I've got a 2621 router running 12.3(12a). Client machines use it as their NTP server, and it in turn is configured to use 172.16.1.1 as its NTP server. The router itself is at 10.1.1.3, and it's typically the master for HSRP address 10.1.1.1 (which is the address the clients use as their NTP server). One of these clients is a Windows 2003 server at 10.1.1.81 (configurations have been anonymized to protect the innocent, of course, though the details are all accurate).
The router has actually decided to use the 10.1.1.81 client machine as a a time source...and not only that, but 10.1.1.81 is using 10.1.1.1 (i.e., the router) as *its* time source. Ack! I've never seen this happen before... the routers only ever show time sources that are explicitly configured, and the NTP configuration on this router is extremely simple:
router# show run | include ntp ntp clock-period 17179981 ntp server 172.16.1.1
What's going on here? What could cause a Cisco router to decide to use a Windows 2003 client machine as a time source, even though it has an explicitly configured NTP server (which is not that Windows machine)?
I don't want this router to use its own clock as a master clock--I do in fact want it to synchronize to the configured master server. My question is why it would decide to "adopt" one of its clients as an NTP server, which I've never seen happen before.
This particular Windows 2003 box happens to be an Active Directory controller, and it was the first one configured for the forest, and so (according to Microsoftdocs ) it is in fact configured automatically as an NTP time source. However, I don't see any reason for the 2621 to start using it.
Here's the output of "show ntp assoc detail" while this was occurring:
So apparently the router thought 172.16.1.1 was "insane", and wouldn't trust it. And it identified 10.1.1.81 as being a "dynamic" server (as opposed to "configured"), apparently meaning that it was learned dynamically. So I guess what I'm saying is, I didn't realize a Cisco router would do this. And I guess my questions are:
1) Is this really how NTP is supposed to work by default in IOS?
2) Does this only occur when the configured time servers are acting wonky (or "insane") for some reason? It appears so, since once the router became happy with 172.16.1.1 again, the "dynamic" entry for 10.1.1.81 disappeared.
3) Is there any way to tell the router to use *only* the configured time servers, and not to learn any dynamically? I suppose I could use "ntp max-associations" to limit the number of associations to the number that's configured statically, but that seems a bit hokey.
Well in this output, you are showing us that the refernce clock is just "configured." The router has lost contact with the stratum 2 clock, so it is now relying on the stratum 4 clock. Why has it lost contact with
184.108.40.206? Are you allowed to use timekeeper.isi.edu? They may be blocking you.
Who is the NTP server? How is 172.16.1.1 configured?
He is a valid stratum 4 clock. Unless we have somethign better, we depend on that.
The devices will mutually synchronize to each other in the absence of a master. Best way to prevent that is to have 2 or more trustworthy startum 2 peers to sync with.