Scenario#10 – Phones showing Incorrect time

I don’t remember how many times I came across customers complaining that their phones are either x minutes ahead or x minutes behind the normal time.

This is what I do whenever I come across time issues. This is for applicance based Call manager (5.x, 6.x, 7.x, 8.x)

  • Go to OS Admin > Settings > NTP server
  • Is there any NTP Server? If there is an IP address mentioned then try to Ping that IP from OS Admin > Services > Ping
  • Most of the time customers add the CUCM IP address as NTP address. This is not correct. Under OS Admin > NTP server – it should point to a NTP server within the network.
  • Find the gateway which is accessible from CUCM
  • Go to that Gateway and setup NTP as follows:
Router# Conf t
Router# clock timezone GMT 0
Router# clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00
Router# ntp server 130.88.203.12 (or use 130.88.200.4)

There are several NTP servers where you can point your gateway.

List : http://www.timetools.co.uk/ntp-servers/ref/ntp-server-uk.htm
Do ping the IP address from gateway to make sure it is reachable.

TIP: Some low-end routers, such as the 1600 and 1700 series, don’t support the full NTP protocol. They support only a stripped-down version called SNTP. SNTP is a client-only version of NTP and can be configured with the sntp server command.

Also run the following commands to check Synchronization:

Sh ntp status
sh ntp association

Router# show ntp status

Clock is synchronized, stratum 4, reference is 130.88.203.12

nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19
reference time is AFE2525E.70597B34 (00:10:22.438 PDT Mon Jul 5 1993)
clock offset is 7.33 msec, root delay is 133.36 msec
root dispersion is 126.28 msec, peer dispersion is 5.98 msec

Router#show ntp associations

address            ref clock         st      when    poll   reach   delay   offset    disp
~172.31.32.2       172.31.32.1       5       29      1024   377     4.2     -8.59     1.6
+~192.168.13.33    192.168.1.111     5       69      128    377     4.1     3.48      2.3
*~130.88.203.12    130.88.203.12     2       32      128    377     7.9     11.18     3.6
* master (synced), # master (unsynced), + selected, – candidate, ~ configured

The poll field represents the polling interval (in seconds) between NTP poll packets. As the NTP server and client are better synced and there aren’t dropped packets, this number increases to a maximum of 1024. The offset field is the calculated offset (in milliseconds) between the client and server time. The client slows down or speeds up its clock to match the server’s time value. The offset decreases toward zero over time. It probably will never reach zero since the packet delay between the client and server is never exactly the same, so the client NTP can’t ever exactly match its clock with the server’s. Additional details about the output field are explained in the Basic System Management Commands document.

If there’s an asterisk (*) next to a configured peer, then you are synced to this peer and using them as the master clock. As long as one peer is the master then everything is fine. However, the key to knowing that NTP is working properly is looking at the value in the reach field.

A pound sign (#) displayed next to a configured peer in the show ntp associations command output indicates that the router isn’t syncing with the peer even though NTP request and response packets are being exchanged. In this case, check the output of the show ntp associations detail command or the NTP debugs to see why the clocks aren’t syncing. You can use the show ntp associations detail  and show ntp status  commands to obtain additional information regarding the state of NTP.

I remember there was this one customer where I had to leave for several hours before the gateway sycnhed with external NTP server.

ACL is also important if you want to restrict access to your Router NTP clock. If you don’t put an ACL then your router is also acting as a NTP server for any external source. Although its not a major issue but a sophisticated attacker may access your gateway.

This is how you can configure an ACL:

To provide time services only to internal systems. Lets say internal network is 192.168.1.x.

1. Configure an ACL to restrict access to internal systems:

2. Configure NTP to use the ACL with the ntp access-group serve-only command:

RouterOne#config terminal
Enter configuration commands, one per line.  End with CNTL/Z.

Router#ntp server 130.88.203.12

Router#access-list 21 permit 192.168.0.0 0.0.255.255
Router#access-list 21 deny any
Router#ntp access-group serve-only 21
Router#^Z

  • Once the gateway is synched you can check the time at gateway by doing show clock
  • Add the loopback IP address of this gateway under OS Admin > NTP server of CUCM
  • The CUCM will show – The NTP server is accessible
  • Go to CUCM Admin > System > Phone NTP Reference > Enter the Loopback IP of gateway
  • Go to CUCM Admin > System > Date/Time Group and add NTP reference
  • The Phones will Synch after sometime
  • If you want to do it immediately then restart the device or reset the D/T group (this will reset all devices so make sure customer is aware of it)
Advertisements

4 thoughts on “Scenario#10 – Phones showing Incorrect time

  1. just a quick note, if you have SKINNY phones going to Phone NTP reference is irrelevant, because the skkiny phones are going to ignore that setting, the phones are going to get the time from the server, however if you have SIP phones then that parameter is important, otherwise the SIP endpoints are going to get the time from the 200 OK message coming from the CallManager

  2. Hello’

    What happens when you have several Cisco 7965 phones taht do show the correct time but one and only one that doesn’t?

    Thanks

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s