I don’t remember how many times I came across customers complaining that their phones are either x minutes ahead or x minutes behind the normal time.
This is what I do whenever I come across time issues. This is for applicance based Call manager (5.x, 6.x, 7.x, 8.x)
- Go to OS Admin > Settings > NTP server
- Is there any NTP Server? If there is an IP address mentioned then try to Ping that IP from OS Admin > Services > Ping
- Most of the time customers add the CUCM IP address as NTP address. This is not correct. Under OS Admin > NTP server – it should point to a NTP server within the network.
- Find the gateway which is accessible from CUCM
- Go to that Gateway and setup NTP as follows:
Router# Conf t Router# clock timezone GMT 0 Router# clock summer-time BST recurring last Sun Mar 2:00 last Sun Oct 2:00 Router# ntp server 18.104.22.168 (or use 22.214.171.124) There are several NTP servers where you can point your gateway. List : http://www.timetools.co.uk/ntp-servers/ref/ntp-server-uk.htm Do ping the IP address from gateway to make sure it is reachable.
TIP: Some low-end routers, such as the 1600 and 1700 series, don’t support the full NTP protocol. They support only a stripped-down version called SNTP. SNTP is a client-only version of NTP and can be configured with the sntp server command.
Also run the following commands to check Synchronization:
Sh ntp status
sh ntp association
Router# show ntp status
Clock is synchronized, stratum 4, reference is 126.96.36.199
nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19
reference time is AFE2525E.70597B34 (00:10:22.438 PDT Mon Jul 5 1993)
clock offset is 7.33 msec, root delay is 133.36 msec
root dispersion is 126.28 msec, peer dispersion is 5.98 msec
Router#show ntp associations
address ref clock st when poll reach delay offset disp
~172.31.32.2 172.31.32.1 5 29 1024 377 4.2 -8.59 1.6
+~192.168.13.33 192.168.1.111 5 69 128 377 4.1 3.48 2.3
*~188.8.131.52 184.108.40.206 2 32 128 377 7.9 11.18 3.6
* master (synced), # master (unsynced), + selected, – candidate, ~ configured
The poll field represents the polling interval (in seconds) between NTP poll packets. As the NTP server and client are better synced and there aren’t dropped packets, this number increases to a maximum of 1024. The offset field is the calculated offset (in milliseconds) between the client and server time. The client slows down or speeds up its clock to match the server’s time value. The offset decreases toward zero over time. It probably will never reach zero since the packet delay between the client and server is never exactly the same, so the client NTP can’t ever exactly match its clock with the server’s. Additional details about the output field are explained in the Basic System Management Commands document.
If there’s an asterisk (*) next to a configured peer, then you are synced to this peer and using them as the master clock. As long as one peer is the master then everything is fine. However, the key to knowing that NTP is working properly is looking at the value in the reach field.
A pound sign (#) displayed next to a configured peer in the show ntp associations command output indicates that the router isn’t syncing with the peer even though NTP request and response packets are being exchanged. In this case, check the output of the show ntp associations detail command or the NTP debugs to see why the clocks aren’t syncing. You can use the show ntp associations detail and show ntp status commands to obtain additional information regarding the state of NTP.
I remember there was this one customer where I had to leave for several hours before the gateway sycnhed with external NTP server.
ACL is also important if you want to restrict access to your Router NTP clock. If you don’t put an ACL then your router is also acting as a NTP server for any external source. Although its not a major issue but a sophisticated attacker may access your gateway.
This is how you can configure an ACL:
To provide time services only to internal systems. Lets say internal network is 192.168.1.x.
1. Configure an ACL to restrict access to internal systems:
2. Configure NTP to use the ACL with the ntp access-group serve-only command:
Enter configuration commands, one per line. End with CNTL/Z.
Router#ntp server 220.127.116.11
Router#access-list 21 permit 192.168.0.0 0.0.255.255
Router#access-list 21 deny any
Router#ntp access-group serve-only 21
- Once the gateway is synched you can check the time at gateway by doing show clock
- Add the loopback IP address of this gateway under OS Admin > NTP server of CUCM
- The CUCM will show – The NTP server is accessible
- Go to CUCM Admin > System > Phone NTP Reference > Enter the Loopback IP of gateway
- Go to CUCM Admin > System > Date/Time Group and add NTP reference
- The Phones will Synch after sometime
- If you want to do it immediately then restart the device or reset the D/T group (this will reset all devices so make sure customer is aware of it)