Switching

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about EX and QFX portfolios and all switching solutions across your data center, campus, and branch locations.
  • 1.  Device not syncing with NTP Servers

    Posted 02-01-2021 11:23

    Hi Team,

     

    We are facing issue with NTP sync with our switches as the log messages shows that NTP Server is not reachable, but the connectivity looks fine between the devices.

    config we have ::

    set system ntp server 10.103.36.150
    set system ntp server 10.103.36.151
    set system ntp server 216.239.35.0 prefer
    set system ntp source-address 10.103.16.42







    this is our switching architecture ::
    we have configured all vlans as layer 3 in gateway  device.

    we don't have a firewall in between the ntp server and switches.

    Please let me know if i'm missing anything.



    ------------------------------
    Mad token
    ------------------------------


  • 2.  RE: Device not syncing with NTP Servers

    Posted 02-01-2021 11:46
    Your time is very far off so no matter what.
    run set   date YYYYMMDDhhmm.ss 

    Second.  Can you post your ntp servers config .. From the lost ntp may not be running or has its own filter dropping src  10.103.16.42 range


  • 3.  RE: Device not syncing with NTP Servers

    Posted 02-01-2021 12:21
    Edited by Scan 02-01-2021 12:22
    Hi tgreaser,

    You might be right about ntp filters at config level since we don't manage them and ntp works for internal gateway and other device s

    But as you can see from screen shot even time.google.com fails .

    In firewall we have allowed from trust to untrust any.

    ------------------------------
    Mad token
    ------------------------------



  • 4.  RE: Device not syncing with NTP Servers

    Posted 02-01-2021 18:50
    Check to see if the lo0 interface has a firewall filter applied to it.  If so, this is potentially blocking ntp access so have a look at the content of that filter.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------



  • 5.  RE: Device not syncing with NTP Servers

    Posted 02-01-2021 19:03
    As Steve posted .. If you have an RE filter please make sure its allowed to process the packet or if the  interface your 10.103.16.42  lives in.

    set firewall family inet filter protect-RE term ntp-term from protocol udp
    set firewall family inet filter protect-RE term ntp-term from destination-port ntp
    set firewall family inet filter protect-RE term ntp-term then accept
    set firewall family inet filter protect-RE term ntp-term then count ntp-term-counter


  • 6.  RE: Device not syncing with NTP Servers

    Posted 02-04-2021 05:48
    Thank you Steve and tgreaser it was indeed a filter on our internal gateway for vlan 16 blocking NTP traffic.

    Is there any command reference to " show security match-policies from-zone trust to-zone untrust " for matching filters on vlan as well?



    ------------------------------
    Mad token
    ------------------------------