Sunday, November 25, 2007

851 ISR's use SNTP Dummy!

So I've configured NTP on quite a few Cisco and non-Cisco devices and I expected it to be an "ntp ?" away. NTP was only mentioned in the ports reference in the configuration guide and I didn't feel like resetting/remembering my password to be able to check the good old IOS feature navigator.

sntp server

851w#conf t
Enter configuration commands, one per line. End with CNTL/Z.
851w(config)#sntp ?
broadcast Configure SNTP broadcast services
logging Enable SNTP message logging
multicast Configure SNTP multicast services
server Configure SNTP server
source-interface Configure interface for source address

Of course this worked like a charm on one of my 851's but the other (with a nearly) identical config (I hope) is still having problems both syncing time from that router and through the router (ntpdate's are failing from a Linux box behind it, no NAT) although the packet traces superficially look fine. The other oddity is that the OpenWRT box that is front-ending (as in iptables-masquerading) all of these (as well as a Linksys AP, probably VXWorks based) is occasionally sourcing some of the NTP traffic from UDP port 6 -- or at least that is what the tcpdump from OpenWRT says, which *can't* be right. Can it?


Jake Brodsky said...

Uhh, no Matt. That can't be right. NTP has been around for a VERY long time. I'm surprised that, especially with very stable open source implementations available for years, people STILL have problems doing this right.


Matt Franz said...

It MUST be a bonehead error or perhaps some IOS configuration residue. Any SOHO network 1:1 host to gateway ratio is bound to have problems. :)