Wired Intelligent Edge

I just got a message from TAC, saying it is not possible. Below a good explanation from TAC:

"This is possible to source NTP traffic from the active-gateway Virtual IP, It is inappropriate as the logic behind this Virtual IP is purely for ARP scope. Indeed, as this is not a protocol based VIP (like VRRP), there is no guarantee that for a handshake communication between the NTP server and the NTP client the return packet will go through the same CX node.Say the NTP communication is initiated by VSX primary with VIP, there is a possibility that packet might comes back through VSX secondary which will handle the received packet as hosting the destination IP, but which will be out-of-sync for NTP protocol as not sourcing this request sequence."

ArubaOS-CX 10.02 introduced the capability to act as a server for NTP, also known as NTP master.

ArubaOS-CX NTP Client Config
Check the existing NTP client config on the CX switch. (In the example below, the Windows server 10.2.10.2 is not responding to NTP.)

ntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmt8320-upper# sh ntp associations----------------------------------------------------------------------ID NAME REMOTE REF-ID ST LAST POLL REACH----------------------------------------------------------------------1 10.2.10.2 10.2.10.2 .INIT. 16 - 1024 0* 2 10.2.10.3 10.2.10.3 16.110.135.123 3 997 1024 377----------------------------------------------------------------------

ArubaOS-CX NTP Server Config

NTP master is enabled by default, with no settings.

8320-upper# sh ntp masterNTP Master Status : Enabled-----------VRF Stratum-----------

To complete the config, add the extra parameters to the config (from the primary if in a VSX cluster):

ntp master vrf default stratum 3

If you are running this in a VSX cluster, the ntp master line will be synchronised to the secondary switch.

8320-lower# sh run | in ntpntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmtntp master vrf default stratum 3

Config for ArubaOS-Switch (also ProCurve)
I have added the loopback addresses of both 8320 switches in the VSX cluster. The VLAN interface IPs also work (eg 10.80.32.7 and 10.80.32.8).

timesync ntpntp unicastntp server 10.80.255.7ntp server 10.80.255.8ntp enable

My timezone settings for Sydney Australia:

time daylight-time-rule user-defined begin-date 10/01 end-date 04/01time timezone 600

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.255.7 4 u 75 10 3 0.000 0.000 15.8758810.80.255.8 4 u 75 10 3 0.000 0.000 15.87552

Other Notes
NTP master is not a virtualized function on ArubaOS-CX. The virtual IP address will not work if you try and use it. 10.80.32.1 is the virtual IP address in this example. Note that it is set to Stratum 16 - this never changes.

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.32.1 16 75 17 0 0.000 0.000 15.93835

NTP authentication isn't currently supported with the OS-CX device acting as server/master.

Update

CX6300 as NTP Source

• The 6300 gets its source from the Google time servers (there is a .0 as well, but it doesn't work with ProCurve/AOSS, so I never use it)
• This is via the MGMT port (mgmt VRF)
• NTP configured as a master, stratum 3, in VRF default (172.20.100.1 is one of the 6300 IPs in that VRF)

ntp server 216.239.35.12 iburstntp server 216.239.35.4 iburstntp server 216.239.35.8 iburstntp enablentp vrf mgmtntp master vrf default stratum 3​

The CX6300 now has NTP running as a master, and other network devices can point to it for time sync.

CX6200 using the 6300 NTP source

ntp server 172.20.100.1 iburst preferntp enablentp vrf mgmt

CX6200# sh ntp associations detail---------------------------------------------------------------------- ID            NAME          REMOTE          REF-ID ST LAST POLL REACH----------------------------------------------------------------------* 1    172.20.100.1    172.20.100.1        LOCAL(0)  4 1052 1024   377----------------------------------------------------------------------NTP Association Key   code    : First character of each line is the Tally code (Explained below)   ID      : Server number   NAME    : NTP server name or IPv4/v6 address (only the first 24 characters of the name are displayed)   REMOTE  : Remote server IPv4/v6 address   REF_ID  : Reference ID for the remote server (Can be an IP address). See NTP docs for more information.   Stratum : (ST) Number of hops between the client and the reference clock.   LAST    : Time since the last packet was received (seconds unless unit is provided)   POLL    : Interval (in seconds) between NTP poll packets. Maximum (1024) reached as server and client syncs.   REACH   : 8-bit octal number that displays status of last eight NTP messages (377 = all messages received).Key for the Tally codeThis field displays the current selection status.     : No state information available (e.g. non-responding server)   x : Out of tolerance (discarded by intersection algorithm)   . : Discarded by table overflow (not used)   - : Out of tolerance (discarded by the cluster algorithm)   + : Good and a preferred remote peer or server (included by the combine algorithm)   # : Good remote peer or server, but not utilized (ready as a backup source)   * : Remote peer or server presently used as a primary reference   o : PPS peer (when the prefer peer is valid)CX6200# sh ntp statistics                 Rx-pkts  158292 Current Version Rx-pkts  6678     Old Version Rx-pkts  0              Error pkts  0        Auth-failed pkts  0           Declined pkts  0         Restricted pkts  0       Rate-limited pkts  0                KOD pkts  0CX6200# sh ntp statusNTP Status InformationNTP                        : EnabledNTP Authentication         : DisabledNTP Server Connections     : Using the mgmt VRFSystem time                : Sat Sep  4 23:37:13 AEST 2021NTP uptime                 : 26 days, 12 hours, 24 minutes, 35 secondsNTP Synchronization InformationNTP Server                 : 172.20.100.1 at stratum 4Poll interval              : 1024 secondsTime accuracy              : Within -0.000153 secondsReference time             : Sat Sep  4 2021 23:35:34.934 as per Australia/Sydney​

ArubaOS-CX 10.02 introduced the capability to act as a server for NTP, also known as NTP master.

ArubaOS-CX NTP Client Config
Check the existing NTP client config on the CX switch. (In the example below, the Windows server 10.2.10.2 is not responding to NTP.)

ntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmt8320-upper# sh ntp associations----------------------------------------------------------------------ID NAME REMOTE REF-ID ST LAST POLL REACH----------------------------------------------------------------------1 10.2.10.2 10.2.10.2 .INIT. 16 - 1024 0* 2 10.2.10.3 10.2.10.3 16.110.135.123 3 997 1024 377----------------------------------------------------------------------

ArubaOS-CX NTP Server Config

NTP master is enabled by default, with no settings.

8320-upper# sh ntp masterNTP Master Status : Enabled-----------VRF Stratum-----------

To complete the config, add the extra parameters to the config (from the primary if in a VSX cluster):

ntp master vrf default stratum 3

If you are running this in a VSX cluster, the ntp master line will be synchronised to the secondary switch.

8320-lower# sh run | in ntpntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmtntp master vrf default stratum 3

Config for ArubaOS-Switch (also ProCurve)
I have added the loopback addresses of both 8320 switches in the VSX cluster. The VLAN interface IPs also work (eg 10.80.32.7 and 10.80.32.8).

timesync ntpntp unicastntp server 10.80.255.7ntp server 10.80.255.8ntp enable

My timezone settings for Sydney Australia:

time daylight-time-rule user-defined begin-date 10/01 end-date 04/01time timezone 600

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.255.7 4 u 75 10 3 0.000 0.000 15.8758810.80.255.8 4 u 75 10 3 0.000 0.000 15.87552

Other Notes
NTP master is not a virtualized function on ArubaOS-CX. The virtual IP address will not work if you try and use it. 10.80.32.1 is the virtual IP address in this example. Note that it is set to Stratum 16 - this never changes.

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.32.1 16 75 17 0 0.000 0.000 15.93835

NTP authentication isn't currently supported with the OS-CX device acting as server/master.

Update

CX6300 as NTP Source

• The 6300 gets its source from the Google time servers (there is a .0 as well, but it doesn't work with ProCurve/AOSS, so I never use it)
• This is via the MGMT port (mgmt VRF)
• NTP configured as a master, stratum 3, in VRF default (172.20.100.1 is one of the 6300 IPs in that VRF)

ntp server 216.239.35.12 iburstntp server 216.239.35.4 iburstntp server 216.239.35.8 iburstntp enablentp vrf mgmtntp master vrf default stratum 3​

The CX6300 now has NTP running as a master, and other network devices can point to it for time sync.

CX6200 using the 6300 NTP source

ntp server 172.20.100.1 iburst preferntp enablentp vrf mgmt

CX6200# sh ntp associations detail---------------------------------------------------------------------- ID            NAME          REMOTE          REF-ID ST LAST POLL REACH----------------------------------------------------------------------* 1    172.20.100.1    172.20.100.1        LOCAL(0)  4 1052 1024   377----------------------------------------------------------------------NTP Association Key   code    : First character of each line is the Tally code (Explained below)   ID      : Server number   NAME    : NTP server name or IPv4/v6 address (only the first 24 characters of the name are displayed)   REMOTE  : Remote server IPv4/v6 address   REF_ID  : Reference ID for the remote server (Can be an IP address). See NTP docs for more information.   Stratum : (ST) Number of hops between the client and the reference clock.   LAST    : Time since the last packet was received (seconds unless unit is provided)   POLL    : Interval (in seconds) between NTP poll packets. Maximum (1024) reached as server and client syncs.   REACH   : 8-bit octal number that displays status of last eight NTP messages (377 = all messages received).Key for the Tally codeThis field displays the current selection status.     : No state information available (e.g. non-responding server)   x : Out of tolerance (discarded by intersection algorithm)   . : Discarded by table overflow (not used)   - : Out of tolerance (discarded by the cluster algorithm)   + : Good and a preferred remote peer or server (included by the combine algorithm)   # : Good remote peer or server, but not utilized (ready as a backup source)   * : Remote peer or server presently used as a primary reference   o : PPS peer (when the prefer peer is valid)CX6200# sh ntp statistics                 Rx-pkts  158292 Current Version Rx-pkts  6678     Old Version Rx-pkts  0              Error pkts  0        Auth-failed pkts  0           Declined pkts  0         Restricted pkts  0       Rate-limited pkts  0                KOD pkts  0CX6200# sh ntp statusNTP Status InformationNTP                        : EnabledNTP Authentication         : DisabledNTP Server Connections     : Using the mgmt VRFSystem time                : Sat Sep  4 23:37:13 AEST 2021NTP uptime                 : 26 days, 12 hours, 24 minutes, 35 secondsNTP Synchronization InformationNTP Server                 : 172.20.100.1 at stratum 4Poll interval              : 1024 secondsTime accuracy              : Within -0.000153 secondsReference time             : Sat Sep  4 2021 23:35:34.934 as per Australia/Sydney​

ArubaOS-CX 10.02 introduced the capability to act as a server for NTP, also known as NTP master.

ArubaOS-CX NTP Client Config
Check the existing NTP client config on the CX switch. (In the example below, the Windows server 10.2.10.2 is not responding to NTP.)

ntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmt8320-upper# sh ntp associations----------------------------------------------------------------------ID NAME REMOTE REF-ID ST LAST POLL REACH----------------------------------------------------------------------1 10.2.10.2 10.2.10.2 .INIT. 16 - 1024 0* 2 10.2.10.3 10.2.10.3 16.110.135.123 3 997 1024 377----------------------------------------------------------------------

ArubaOS-CX NTP Server Config

NTP master is enabled by default, with no settings.

8320-upper# sh ntp masterNTP Master Status : Enabled-----------VRF Stratum-----------

To complete the config, add the extra parameters to the config (from the primary if in a VSX cluster):

ntp master vrf default stratum 3

If you are running this in a VSX cluster, the ntp master line will be synchronised to the secondary switch.

8320-lower# sh run | in ntpntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmtntp master vrf default stratum 3

Config for ArubaOS-Switch (also ProCurve)
I have added the loopback addresses of both 8320 switches in the VSX cluster. The VLAN interface IPs also work (eg 10.80.32.7 and 10.80.32.8).

timesync ntpntp unicastntp server 10.80.255.7ntp server 10.80.255.8ntp enable

My timezone settings for Sydney Australia:

time daylight-time-rule user-defined begin-date 10/01 end-date 04/01time timezone 600

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.255.7 4 u 75 10 3 0.000 0.000 15.8758810.80.255.8 4 u 75 10 3 0.000 0.000 15.87552

Other Notes
NTP master is not a virtualized function on ArubaOS-CX. The virtual IP address will not work if you try and use it. 10.80.32.1 is the virtual IP address in this example. Note that it is set to Stratum 16 - this never changes.

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.32.1 16 75 17 0 0.000 0.000 15.93835

NTP authentication isn't currently supported with the OS-CX device acting as server/master.

Update

CX6300 as NTP Source

• The 6300 gets its source from the Google time servers (there is a .0 as well, but it doesn't work with ProCurve/AOSS, so I never use it)
• This is via the MGMT port (mgmt VRF)
• NTP configured as a master, stratum 3, in VRF default (172.20.100.1 is one of the 6300 IPs in that VRF)

ntp server 216.239.35.12 iburstntp server 216.239.35.4 iburstntp server 216.239.35.8 iburstntp enablentp vrf mgmtntp master vrf default stratum 3​

The CX6300 now has NTP running as a master, and other network devices can point to it for time sync.

CX6200 using the 6300 NTP source

ntp server 172.20.100.1 iburst preferntp enablentp vrf mgmt

CX6200# sh ntp associations detail---------------------------------------------------------------------- ID            NAME          REMOTE          REF-ID ST LAST POLL REACH----------------------------------------------------------------------* 1    172.20.100.1    172.20.100.1        LOCAL(0)  4 1052 1024   377----------------------------------------------------------------------NTP Association Key   code    : First character of each line is the Tally code (Explained below)   ID      : Server number   NAME    : NTP server name or IPv4/v6 address (only the first 24 characters of the name are displayed)   REMOTE  : Remote server IPv4/v6 address   REF_ID  : Reference ID for the remote server (Can be an IP address). See NTP docs for more information.   Stratum : (ST) Number of hops between the client and the reference clock.   LAST    : Time since the last packet was received (seconds unless unit is provided)   POLL    : Interval (in seconds) between NTP poll packets. Maximum (1024) reached as server and client syncs.   REACH   : 8-bit octal number that displays status of last eight NTP messages (377 = all messages received).Key for the Tally codeThis field displays the current selection status.     : No state information available (e.g. non-responding server)   x : Out of tolerance (discarded by intersection algorithm)   . : Discarded by table overflow (not used)   - : Out of tolerance (discarded by the cluster algorithm)   + : Good and a preferred remote peer or server (included by the combine algorithm)   # : Good remote peer or server, but not utilized (ready as a backup source)   * : Remote peer or server presently used as a primary reference   o : PPS peer (when the prefer peer is valid)CX6200# sh ntp statistics                 Rx-pkts  158292 Current Version Rx-pkts  6678     Old Version Rx-pkts  0              Error pkts  0        Auth-failed pkts  0           Declined pkts  0         Restricted pkts  0       Rate-limited pkts  0                KOD pkts  0CX6200# sh ntp statusNTP Status InformationNTP                        : EnabledNTP Authentication         : DisabledNTP Server Connections     : Using the mgmt VRFSystem time                : Sat Sep  4 23:37:13 AEST 2021NTP uptime                 : 26 days, 12 hours, 24 minutes, 35 secondsNTP Synchronization InformationNTP Server                 : 172.20.100.1 at stratum 4Poll interval              : 1024 secondsTime accuracy              : Within -0.000153 secondsReference time             : Sat Sep  4 2021 23:35:34.934 as per Australia/Sydney​

ArubaOS-CX 10.02 introduced the capability to act as a server for NTP, also known as NTP master.

ArubaOS-CX NTP Client Config
Check the existing NTP client config on the CX switch. (In the example below, the Windows server 10.2.10.2 is not responding to NTP.)

ntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmt8320-upper# sh ntp associations----------------------------------------------------------------------ID NAME REMOTE REF-ID ST LAST POLL REACH----------------------------------------------------------------------1 10.2.10.2 10.2.10.2 .INIT. 16 - 1024 0* 2 10.2.10.3 10.2.10.3 16.110.135.123 3 997 1024 377----------------------------------------------------------------------

ArubaOS-CX NTP Server Config

NTP master is enabled by default, with no settings.

8320-upper# sh ntp masterNTP Master Status : Enabled-----------VRF Stratum-----------

To complete the config, add the extra parameters to the config (from the primary if in a VSX cluster):

ntp master vrf default stratum 3

If you are running this in a VSX cluster, the ntp master line will be synchronised to the secondary switch.

8320-lower# sh run | in ntpntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmtntp master vrf default stratum 3

Config for ArubaOS-Switch (also ProCurve)
I have added the loopback addresses of both 8320 switches in the VSX cluster. The VLAN interface IPs also work (eg 10.80.32.7 and 10.80.32.8).

timesync ntpntp unicastntp server 10.80.255.7ntp server 10.80.255.8ntp enable

My timezone settings for Sydney Australia:

time daylight-time-rule user-defined begin-date 10/01 end-date 04/01time timezone 600

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.255.7 4 u 75 10 3 0.000 0.000 15.8758810.80.255.8 4 u 75 10 3 0.000 0.000 15.87552

Other Notes
NTP master is not a virtualized function on ArubaOS-CX. The virtual IP address will not work if you try and use it. 10.80.32.1 is the virtual IP address in this example. Note that it is set to Stratum 16 - this never changes.

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.32.1 16 75 17 0 0.000 0.000 15.93835

NTP authentication isn't currently supported with the OS-CX device acting as server/master.

Update

CX6300 as NTP Source

• The 6300 gets its source from the Google time servers (there is a .0 as well, but it doesn't work with ProCurve/AOSS, so I never use it)
• This is via the MGMT port (mgmt VRF)
• NTP configured as a master, stratum 3, in VRF default (172.20.100.1 is one of the 6300 IPs in that VRF)

ntp server 216.239.35.12 iburstntp server 216.239.35.4 iburstntp server 216.239.35.8 iburstntp enablentp vrf mgmtntp master vrf default stratum 3​

The CX6300 now has NTP running as a master, and other network devices can point to it for time sync.

CX6200 using the 6300 NTP source

ntp server 172.20.100.1 iburst preferntp enablentp vrf mgmt

CX6200# sh ntp associations detail---------------------------------------------------------------------- ID            NAME          REMOTE          REF-ID ST LAST POLL REACH----------------------------------------------------------------------* 1    172.20.100.1    172.20.100.1        LOCAL(0)  4 1052 1024   377----------------------------------------------------------------------NTP Association Key   code    : First character of each line is the Tally code (Explained below)   ID      : Server number   NAME    : NTP server name or IPv4/v6 address (only the first 24 characters of the name are displayed)   REMOTE  : Remote server IPv4/v6 address   REF_ID  : Reference ID for the remote server (Can be an IP address). See NTP docs for more information.   Stratum : (ST) Number of hops between the client and the reference clock.   LAST    : Time since the last packet was received (seconds unless unit is provided)   POLL    : Interval (in seconds) between NTP poll packets. Maximum (1024) reached as server and client syncs.   REACH   : 8-bit octal number that displays status of last eight NTP messages (377 = all messages received).Key for the Tally codeThis field displays the current selection status.     : No state information available (e.g. non-responding server)   x : Out of tolerance (discarded by intersection algorithm)   . : Discarded by table overflow (not used)   - : Out of tolerance (discarded by the cluster algorithm)   + : Good and a preferred remote peer or server (included by the combine algorithm)   # : Good remote peer or server, but not utilized (ready as a backup source)   * : Remote peer or server presently used as a primary reference   o : PPS peer (when the prefer peer is valid)CX6200# sh ntp statistics                 Rx-pkts  158292 Current Version Rx-pkts  6678     Old Version Rx-pkts  0              Error pkts  0        Auth-failed pkts  0           Declined pkts  0         Restricted pkts  0       Rate-limited pkts  0                KOD pkts  0CX6200# sh ntp statusNTP Status InformationNTP                        : EnabledNTP Authentication         : DisabledNTP Server Connections     : Using the mgmt VRFSystem time                : Sat Sep  4 23:37:13 AEST 2021NTP uptime                 : 26 days, 12 hours, 24 minutes, 35 secondsNTP Synchronization InformationNTP Server                 : 172.20.100.1 at stratum 4Poll interval              : 1024 secondsTime accuracy              : Within -0.000153 secondsReference time             : Sat Sep  4 2021 23:35:34.934 as per Australia/Sydney​

ArubaOS-CX 10.02 introduced the capability to act as a server for NTP, also known as NTP master.

ArubaOS-CX NTP Client Config
Check the existing NTP client config on the CX switch. (In the example below, the Windows server 10.2.10.2 is not responding to NTP.)

ntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmt8320-upper# sh ntp associations----------------------------------------------------------------------ID NAME REMOTE REF-ID ST LAST POLL REACH----------------------------------------------------------------------1 10.2.10.2 10.2.10.2 .INIT. 16 - 1024 0* 2 10.2.10.3 10.2.10.3 16.110.135.123 3 997 1024 377----------------------------------------------------------------------

ArubaOS-CX NTP Server Config

NTP master is enabled by default, with no settings.

8320-upper# sh ntp masterNTP Master Status : Enabled-----------VRF Stratum-----------

To complete the config, add the extra parameters to the config (from the primary if in a VSX cluster):

ntp master vrf default stratum 3

If you are running this in a VSX cluster, the ntp master line will be synchronised to the secondary switch.

8320-lower# sh run | in ntpntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmtntp master vrf default stratum 3

Config for ArubaOS-Switch (also ProCurve)
I have added the loopback addresses of both 8320 switches in the VSX cluster. The VLAN interface IPs also work (eg 10.80.32.7 and 10.80.32.8).

timesync ntpntp unicastntp server 10.80.255.7ntp server 10.80.255.8ntp enable

My timezone settings for Sydney Australia:

time daylight-time-rule user-defined begin-date 10/01 end-date 04/01time timezone 600

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.255.7 4 u 75 10 3 0.000 0.000 15.8758810.80.255.8 4 u 75 10 3 0.000 0.000 15.87552

Other Notes
NTP master is not a virtualized function on ArubaOS-CX. The virtual IP address will not work if you try and use it. 10.80.32.1 is the virtual IP address in this example. Note that it is set to Stratum 16 - this never changes.

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.32.1 16 75 17 0 0.000 0.000 15.93835

NTP authentication isn't currently supported with the OS-CX device acting as server/master.

Update

CX6300 as NTP Source

• The 6300 gets its source from the Google time servers (there is a .0 as well, but it doesn't work with ProCurve/AOSS, so I never use it)
• This is via the MGMT port (mgmt VRF)
• NTP configured as a master, stratum 3, in VRF default (172.20.100.1 is one of the 6300 IPs in that VRF)

ntp server 216.239.35.12 iburstntp server 216.239.35.4 iburstntp server 216.239.35.8 iburstntp enablentp vrf mgmtntp master vrf default stratum 3​

The CX6300 now has NTP running as a master, and other network devices can point to it for time sync.

CX6200 using the 6300 NTP source

ntp server 172.20.100.1 iburst preferntp enablentp vrf mgmt

CX6200# sh ntp associations detail---------------------------------------------------------------------- ID            NAME          REMOTE          REF-ID ST LAST POLL REACH----------------------------------------------------------------------* 1    172.20.100.1    172.20.100.1        LOCAL(0)  4 1052 1024   377----------------------------------------------------------------------NTP Association Key   code    : First character of each line is the Tally code (Explained below)   ID      : Server number   NAME    : NTP server name or IPv4/v6 address (only the first 24 characters of the name are displayed)   REMOTE  : Remote server IPv4/v6 address   REF_ID  : Reference ID for the remote server (Can be an IP address). See NTP docs for more information.   Stratum : (ST) Number of hops between the client and the reference clock.   LAST    : Time since the last packet was received (seconds unless unit is provided)   POLL    : Interval (in seconds) between NTP poll packets. Maximum (1024) reached as server and client syncs.   REACH   : 8-bit octal number that displays status of last eight NTP messages (377 = all messages received).Key for the Tally codeThis field displays the current selection status.     : No state information available (e.g. non-responding server)   x : Out of tolerance (discarded by intersection algorithm)   . : Discarded by table overflow (not used)   - : Out of tolerance (discarded by the cluster algorithm)   + : Good and a preferred remote peer or server (included by the combine algorithm)   # : Good remote peer or server, but not utilized (ready as a backup source)   * : Remote peer or server presently used as a primary reference   o : PPS peer (when the prefer peer is valid)CX6200# sh ntp statistics                 Rx-pkts  158292 Current Version Rx-pkts  6678     Old Version Rx-pkts  0              Error pkts  0        Auth-failed pkts  0           Declined pkts  0         Restricted pkts  0       Rate-limited pkts  0                KOD pkts  0CX6200# sh ntp statusNTP Status InformationNTP                        : EnabledNTP Authentication         : DisabledNTP Server Connections     : Using the mgmt VRFSystem time                : Sat Sep  4 23:37:13 AEST 2021NTP uptime                 : 26 days, 12 hours, 24 minutes, 35 secondsNTP Synchronization InformationNTP Server                 : 172.20.100.1 at stratum 4Poll interval              : 1024 secondsTime accuracy              : Within -0.000153 secondsReference time             : Sat Sep  4 2021 23:35:34.934 as per Australia/Sydney​

ArubaOS-CX 10.02 introduced the capability to act as a server for NTP, also known as NTP master.

ArubaOS-CX NTP Client Config
Check the existing NTP client config on the CX switch. (In the example below, the Windows server 10.2.10.2 is not responding to NTP.)

ntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmt8320-upper# sh ntp associations----------------------------------------------------------------------ID NAME REMOTE REF-ID ST LAST POLL REACH----------------------------------------------------------------------1 10.2.10.2 10.2.10.2 .INIT. 16 - 1024 0* 2 10.2.10.3 10.2.10.3 16.110.135.123 3 997 1024 377----------------------------------------------------------------------

ArubaOS-CX NTP Server Config

NTP master is enabled by default, with no settings.

8320-upper# sh ntp masterNTP Master Status : Enabled-----------VRF Stratum-----------

To complete the config, add the extra parameters to the config (from the primary if in a VSX cluster):

ntp master vrf default stratum 3

If you are running this in a VSX cluster, the ntp master line will be synchronised to the secondary switch.

8320-lower# sh run | in ntpntp server 10.2.10.2ntp server 10.2.10.3ntp enablentp vrf mgmtntp master vrf default stratum 3

Config for ArubaOS-Switch (also ProCurve)
I have added the loopback addresses of both 8320 switches in the VSX cluster. The VLAN interface IPs also work (eg 10.80.32.7 and 10.80.32.8).

timesync ntpntp unicastntp server 10.80.255.7ntp server 10.80.255.8ntp enable

My timezone settings for Sydney Australia:

time daylight-time-rule user-defined begin-date 10/01 end-date 04/01time timezone 600

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.255.7 4 u 75 10 3 0.000 0.000 15.8758810.80.255.8 4 u 75 10 3 0.000 0.000 15.87552

Other Notes
NTP master is not a virtualized function on ArubaOS-CX. The virtual IP address will not work if you try and use it. 10.80.32.1 is the virtual IP address in this example. Note that it is set to Stratum 16 - this never changes.

3500in8xxx(config)# sh ntp associationsNTP Associations EntriesRemote St T When Poll Reach Delay Offset Dispersion--------------- ---- ---- ------ ----- -------- -------- -------- ----------10.80.32.1 16 75 17 0 0.000 0.000 15.93835

NTP authentication isn't currently supported with the OS-CX device acting as server/master.