Community discussions

 
RogerWilco
Member Candidate
Member Candidate
Topic Author
Posts: 257
Joined: Wed Feb 16, 2011 7:02 am
Reputation: 2
Location: Australia

NTP Client

Mon Jul 04, 2011 9:19 am

I've set up the NTP client as follows:
/system ntp client print
enabled: yes
mode: unicast
primary-ntp: 67.215.65.132
secondary-ntp: 67.215.65.132
poll-interval: 16s
active-server: 67.215.65.132


The time never updates on the router. Am I missing something?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 21501
Joined: Fri May 28, 2004 11:04 am
Reputation: 190
Location: Riga, Latvia

Re: NTP Client

Mon Jul 04, 2011 9:29 am

configuration looks fine. the NTP client doesn't give any detailed status, uninstall the NTP package if you are not using it as a NTP server, and you will get SNTP client, which gives better status info:

Capture.PNG
Capture.PNG (20.38 KiB) Viewed 1568 times
No answer to your question? How to write posts
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Nov 18, 2010 8:22 am
Reputation: 0
Location: Alberta, Canada

Re: NTP Client

Tue Jul 05, 2011 11:27 am

You didn't give much information about how your router is set up, but if you are using it as an AP within a local subnet you could be missing a default route or default gateway. Another possibility is firewall filter rules that are interfering.
 
RogerWilco
Member Candidate
Member Candidate
Topic Author
Posts: 257
Joined: Wed Feb 16, 2011 7:02 am
Reputation: 2
Location: Australia

Re: NTP Client

Wed Jul 06, 2011 3:50 am

Thanks Normis - done this but it doesn't ever update.

Here is some of my router details:
[admin@Lamp Post] > /ip  pool print detail 
 0 name="dhcp_pool1" ranges=192.168.88.3-192.168.88.254


[admin@Lamp Post] >> /ip dhcp-server print detail   
Flags: X - disabled, I - invalid
 0   name="dhcp1" interface=ether1 lease-time=3d address-pool=dhcp_pool1
     bootp-support=static authoritative=after-2sec-delay


[admin@Lamp Post] >> /ip dhcp-server network print detail
 0 address=192.168.88.0/24 gateway=192.168.88.1
   dns-server=208.67.222.222,208.67.220.220


[admin@Lamp Post] >> /ip dns export
# jan/02/1970 10:02:44 by RouterOS 5.2
# software id = V9I9-BAQY
#
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=208.67.222.222,208.67.222.220


[admin@Lamp Post] >> /ip address print detail
Flags: X - disabled, I - invalid, D - dynamic
 0   address=192.168.88.1/24 network=192.168.88.0 interface=ether1
     actual-interface=ether1

 1 D address=58.165.11.141/32 network=10.112.112.125 interface=BigPon
     actual-interface=BigPond


[admin@Lamp Post] >> /ip route print detail   
Flags: X - disabled, A - active, D - dynamic,
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme,
B - blackhole, U - unreachable, P - prohibit
 0 ADS  dst-address=0.0.0.0/0 gateway=10.112.112.125
        gateway-status=10.112.112.125 reachable BigPond distance=1 scope=30
        target-scope=10

 1 ADC  dst-address=10.112.112.125/32 pref-src=58.165.11.141 gateway=BigPond
        gateway-status=BigPond reachable distance=0 scope=10

 2 ADC  dst-address=192.168.88.1/24 pref-src=192.168.88.1 gateway=ether1
        gateway-status=ether1 reachable distance=0 scope=10


[admin@Lamp Post] >> /interface print
Flags: D - dynamic, X - disabled, R - running, S - slave
 #     NAME                                            TYPE             MTU   
 0  R  ether1                                          ether            1500 
 1  R  BigPond


[admin@Lamp Post] >> /ip firewall export   
# jan/02/1970 10:04:59 by RouterOS 5.2
# software id = V9I9-BAQY
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout
    10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
    udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=masquerade chain=srcnat disabled=no out-interface=BigPond
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 21501
Joined: Fri May 28, 2004 11:04 am
Reputation: 190
Location: Riga, Latvia

Re: NTP Client

Wed Jul 06, 2011 8:20 am

please show the SNTP client status. you can also enable debug logs and see what they say
No answer to your question? How to write posts
 
RogerWilco
Member Candidate
Member Candidate
Topic Author
Posts: 257
Joined: Wed Feb 16, 2011 7:02 am
Reputation: 2
Location: Australia

Re: NTP Client

Wed Jul 06, 2011 8:56 am

Here is the SNTP client:
sntp.png
sntp.png (9.5 KiB) Viewed 1504 times


Here is the log:
log.png
log.png (4.75 KiB) Viewed 1504 times


it looks like to is working fine, but as you can see by the timestamp in the logs, it is not updating.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 21501
Joined: Fri May 28, 2004 11:04 am
Reputation: 190
Location: Riga, Latvia

Re: NTP Client

Wed Jul 06, 2011 9:02 am

change the servers to something else from pool.ntp.org, see if the behavior changes. also have different addresses in primary and secondary
No answer to your question? How to write posts
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Nov 18, 2010 8:22 am
Reputation: 0
Location: Alberta, Canada

Re: NTP Client

Wed Jul 06, 2011 11:43 am

It isn't clear to me why you need to masquerade in both directions. I haven't seen it done this way before.

/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=masquerade chain=srcnat disabled=no out-interface=BigPond
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 21501
Joined: Fri May 28, 2004 11:04 am
Reputation: 190
Location: Riga, Latvia

Re: NTP Client

Wed Jul 06, 2011 11:44 am

good catch, bburley. yes, masquerade should have one rule, out interface is the INTERNET
No answer to your question? How to write posts
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Nov 18, 2010 8:22 am
Reputation: 0
Location: Alberta, Canada

Re: NTP Client

Wed Jul 06, 2011 11:57 am

I don't think this has anything to do with NTP but I think the second DNS should be 208.67.220.220

/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=208.67.222.222,208.67.222.220


I also wonder why the network address doesn't match the IP address for the BigPon Interface. The use of interface=BigPon / actual-interface=BigPond suggests that something is configured in a way that I can't follow.

/ip address print detail 
Flags: X - disabled, I - invalid, D - dynamic
0   address=192.168.88.1/24 network=192.168.88.0 interface=ether1
     actual-interface=ether1

1 D address=58.165.11.141/32 network=10.112.112.125 interface=BigPon
     actual-interface=BigPond
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Thu Nov 18, 2010 8:22 am
Reputation: 0
Location: Alberta, Canada

Re: NTP Client

Wed Jul 06, 2011 11:58 am

Thanks Normis :)
 
djmuk
newbie
Posts: 43
Joined: Mon Jan 18, 2010 9:48 pm
Reputation: 0

Re: NTP Client

Wed Jul 06, 2011 9:31 pm

I don't know the details of how bigpond is set up but the address / network on the bigpond interface looks 'wrong' - Normally the address wouldn't be a /32 but /29 or lower and the network would tally with the interface IP address.

Can't you use DHCP on the internet facing address?

Can users on the LAN get to the Internet?

Can you ping www.yahoo.com or an internet IP address from the mikrotik?

David
 
fewi
Forum Guru
Forum Guru
Posts: 7734
Joined: Tue Aug 11, 2009 3:19 am
Reputation: 18

Re: NTP Client

Wed Jul 06, 2011 10:34 pm

It's a PPP connection - they hand out /32s, and the network address/broadcast address/gateway can be on entirely unrelated interfaces. With a /32 the IP information is irrelevant since it's just a host address, the interface itself becomes the gateway.
Specific answers require specific questions. When in doubt, post the output of "/ip address print detail", "/ip route print detail", "/interface print detail", "/ip firewall export", and an accurate network diagram.
 
djmuk
newbie
Posts: 43
Joined: Mon Jan 18, 2010 9:48 pm
Reputation: 0

Re: NTP Client

Wed Jul 06, 2011 11:18 pm

OK now I see...

Looks like the NTP server being used might be 'dead' - as suggested earlier try another pair from pool.ntp.org - if you use nslookup you should get the list of servers...

David
 
petrn
Member Candidate
Member Candidate
Posts: 179
Joined: Thu Jul 29, 2010 3:56 am
Reputation: 0

Re: NTP Client

Thu Jul 07, 2011 12:17 am

Hi,

i have this script scheduled once in month or two:

# ROS V5.5
# once in some time lets use some other NTP servers
# pick your country code (but not all works):
:local region "us"
:local ntp1 [:resolve ("0.".$region.".pool.ntp.org")]
:local ntp2 [:resolve ("1.".$region.".pool.ntp.org")]
/system ntp client set primary-ntp=$ntp1 secondary-ntp=$ntp2
:log info ("NTP servers updated, ".$ntp1.", ".$ntp2)
Petr
 
RogerWilco
Member Candidate
Member Candidate
Topic Author
Posts: 257
Joined: Wed Feb 16, 2011 7:02 am
Reputation: 2
Location: Australia

Re: NTP Client

Thu Jul 07, 2011 1:15 am

Thanks for the help - I changed to another NTP IP and it works.
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Reputation: 0
Location: France

Re: NTP Client

Thu Jul 07, 2011 2:08 am

@petrn: thanks, great idea :)
RB450G - OpenWrt (so much more stable than with routerOS)
-> now: UBNT EdgeRouter Lite

(very unlikely to be MT customer again in the future)

Who is online

Users browsing this forum: No registered users and 23 guests