No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

An Incorrect Configuration Order Causes a Failure to Synchronize the NPT Clock on an NE40E

Publication Date:  2019-07-28 Views:  118 Downloads:  0

Issue Description

On a customer network, an NE40E-X8 functions as the master NTP clock server, and a newly deployed NE40E-X3 functions as an NTP client to synchronize with the NE40E-X8. After the unicast NTP server/client mode is configured, clock synchronization fails on the NE40E-X3.

Handling Process

1. After NTP is configured, check the NTP clock synchronization status on the NE40E-X3. It is found that clock synchronization is not performed.

[NE40E-X3]display ntp status

 clock status: unsynchronized    //Synchronization is not performed.

 clock stratum: 16 

 reference clock ID: none

 nominal frequency: 64.0000 Hz 

 actual frequency: 64.0000 Hz 

 clock precision: 2^11

 clock offset: 0.0000 ms 

 root delay: 0.00 ms 

 root dispersion: 0.00 ms 

 peer dispersion: 0.00 ms 

 reference time: 00:00:00.000 UTC Jan 1 1900(00000000.00000000)

2. Check whether the NTP clock configuration is correct. It is found that the configuration is normal and the verification modes and key IDs are consistent.

NE40E-X8:

ntp-service authentication enable

ntp-service authentication-keyid 10 authentication-mode md5 %#%##v`-JxO(S}/iMJp<9Z4IK%DVV[L06%#%#

ntp-service reliable authentication-keyid 10

ntp-service refclock-master 2

NE40E-X3:

ntp-service authentication enable

ntp-service authentication-keyid 10 authentication-mode md5 %#%#sTClKtnl38vw{!vLR{18"/f6$xo2L%#%#

ntp-service reliable authentication-keyid 10

ntp-service unicast-server x.172.18.1 authentication-keyid 10

3. Check the NTP packet sending and receiving on the S7706. It is found that NTP packets are discarded, and the authentication on the discarded packets fails.

[NE40E-X3]display ntp-service statistics packet

 NTP IPv4 Packet Statistical Information 

 ---------------------------------------

 Sent                                  : 47

    Send failures                      : 44

 Received                              : 15

    Processed                          : 0

    Dropped                            : 15

       Validity test failures          : 15

          Authentication failures      : 15

       Invalid packets                 : 0

       Access denied                   : 0

       Rate-limited                    : 0

       Processing delay                : 0

       Interface disabled              : 0

       Max dynamic association reached : 0

       Autokey failures                : 0

       Others                          : 0

 Last 2 packets drop reasons :

   [2017-9-25 14:20:59-08:00] From Peer x.172.18.1 (Local mode: client/configured) Authentication failure

4. Check whether the authentication failure is caused by an inconsistency between the passwords of the server and client. After the password is reset, NTP clock synchronization still fails, and the number of authentication error packets keeps increasing.

5. Check the reason why authentication still fails when the passwords of the server and client are the same. View the configuration example in the product document.

Note:

§  The client and server must be configured with the same key authentication and the key must be reliable. Otherwise, authentication fails.

§  The NTP authentication function must be enabled.

6. Check the device log. It is found that the NTP server address is specified prior to the NTP client address and the NTP authentication function is enabled after the NTP server and client address settings.

Sep  25 2017 14:11:57-08:00 NE40E-X3 %%01SHELL/5/CMDRECORD(l)[0]:Record command information. (Task=co0 , Ip=**, User=**, Command="ntp-service authentication enable")

Sep  25 2017 14:11:40-08:00 NE40E-X3 %%01SHELL/5/CMDRECORD(l)[1]:Record command information. (Task=co0 , Ip=**, User=**, Command="ntp-service unicast-server x.172.18.1 authentication-keyid 10")

Sep  25 2017 14:11:04-08:00 NE40E-X3 %%01SHELL/5/CMDRECORD(l)[2]:Record command information. (Task=co0 , Ip=**, User=**, Command="ntp-service reliable authentication-keyid 10")

Sep  25 2017 14:10:26-08:00 NE40E-X3 %%01SHELL/5/CMDRECORD(l)[3]:Record command information. (Task=co0 , Ip=**, User=**, Command="ntp-service authentication-keyid 10 authentication-mode md5 ******")

7. Delete the NTP clock configuration. Enable the NTP authentication function, and then specify the NTP server address. After that, the NTP clock synchronization succeeds.

Root Cause

During configuration of NTP authentication in unicast server/client mode, the NTP authentication function must be enabled on the client before the NTP server address is specified and the authentication key to be sent to the server is specified. Otherwise, authentication is not performed during clock synchronization. Therefore, clock synchronization fails in this situation.

Solution

Enable the NTP authentication function on the client and then specify the NTP server address and the authentication key to be sent to the server.

END