[All About Switches]The Clock Information Cannot Be Synchronized When an AR Router Is Connected to Switch

Latest reply: Mar 16, 2018 00:54:33 931 1 0 0

Involved Products and Versions

All models and versions

Networking

An AR router is directly connected to an S series switch. The S series switch functions as the NTP server, and the AR router functions as the NTP client.

Fault Symptom

The AR router cannot perform clock synchronization, but other devices that function as NTP clients can synchronize the clock of the S series switch that functions as the NTP server.

Cause Analysis

After the configurations are checked, it is found that the configuration information is correct. The packet information shows that the length of the Authentication Code in the authentication packet sent from the AR router is different from that received by the S series switch. As a result, the AR router fails to be authenticated.

Troubleshooting Procedure

1.         Log in to the S series switch, and run the display current-configuration command in any view to check NTP configurations.

<Switch> display current-configuration | include  ntp   
ntp-service ipv6 server disable
ntp-service authentication enable
ntp-service authentication-keyid 10 authentication-mode hmac-sha256 cipher %^%#H)^t@$UR`'1@W&)ENpU4x!\RJ'SDT:}ajfBbE(\K%^%#
ntp-service reliable authentication-keyid 10
ntp-service refclock-master 12

2.         Log in to the AR router, and run the display current-configuration command in any view to check NTP configurations.

<AR> display current-configuration | include  ntp   
ntp-service authentication enable
ntp-service authentication-keyid 10 authentication-mode hmac-sha256 cipher %^%#ChUBUgXk=H^q[BBNtt\7.94AO]UUM51ar!/!PWE=%^%#
ntp-service reliable authentication-keyid 10
ntp-service unicast-server 172.22.24.33 authentication-keyid 10

3.         The result shows that configurations are correct. To ensure that the passwords are the same, run the command on the S series switch and AR router to reconfigure the passwords so that the passwords of the NTP server and the NTP client are the same. For example, run the following command on the S series switch (and the same command is run on the AR router):

<Switch> system-view  
[Switch] ntp-service authentication-keyid 10 authentication-mode hmac-sha256 cipher Hello123

4.         Set up the same environment as that on the live network in the lab and reproduce the problem. After the packet information on the switch is obtained and analyzed, it is found that when the server authenticates the synchronization packet of the client, the length of the Authentication Code in the packet is incorrect. That is, the length of the Authentication Code in the packet calculated using the hmac-sha256 algorithm is 36, but the number of bytes carried in the packet sent from the AR router is 20. The authentication fails because lengths are different.

5.         Install a patch on the AR router to keep the same length with the S series switch, and the problem is resolved.

Conclusions and Suggestions

When the S series switches are connected to other devices and configurations are correct, you can reproduce the problem in the lab and obtain interaction packet information for further analysis.

  • x
  • convention:

Admin Created Mar 16, 2018 00:54:33 Helpful(0) Helpful(0)

thanks
  • x
  • convention:

Come on!

Reply

Reply
You need to log in to reply to the post Login | Register

Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!

Login and enjoy all the member benefits

Login
Fast reply Scroll to top