Wireless Access

last person joined: an hour ago 

Access network design for branch, remote, outdoor and campus locations with Aruba access points, and mobility controllers.
Expand all | Collapse all

ntp authenticate without keys

  • 1.  ntp authenticate without keys

    Posted Dec 05, 2013 02:27 PM

    We have a customer that is using NTP, but does not have a key associated with it.

     

    NTP has not been working correctly with the servers entered properly. 

     

    Is the NTP authenticate command needed even though there is no key? 



  • 2.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:46 PM

    What does your NTP config look like?

     

    I have a controller simply configured with no authentication with the following command:

     

    ntp server <domain controller ip>

     

    Are there any ACLs that could be blocking NTP packets?



  • 3.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:47 PM

    Thats what is currently in the controller, but I still have to go set time manually.

     

    Also, the local controllers aren't taking that command. Is it master only?

     

    I dont believe any ACLs are in place blocking that. They already have their LAN using ntp with no problems.


    @cappalli wrote:

    ntp server <ip>


     



  • 4.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:48 PM

    Can you run:

     

    show ntp status

    and

    show ntp servers



  • 5.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:52 PM

    @cappalli wrote:

    Can you run:

     

    show ntp status

    and

    show ntp servers


    (Master-Aruba3600) #show ntp status
    Authentication: disabled
    system uptime: 6025530
    time since reset: 6025530
    bad stratum in packet: 0
    old version packets: 186982
    new version packets: 0
    unknown version number: 1
    bad packet format: 0
    packets processed: 186806
    bad authentication: 0
    packets rejected: 0
    system peer: 0.0.0.0
    system peer mode: unspec
    leap indicator: 11
    stratum: 16
    precision: -18
    root distance: 0.00000 s
    root dispersion: 90.38295 s
    reference ID: [0.0.0.0]
    reference time: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
    system flags: auth monitor ntp kernel stats 
    jitter: 0.000000 s
    stability: 0.000 ppm
    broadcastdelay: 0.003998 s
    authdelay: 0.000000 s

     

     

    (Master-Aruba3600) #show ntp servers
    remote local st poll reach delay offset disp
    =======================================================================
    =10.243.2.1 10.242.12.1 1 64 377 0.00075 16.490877 0.01649
    =10.242.2.55 10.242.12.1 2 64 377 0.00066 16.488094 0.01651

     



  • 6.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:55 PM

    Is the time off by a few hours or are the minutes and seconds drastically off too? Did you configure the time zone?

     

    clock timezone EST -5



  • 7.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:57 PM

    Yes, we configured the time zone.

     

    I dont know if their actual time is correct though. Let me see if I can get into their ntp server.


    @cappalli wrote:

    Is the time off by a few hours or are the minutes and seconds drastically off too? Did you configure the time zone?

     

    clock timezone EST -5


     



  • 8.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 03:00 PM

    It looks like your controller is successfully connecting to the NTP server (based on the show ntp status output). I would definitely check to see that the NTP server is correct. 



  • 9.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 03:05 PM

    Check the show ntp peer to see if there's any communication in/out between the two

    (beta-7200-controller) #show  ntp peer 10.2.2.1
    
    remote 10.63.250.21, local 10.10.10.1
    hmode client, pmode mode#255, stratum 3, precision -24
    leap 00, refid [18.26.4.105], rootdistance 0.00789, rootdispersion 0.04784
    ppoll 10, hpoll 10, keyid 0, version 4, association 6572
    reach 377, unreach 0, flash 0x0000, boffset 0.00400, ttl/mode 0
    timer 14s, flags system_peer, config, bclient
    reference time:      d64b5132.5eefbcaa  Thu, Dec  5 2013 14:23:30.370
    originate timestamp: d64b5794.e6e6ae41  Thu, Dec  5 2013 14:50:44.901
    receive timestamp:   d64b5794.e71e7d99  Thu, Dec  5 2013 14:50:44.902
    transmit timestamp:  d64b5794.e6f294dd  Thu, Dec  5 2013 14:50:44.902
    filter delay:  0.00058  0.00061  0.00055  0.00075
                   0.00060  0.00069  0.00055  0.00064
    filter offset: -0.00055 -0.00054 -0.00043 -0.00043
                   -0.00038 -0.00016 -0.00026 -0.00028
    filter order:  0        1        2        3
                   4        5        6        7
    offset -0.000556, delay 0.00058, error bound 0.12175, filter error 0.00000
    
    time last received:   789s
    time until next send: 235s
    reachability change:  3174455s
    packets sent:         3737
    packets received:     3736
    bad authentication:   0
    bogus origin:         0
    duplicate:            0
    bad dispersion:       0
    bad reference time:   0
    candidate order:      6

     



  • 10.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 03:10 PM

    Do you have any other network devices pointed at this NTP server? Are they showing the correct time?

     

    You could also use this test utility to verify.

     

    http://www.ntp-time-server.com/ntp-server-tool.html

     



  • 11.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:58 PM
    Do you have other devices in your network that are to communicate properly with your NTP server ?

    Like cappalli make sure you don't have access-group applied to the interface going to your uplink switch blocking port 123 ?