3 Replies Latest reply on Aug 11, 2017 10:30 AM by jayh

    NTP Master

    redbarron New Member

      I have configured a Cisco router as an NTP Master and I have successfully synced multiple Adtrans routers to it for NTP.  When I try to sync a Juniper switch to the Adtran I get no suitable syncrhonization server can be found.  I have used the source command for NTP and the Juniper can reach the Adtran without issue.  How do I get the Adtran to act as a suitable NTP server?

        • Re: NTP Master
          jayh Hall_of_Fame

          I would start with debugging NTP on the Juniper. It may be a different version, expecting authentication, etc.

           

          As a rule, setting a standalone piece of gear as an NTP master without a suitable time source such as GPS, etc. isn't recommended other than as a lab scenario (or when fooling some trial license software into thinking it hasn't expired).

            • Re: NTP Master
              redbarron New Member

              I did the debug thing before I posted and the Juniper doesn't like the fact that it is getting timing from a non-verified source yet the Adtran shows a verified source from the Cisco (synced with Internet NTP server)  it derives its timing from.  The goal is to reduce WAN traffic over a MPLS network where possible.

                • Re: NTP Master
                  jayh Hall_of_Fame

                  Don't use NTP master. That is telling peers that your device is authoritative (even if it loses sync with its upstream server and is not). Apparently Juniper doesn't like that.

                   

                  On the Adtran, configure the authoritative Cisco and a secondary peer or more if you choose with the command "ntp server <ip.add.re.ss>" and your Adtran will pull clock from it/them.

                   

                  Point the Juniper at the Adtran's IP. It should just work. You should see the stratum of the source at the Adtran incremented by one. If the Adtran loses sync with the Cisco, it will no longer be authoritative and both its and the Juniper's clocks will free-run until sync is re-established.

                   

                  You can also, in the Adtran, configure the Juniper as a peer with "ntp peer <ip.add.re.ss>". This will allow bidirectional synchronization which could be risky if the Juniper claims to be a lower stratum than what you see from the Cisco. This might happen if the Juniper is (mis)configured as NTP master.

                   

                  An alternative, which I haven't tested in the lab, might be to use the ntp master command on the Adtran with a stratum higher than you get from the Cisco, something like "ntp master 8". This may allow the Cisco's clock to pass through to the Juniper if present. Untested. Obviously if the Adtran loses sync from the Cisco, the Juniper will ignore NTP from the Adtran  as it is doing now.