Cisco Nexus 7K as NTP server

Similar Messages

• How to sync clock of Cisco ASA 5505 from NTP Server on internet

  Hi there!
  i've setup a site, with cisco ASA 5505. It has public ip also.
  i want to sync the clock of firewall from on ntp server on internet, or with internal domain controller that is inside LAN.
  The firewall has public IP also.
  how can i do this?
  Regards!

  Hello Lasandro,
  This should do it!
  http://www.cisco.com/en/US/docs/security/asa/asa84/configuration/guide/basic_hostname_pw.html#wp1236530
  Looking for some Networking Assistance? 
  Contact me directly at [email protected]
  I will fix your problem ASAP.
  Cheers,
  Julio Carvajal Segura
  http://laguiadelnetworking.com

• Error: Cannot connect to NTP server or NTP server is not running - Cisco IPS

  This is different scenario here:
  I have two Cisco IPS 4260-k9 and both are in production now.
  One of the IPSs is configured with NTP and works fines, but another one is not.
  When tried to configure when the device is ON and live in production and got the following error,
  Error from CLI:
  " Error: Cannot connect to NTP server or NTP server is not running "
  Error from IME:
  " Delivery failed.
  err Unaccepable Value - cannot connect to the NTP server or NTP server is not running"
  I am able to reach the NTP server, also the same NTP is working fine with other devices....
  Am I doing anything wrong?
  Please advise

  Hi,
  Now the error has changed:
  Session.connect: java.net.SocketTimeoutException: Read timed out
  I have increased the pooling interval to 1 Hr from 1 Min. Waiting for the next pooling interval result.
  Guide me if I am heading right.... or anything else needs to be done.
  Regards,
  Krishna Chauhan

• Linux ntp server with cisco 3850

  hi all
  i'm trying to make sync with linux ntp with cisco 3850  here is the what i did
  linux centos 6.5 (on the ucs virtual machin) . this is a ntp server
  ip 10.1.1.251
  ===================================================
  For more information about this file, see the man pages
  # ntp.conf(5), ntp_acc(5), ntp_auth(5), ntp_clock(5), ntp_misc(5), ntp_mon(5).
  driftfile /var/lib/ntp/drift
  # Permit time synchronization with our time source, but do not
  # permit the source to query or modify the service on this system.
  restrict default kod nomodify notrap nopeer noquery
  restrict -6 default kod nomodify notrap nopeer noquery
  # Permit all access over the loopback interface.  This could
  # be tightened as well, but to do so would effect some of
  # the administrative functions.
  restrict 127.0.0.1
  restrict -6 ::1
  # Hosts on local network are less restricted.
  restrict 10.1.1.0 mask 255.255.255.0 nomodify notrap
  # Use public servers from the pool.ntp.org project.
  # Please consider joining the pool (http://www.pool.ntp.org/join.html)
  #server 1.centos.pool.ntp.org iburs
  #server 2.centos.pool.ntp.org iburst
  #server 3.centos.pool.ntp.org iburst
  server 127.127.1.0
  fudge 127.127.1.0 stratum 2
  #broadcast 192.168.1.255 autokey        # broadcast server
  #broadcastclient                        # broadcast client
  #broadcast 224.0.1.1 autokey            # multicast server
  #multicastclient 224.0.1.1              # multicast client
  #manycastserver 239.255.254.254         # manycast server
  #manycastclient 239.255.254.254 autokey # manycast client
  # Enable public key cryptography.
  #crypto
  includefile /etc/ntp/crypto/pw
  # Key file containing the keys and key identifiers used when operating
  # with symmetric key cryptography.
  keys /etc/ntp/keys
  # Specify the key identifiers which are trusted.
  #trustedkey 4 8 42
  # Specify the key identifier to use with the ntpdc utility.
  #requestkey 8
  # Specify the key identifier to use with the ntpq utility.
  #controlkey 8
  # Enable writing of statistics records.
  #statistics clockstats cryptostats loopstats peerstats
  and cisco 3850  configured this one
  ntp server 10.1.1.241
  and
  show ntp status
  clock is unsynchronized, stratum 16, reference is null
  why...didn't work.. somebody help me..

  Is there a typo in your post or configuration? You show the NTP server IP address as 10.1.1.251, but the router configured to use 10.1.1.241.
  Regards

• Cisco 3750X wont sync to ntp server

  sh version
  Switch Ports Model              SW Version            SW Image
  *    1 30    WS-C3750X-24       15.0(2)SE5            C3750E-UNIVERSALK9-M
  nsi.swcore01#sho ntp associations
    address         ref clock       st   when   poll reach  delay  offset   disp
   ~192.168.68.254  .INIT.          16      -   1024     0  0.000   0.000 15937.
   * sys.peer, # selected, + candidate, - outlyer, x falseticker, ~ configured
  nsi.swcore01#sh ntp status
  Clock is unsynchronized, stratum 16, no reference clock
  nominal freq is 119.2092 Hz, actual freq is 119.2092 Hz, precision is 2**17
  reference time is 00000000.00000000 (08:00:00.000 GMT Mon Jan 1 1900)
  clock offset is 0.0000 msec, root delay is 0.00 msec
  root dispersion is 46985.14 msec, peer dispersion is 0.00 msec
  loopfilter state is 'FSET' (Drift set from file), drift is 0.000000000 s/s
  system poll interval is 64, never updated.
  I tried to manually set the time so that the ntp server and the switch will have almost identical time, and btw NTP Server is a firewall, IP of the switch is allowed, and im actually seeing logs on the firewall side(watchguard) that it is trying to sync w/ the ntp server

  NTP server is watchguard firewall, other devices such as AD, ubuntu server is pointed on it and using its time sychronization and its working, i dont know why im having an issue w/ cisco 3750x

• Logging of commands on syslog server (Cisco Nexus 7010)

  Please help.
  How to set up logging of commands on syslog server ? (cisco nexus 7010)

  Hi Igor
  Nexus has internal accounting log: sh accouting log
  But it can be sent only to the accounting server, not to a syslog server.
  If you want - you man manually export it to some log.
  HTH,
  Alex

• Cisco 2821 Router as a NTP Server

  We are using a 2821 Router as our boundary router.  It has installed into it a 9 port HWIC for layer 2 switching as well as allowing the router to communicate on the Network Management VLAN.  All of the devices on the Network Management VLAN are segregated from the managed traffic, which unfortunately also doesn't allow them external NTP services.  Can the router be programmed as a NTP server so that all of the network appliances can utilize it for NTP from either it's NM Vlan IP address or from a loopback address?  Thanks in advance for the help.

  What are the commands needed in the router for it to provide time to other appliances?
  If your router has successfully synchronized with an authoritative NTP server?  NOT A THING.
  In my network, only the site's distribution switch is allowed to go out and get NTP.  All other access switch goes to the distribution switch by using the command "ntp server ".  You can have multiple NTP server IP address and if you prefer to have a "favorite" you can append your command with the "prefer" option:  ntp server prefer.
  If you have clients then point their NTP to your router.  For troubleshooting, I prefer the command "sh ntp associate".  If your NTP server IP address starts with a "*" this is good and means that your NTP is synchronized.
  Hope this answers your question.

• Routing issue between Cisco Nexus and Cisco 4510 R+E Chassis

  We have configured Cisco Nexus 7K9 as core and Cisco 4510 R+E as access switches for Server connectivity.
  We are experiencing problem in terms of ARP learning and Ping issues between Cisco Nexus and end hosts.

  Hi,
  So you have N7k acting as L3 with servers connected to 4510?.
  Do you see the MAC associated with failing ARP in 4510?. Is it happening with all or few servers?. Just to verify if it is connectivity issue between N7k and 4510, you can configure an SVI on 4510 and assign address from same raneg (server/core range) and perform a ping.
  This will help narrow down if issue is between server to 4510 or 4510 to N7k.
  Thanks,
  Nagendra

• HP Servers NIC Teaming with Cisco Nexus 2000/5000

  I have number of HP switches that will be connected to Cisco Nexus 2000/5000 switches.
  In  HP Servers, there are multiple options for NIC teaming.  I like to  connect each port in a NIC card to two different Nexus 2000 switches  extension to Nexus 5000 switches.  Nexus 5000 switches will be  configured as VPC for clustering.
  Wanted to know what whould be the best NIC teaming option from the followng HP Server's NIC Teaming options:
  Automatic
  802.3ad Dynamic with Fault Tolerence
  Switch-assisted load balancing with Fault Tolerance (SLB)
  Transmit load balancing with Fault Tolerance (TLB)
  Transmit Load Balancing with Fault tolerance and preference order
  Network Fault Tolerance Only (NFT)
  Network Fault Tolerance with Preference Order

  Nexus switches only support LACP (802.3ad) or ON mode.  So, to match your server config with your switch, the first option is the best one to use.  I think, SLB is a Microsoft propriety protocol.
  HTH

• Ask the Expert: Different Flavors and Design with vPC on Cisco Nexus 5000 Series Switches

  Welcome to the Cisco® Support Community Ask the Expert conversation.  This is an opportunity to learn and ask questions about Cisco® NX-OS.
  The biggest limitation to a classic port channel communication is that the port channel operates only between two devices. To overcome this limitation, Cisco NX-OS has a technology called virtual port channel (vPC). A pair of switches acting as a vPC peer endpoint looks like a single logical entity to port channel attached devices. The two devices that act as the logical port channel endpoint are actually two separate devices. This setup has the benefits of hardware redundancy combined with the benefits offered by a port channel, for example, loop management.
  vPC technology is the main factor for success of Cisco Nexus® data center switches such as the Cisco Nexus 5000 Series, Nexus 7000 Series, and Nexus 2000 Series Switches.
  This event is focused on discussing all possible types of vPC along-with best practices, failure scenarios, Cisco Technical Assistance Center (TAC) recommendations and troubleshooting
  Vishal Mehta is a customer support engineer for the Cisco Data Center Server Virtualization Technical Assistance Center (TAC) team based in San Jose, California. He has been working in TAC for the past 3 years with a primary focus on data center technologies, such as the Cisco Nexus 5000 Series Switches, Cisco Unified Computing System™ (Cisco UCS®), Cisco Nexus 1000V Switch, and virtualization. He presented at Cisco Live in Orlando 2013 and will present at Cisco Live Milan 2014 (BRKCOM-3003, BRKDCT-3444, and LABDCT-2333). He holds a master’s degree from Rutgers University in electrical and computer engineering and has CCIE® certification (number 37139) in routing and switching, and service provider.
  Nimit Pathak is a customer support engineer for the Cisco Data Center Server Virtualization TAC team based in San Jose, California, with primary focus on data center technologies, such as Cisco UCS, the Cisco Nexus 1000v Switch, and virtualization. Nimit holds a master's degree in electrical engineering from Bridgeport University, has CCNA® and CCNP® Nimit is also working on a Cisco data center CCIE® certification While also pursuing an MBA degree from Santa Clara University.
  Remember to use the rating system to let Vishal and Nimit know if you have received an adequate response. 
  Because of the volume expected during this event, Vishal and Nimit might not be able to answer every question. Remember that you can continue the conversation in the Network Infrastructure Community, under the subcommunity LAN, Switching & Routing, shortly after the event. This event lasts through August 29, 2014. Visit this forum often to view responses to your questions and the questions of other Cisco Support Community members.

  Hello Gustavo
  Please see my responses to your questions:
  Yes almost all routing protocols use Multicast to establish adjacencies. We are dealing with two different type of traffic –Control Plane and Data Plane.
  Control Plane: To establish Routing adjacency, the first packet (hello) is punted to CPU. So in the case of triangle routed VPC topology as specified on the Operations Guide Link, multicast for routing adjacencies will work. The hellos packets will be exchanged across all 3 routers and adjacency will be formed over VPC links
  http://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/operations/n5k_L3_w_vpc_5500platform.html#wp999181
  Now for Data Plane we have two types of traffic – Unicast and Multicast.
  The Unicast traffic will not have any forwarding issues, but because the Layer 3 ECMP and port channel run independent hash calculations there is a possibility that when the Layer 3 ECMP chooses N5k-1 as the Layer 3 next hop for a destination address while the port channel hashing chooses the physical link toward N5k-2. In this scenario,N5k-2 receives packets from R with the N5k-1 MAC as the destination MAC.
  Sending traffic over the peer-link to the correct gateway is acceptable for data forwarding, but it is suboptimal because it makes traffic cross the peer link when the traffic could be routed directly.
  For that topology, Multicast Traffic might have complete traffic loss due to the fact that when a PIM router is connected to Cisco Nexus 5500 Platform switches in a vPC topology, the PIM join messages are received only by one switch. The multicast data might be received by the other switch.
  The Loop avoidance works little different across Nexus 5000 and Nexus 7000.
  Similarity: For both products, loop avoidance is possible due to VSL bit
  The VSL bit is set in the DBUS header internal to the Nexus.
  It is not something that is set in the ethernet packet that can be identified. The VSL bit is set on the port asic for the port used for the vPC peer link, so if you have Nexus A and Nexus B configured for vPC and a packet leaves Nexus A towards Nexus B, Nexus B will set the VSL bit on the ingress port ASIC. This is not something that would traverse the peer link.
  This mechanism is used for loop prevention within the chassis.
  The idea being that if the port came in the peer link from the vPC peer, the system makes the assumption that the vPC peer would have forwarded this packet out the vPC-enabled port-channels towards the end device, so the egress vpc interface's port-asic will filter the packet on egress.
  Differences:  In Nexus 5000 when it has to do L3-to-L2 lookup for forwarding traffic, the VSL bit is cleared and so the traffic is not dropped as compared to Nexus 7000 and Nexus 3000.
  It still does loop prevention but the L3-to-L2 lookup is different in Nexus 5000 and Nexus 7000.
  For more details please see below presentation:
  https://supportforums.cisco.com/sites/default/files/session_14-_nexus.pdf
  DCI Scenario:  If 2 pairs are of Nexus 5000 then separation of L3/L2 links is not needed.
  But in most scenarios I have seen pair of Nexus 5000 with pair of Nexus 7000 over DCI or 2 pairs of Nexus 7000 over DCI. If Nexus 7000 are used then L3 and L2 links are required for sure as mentioned on above presentation link.
  Let us know if you have further questions.
  Thanks,
  Vishal

• NTP Server IP Address ?

  Hi,
  I have configured a Cisco 6509 core switch as a NTP master and allowed all my access switches to get their time synchronised with the core switch. Now, I want to configure the core switch to get itself synchronised with other public NTP server which would be reliable and genuine as our organisation is serving for healthcare. One of my friend has told me to use these IPs 128.249.1.1 or 128.2.136.71 as a NTP Server in the core switch. Should I use them?
  Is Cisco recommends any Public IP for  NTP Server synchronisation? Please suggest.
  Thanks & Regards,
  Anil K. 

  Disclaimer: I have no affiliation with Cisco in any way except where I work, we use some Cisco products (sw/hw). So take it however you will.
  Personally, I would rather adopt the following approach suggested at http://www.pool.ntp.org/en/use.html, than hardcoding a couple of public NTP servers in a remote region:
  "As pool.ntp.org will assign you timeservers from all over the world, time quality will not be ideal. You get a bit better result if you use the continental zones (For example europe, north-america, oceania or asia.pool.ntp.org), and even better time if you use the country zone (like ch.pool.ntp.org in Switzerland) - for all these zones, you can again use the 0, 1 or 2 prefixes, like 0.ch.pool.ntp.org. Note, however, that the country zone might not exist for your country, or might contain only one or two timeservers. If you know timeservers that are really close to you (measured by network distance, with traceroute or ping), time probably will be even better. "
  Of course, if time sync is REALLY that important, one might consider buying/installing commercial GPS-based NTP appliances. That's not what you're looking for, obviously.

• Cisco Catalyst 3850 as ntp master

  Hi All,
  I have 2 x Cisco Catalyst 3850 stacked together. What are your recommendations if I use the C3850 as a ntp master for all edge switches connected in my network? All edge switches must be authenticated if it needs NTP sychronization. But other than that, what are the downsides?
  For example,
  1. I heard that switches do not have an internal clock so is a poor device to be a centralized NTP master.
  2. I have also read that switches also have slow CPU processors that may lack the processing required.
  3. Its NTP sychronization will use external NTP servers which are resolved into IP addresses (e.g. pool.ntp.org). IP address can change. What other more reliable NTP sources are there?
  4. Any other thoughts and comments are most welcome.

  Firstly, DO NOT use the command "ntp master".  Cisco do not recommend using this commands because this will confuse the NTP propagation inside the network.  
  Next, all Cisco devices do not have a dedicated clock.  All appliances need to get SNTP/NTP time synch from somewhere.  This "somewhere" could either be a dedicated GPS-based NTP server and/or a time synch somewhere out in the internet.  
  You can also use the command "ntp update-calendar".  This new command allows appliances to take regular "snapshot" of the time and save it into the NVRAM.  In case there was a reboot or a power failure, the appliance's time is not too far away instead of waiting 5 to 10 minutes for SNTP/NTP to synch.

• CER 7.1.1 install - no NTP server option

  Trying to install CER 7.1.1.  When I get to the Network Time Protocol Client Configuration window it prompts me to put in an NTP server IP address.  The install never prompts me to configure an NTP server or not.  The install doc says that I should get prompted to choose NTP or not, just like a CUCM install.  Did I do something wrong?  I tried it several times and get the same thing.  I have a Not For Resale disc and this is in a lab.  Is there something special about that disc? I don't want to use NTP but I configured a Win2K3 server to be the NTP server, it's reachable but the install can never connect to it.  Needless to say, I can't finish the install.  Below is what I get.
  Network Time Protocol Client Configuration
  NTP  Server 1  ---------
  NTP Server 2  ---------
  NTP  Server 3 ----------
  NTP  Server 4 ----------
  NTP  Server 5 ----------
  There is no option to choose No NTP.  You either  have to put in an NTP server or you can't move on with the  installation.

  Thanks for the replies.  I was using an installation guide, below, that shows the option to choose NTP or not on step 18.  Is the document wrong then?  In any case, I tried the hacks for Windows, no go.  I tried Linux NTP {Ubuntu], no go.  Otherwise, I just have a voice gateway and a 3524 that doesn't do NTP server.   Any suggestions on getting Linux to work with CER NTP?  Thanks.
  Step 18 On the Network Time Protocol Client Configuration page, you are asked if you want to set up external Network Time Protocol (NTP) servers.
  Note Cisco strongly recommends that you use external NTP servers to ensure that the system time is kept accurate.
  If you click Yes, the system displays a second Network Time Protocol Client Configuration page. In the fields provided, enter the IP address or hostname of the external NTP servers, then click OK. The Database Access Security Configuration page displays. Skip to Step 19.
  If you click No, the Hardware Clock Configuration page appears. Enter the following information:
  • Year [yyyy]
  • Month [mm]
  • Day [dd]
  • Hour [hh]
  • Minute [mm]
  • Second [ss]
  When you have finished entering this information, click OK. The Database Access Security Configuration page appears.
  http://www.cisco.com/en/US/docs/voice_ip_comm/cer/7_0/english/administration/guide/e911inst.html

• Anyone got NTP working with a Windows 2008 NTP server?

  Hello,
  I'm trying to sync the time on our routers and swithces with a Windows 2008R2 server, but it doesn't work.  Has anyone managed to do this:
  Config:
  ntp master
  ntp update-calendar
  ntp server 192.168.2.164
  sh ntp associations
    address         ref clock         st   when   poll   reach    delay    offset     disp
  *~127.127.1.1     .LOCL.         7     11     16      377      0.000   0.000      0.225
  ~192.168.2.164  .INIT.          16      -      1024     0       0.000    0.000    15937.
  Windows 2008R2 server
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\TimeProviders\NtpServer]"
  "Enabled"=dword:00000001
  restart server
  w32tm /config /manualpeerlist:uk.pool.ntp.org,0x8 /syncfromflags:MANUAL
  net stop w32time
  net start w32time
  Doesnt work
  Woudl Linux like Ubuntu be better?
  Thanks

  I got this working from a cisco 2911 router to Windows 7 computer.
  As per many articles, you are missing:-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]"
  "AnnounceFlags"=dword:00000005
  But the one that allows Cisco kit to Sync is:-
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config]"
  "LocalClockDispersion"=dword:00000000
  This article http://www.cisco.com/c/en/us/support/docs/ip/network-time-protocol-ntp/108076-ntp-troubleshoot.html talks about having a root-dispersion higher than 1000ms (1 second) causing Cisco IOS-NTP to unsynchronizes itself.
  This article http://htluo.blogspot.co.uk/2009/02/ntp-network-time-protocol.html#comment-form was the only one I found that added to the normal enable ntp server registry keys information, stating to change ‘HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\W32Time\Config\LocalClockDispersion’  from 10 to 0
  There was also articles that said that the Windows NTP implementation was version 3, and therefore you had to append ‘version 3’ to the routers ‘ntp server x.x.x.x’ command. This may be perhaps true for earlier windows versions?, but was NOT required for Windows 7.

• Cisco Nexus 1000v Virtual Switch for Hyper-V Availability

  Hi,
  Does anyone have any information on the availability of the Cisco Nexus 1000v virtual switch for Hyper-V. Is it available to download from Cisco yet? If not when will it be released? Are there any Beta programs etc?
  I can download the 1000v for VmWare but cannot find any downloads for the Hyper-V version.
  Microsoft Partner

  Any updates on the Cisco Nexus 1000v virtual switch for Hyper-V? Just checked on the Cisco site, however still only the download for VMware and no trace of any beta version. Also posted the same question at:
  http://blogs.technet.com/b/schadinio/archive/2012/06/09/windows-server-2012-hyper-v-extensible-switch-cisco-nexus-1000v.aspx
  "Hyper-V support isn't out yet. We are looking at a beta for Hyper-V starting at the end of February or the begining of March. "
  -Ian @ Cisco Community
  || MCITP: EA, VA, EMA, Lync SA, makes a killer sandwich. ||