Thursday, 27 October 2016

CONFIGURE NTP SERVER FOR WLC


Switch#sh clock
*05:08:16.326 UTC Mon Mar 1 1993
Switch#ping in.pool.ntp.org

Translating "in.pool.ntp.org"...domain server (255.255.255.255) % Name lookup aborted
% Unrecognized host or address, or protocol not running.

CONFIGURE LOOKUP
Switch#
Switch#conf t
Switch(config)#ip domain-lookup
Switch(config)#ip name 8.8.8.8

TESTING
Switch#ping in.pool.ntp.org
Translating "in.pool.ntp.org"...domain server (8.8.8.8) [OK]
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 125.62.193.121, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 34/40/42 ms
Switch#ping 125.62.193.121
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 125.62.193.121, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 42/42/42 ms

CONFIGURING NTP SERVER.
Switch(config)#ntp server in.pool.ntp.org

SETTING TIMEZONE
Switch(config)#clock timezone UTC +5 30

CREATING AUTHENTICATING KEY

Switch(config)#ntp authenticate
Switch(config)#ntp authentication-key 1 md5 123456
Switch(config)#ntp trusted-key 1
Switch(config)#ntp allow mode private


Controller Configuration


1.      Choose Controller > NTP > Servers to open the NTP Servers page. Click New to add an NTP server.
The NTP Servers > New page appears.



2.      Choose a server priority from the Server Index (Priority) drop-down list.
3.      Enter the NTP server IP Address in the Server IPAddress text box.
4.      Enable NTP server authentication by selecting the NTP Server Authentication check box.



5.      Click Apply.
6.      Choose Controller > NTP > Keys.
7.      Click New to create a key.
8.      Enter the key index in the Key Index text box.
9.      Choose the key format from the Key Format drop-down list.
10.  Enter the Key in the Key text box.



Verify
You can use these commands from the WLC CLI to verify the configuration:
(Cisco Controller) >show time
Time............................................. Wed Nov 23 15:31:27 2011

Timezone delta................................... 0:0

Timezone location................................ (GMT -6:00) Central Time (US and Canada)

NTP Servers

    NTP Polling Interval.........................     86400

     Index     NTP Key Index     NTP Server      NTP Msg Auth Status
    -------  ---------------------------------------------------------------
       1              1        10.78.177.30       AUTH SUCCESS


Troubleshoot
You can use the debug ntp detail enable command to view the sequence of events that occur once the NTP server configuration is done on the WLC.
*sntpReceiveTask: Nov 23 15:08:24.360: Started=3531049704.360568 2011 Nov 23 15:08:24.360

*sntpReceiveTask: Nov 23 15:08:24.360: Looking for the socket addresses

*sntpReceiveTask: Nov 23 15:08:24.360: NTP Polling cycle: accepts=0, count=5, attempts=1, retriesPerHost=6.
 Outgoing packet on NTP Server on socket 0:

*sntpReceiveTask: Nov 23 15:08:24.360: sta=0 ver=3 mod=3 str=15 pol=8 dis=0.000000 ref=0.000000

*sntpReceiveTask: Nov 23 15:08:24.361: ori=0.000000 rec=0.000000
*sntpReceiveTask: Nov 23 15:08:24.361: tra=3531049704.360889 cur=3531049704.360889

*sntpReceiveTask: Nov 23 15:08:24.361: Host Supports NTP authentication with Key Id = 1

*sntpReceiveTask: Nov 23 15:08:24.361: NTP Auth Key Id = 1 Key Length = 5

*sntpReceiveTask: Nov 23 15:08:24.361: MD5 Hash and Key Id added in NTP Tx packet

*sntpReceiveTask: Nov 23 15:08:24.361: Flushing outstanding packets

*sntpReceiveTask: Nov 23 15:08:24.361: Flushed 0 packets totalling 0 bytes

*sntpReceiveTask: Nov 23 15:08:24.361: Packet of length 68 sent to 10.78.177.30 UDPport=123
*sntpReceiveTask: Nov 23 15:08:24.363: Packet of length 68 received from 10.78.177.30 UDPport=123
*sntpReceiveTask: Nov 23 15:08:24.363: KeyId In Recieved NTP Packet 1

*sntpReceiveTask: Nov 23 15:08:24.363: KeyId 1 found in recieved NTP packet exists as part of the trusted Key/s

*sntpReceiveTask: Nov 23 15:08:24.363: The NTP trusted Key Id  1 length = 5

*sntpReceiveTask: Nov 23 15:08:24.363: NTP Message Authentication - SUCCESS

*sntpReceiveTask: Nov 23 15:08:24.363: sta=0 ver=3 mod=4 str=8 pol=8 dis=3.875031 ref=3531071269.384065


*sntpReceiveTask: Nov 23 15:08:24.363: ori=3531049704.360889 rec=3531071270.103183
Posted by at

1 comment:

  1. 2KNOW26 February 2017 at 04:10

    About the command: ntp allow mode private. It's not recognized on 3560 cisco switch specially allow.

    ReplyDelete

Subscribe to: Post Comments (Atom)