 3500yl with older firmware (K.13.51) seems to be working just fine to SAME ntp-server...
EckerA
Respected Contributor

Re: 3500yl SNTP Question

Hi,
it might be that K.15.xx is made from a softwareversion K.14.xx where the sntp stuff didn't work.
i'm running K.14.72 in productive enviroments and sntp is working just fine again.

hth
Alex
jaredo_1
Frequent Advisor

Re: 3500yl SNTP Question

I'm still running K.14.47, but I'll give K.14.72 a try this weekend.
terosa
Occasional Visitor

Re: 3500yl SNTP Question

Just got confirmation from HP that it's a bug in the firmware. Fixed in 15.03.