Wireless Access

last person joined: 20 hours ago 

Access network design for branch, remote, outdoor, and campus locations with HPE Aruba Networking access points and mobility controllers.
Back to discussions
Expand all | Collapse all

ntp authenticate without keys

This thread has been viewed 0 times

  • 1.  ntp authenticate without keys

    Posted Dec 05, 2013 02:27 PM

    We have a customer that is using NTP, but does not have a key associated with it.

     

    NTP has not been working correctly with the servers entered properly. 

     

    Is the NTP authenticate command needed even though there is no key? 



  • 2.  RE: ntp authenticate without keys

    EMPLOYEE
    Posted Dec 05, 2013 02:46 PM

    What does your NTP config look like?

     

    I have a controller simply configured with no authentication with the following command:

     

    ntp server <domain controller ip>

     

    Are there any ACLs that could be blocking NTP packets?



  • 3.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:47 PM

    Thats what is currently in the controller, but I still have to go set time manually.

     

    Also, the local controllers aren't taking that command. Is it master only?

     

    I dont believe any ACLs are in place blocking that. They already have their LAN using ntp with no problems.

    @cappalli wrote:

    ntp server <ip>

     



  • 4.  RE: ntp authenticate without keys

    EMPLOYEE
    Posted Dec 05, 2013 02:48 PM

    Can you run:

     

    show ntp status

    and

    show ntp servers



  • 5.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:52 PM
    @cappalli wrote:

    Can you run:

     

    show ntp status

    and

    show ntp servers

    (Master-Aruba3600) #show ntp status
Authentication: disabled
system uptime: 6025530
time since reset: 6025530
bad stratum in packet: 0
old version packets: 186982
new version packets: 0
unknown version number: 1
bad packet format: 0
packets processed: 186806
bad authentication: 0
packets rejected: 0
system peer: 0.0.0.0
system peer mode: unspec
leap indicator: 11
stratum: 16
precision: -18
root distance: 0.00000 s
root dispersion: 90.38295 s
reference ID: [0.0.0.0]
reference time: 00000000.00000000 Thu, Feb 7 2036 1:28:16.000
system flags: auth monitor ntp kernel stats 
jitter: 0.000000 s
stability: 0.000 ppm
broadcastdelay: 0.003998 s
authdelay: 0.000000 s

     

     

    (Master-Aruba3600) #show ntp servers
remote local st poll reach delay offset disp
=======================================================================
=10.243.2.1 10.242.12.1 1 64 377 0.00075 16.490877 0.01649
=10.242.2.55 10.242.12.1 2 64 377 0.00066 16.488094 0.01651

     



  • 6.  RE: ntp authenticate without keys

    EMPLOYEE
    Posted Dec 05, 2013 02:55 PM

    Is the time off by a few hours or are the minutes and seconds drastically off too? Did you configure the time zone?

     

    clock timezone EST -5



  • 7.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:57 PM

    Yes, we configured the time zone.

     

    I dont know if their actual time is correct though. Let me see if I can get into their ntp server.

    @cappalli wrote:

    Is the time off by a few hours or are the minutes and seconds drastically off too? Did you configure the time zone?

     

    clock timezone EST -5

     



  • 8.  RE: ntp authenticate without keys

    EMPLOYEE
    Posted Dec 05, 2013 03:00 PM

    It looks like your controller is successfully connecting to the NTP server (based on the show ntp status output). I would definitely check to see that the NTP server is correct. 



  • 9.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 03:05 PM

    Check the show ntp peer to see if there's any communication in/out between the two

    (beta-7200-controller) #show  ntp peer 10.2.2.1

remote 10.63.250.21, local 10.10.10.1
hmode client, pmode mode#255, stratum 3, precision -24
leap 00, refid [18.26.4.105], rootdistance 0.00789, rootdispersion 0.04784
ppoll 10, hpoll 10, keyid 0, version 4, association 6572
reach 377, unreach 0, flash 0x0000, boffset 0.00400, ttl/mode 0
timer 14s, flags system_peer, config, bclient
reference time:      d64b5132.5eefbcaa  Thu, Dec  5 2013 14:23:30.370
originate timestamp: d64b5794.e6e6ae41  Thu, Dec  5 2013 14:50:44.901
receive timestamp:   d64b5794.e71e7d99  Thu, Dec  5 2013 14:50:44.902
transmit timestamp:  d64b5794.e6f294dd  Thu, Dec  5 2013 14:50:44.902
filter delay:  0.00058  0.00061  0.00055  0.00075
               0.00060  0.00069  0.00055  0.00064
filter offset: -0.00055 -0.00054 -0.00043 -0.00043
               -0.00038 -0.00016 -0.00026 -0.00028
filter order:  0        1        2        3
               4        5        6        7
offset -0.000556, delay 0.00058, error bound 0.12175, filter error 0.00000

time last received:   789s
time until next send: 235s
reachability change:  3174455s
packets sent:         3737
packets received:     3736
bad authentication:   0
bogus origin:         0
duplicate:            0
bad dispersion:       0
bad reference time:   0
candidate order:      6

     



  • 10.  RE: ntp authenticate without keys

    EMPLOYEE
    Posted Dec 05, 2013 03:10 PM

    Do you have any other network devices pointed at this NTP server? Are they showing the correct time?

     

    You could also use this test utility to verify.

     

    http://www.ntp-time-server.com/ntp-server-tool.html

     



  • 11.  RE: ntp authenticate without keys

    Posted Dec 05, 2013 02:58 PM
    Do you have other devices in your network that are to communicate properly with your NTP server ?

    Like cappalli make sure you don't have access-group applied to the interface going to your uplink switch blocking port 123 ?