Sunday, November 25, 2007

851 ISR's use SNTP Dummy!



So I've configured NTP on quite a few Cisco and non-Cisco devices and I expected it to be an "ntp ?" away. NTP was only mentioned in the ports reference in the configuration guide and I didn't feel like resetting/remembering my password to be able to check the good old IOS feature navigator.


sntp server 192.168.100.100


851w#conf t
Enter configuration commands, one per line. End with CNTL/Z.
851w(config)#sntp ?
broadcast Configure SNTP broadcast services
logging Enable SNTP message logging
multicast Configure SNTP multicast services
server Configure SNTP server
source-interface Configure interface for source address


Of course this worked like a charm on one of my 851's but the other (with a nearly) identical config (I hope) is still having problems both syncing time from that router and through the router (ntpdate's are failing from a Linux box behind it, no NAT) although the packet traces superficially look fine. The other oddity is that the OpenWRT box that is front-ending (as in iptables-masquerading) all of these (as well as a Linksys AP, probably VXWorks based) is occasionally sourcing some of the NTP traffic from UDP port 6 -- or at least that is what the tcpdump from OpenWRT says, which *can't* be right. Can it?

2 comments:

Jake Brodsky said...

Uhh, no Matt. That can't be right. NTP has been around for a VERY long time. I'm surprised that, especially with very stable open source implementations available for years, people STILL have problems doing this right.

Sheesh.

Matt Franz said...

It MUST be a bonehead error or perhaps some IOS configuration residue. Any SOHO network 1:1 host to gateway ratio is bound to have problems. :)