Community discussions

MikroTik App
 
RogerWilco
Member
Member
Topic Author
Posts: 434
Joined: Wed Feb 16, 2011 6:02 am
Location: Australia

NTP Client

Mon Jul 04, 2011 9:19 am

I've set up the NTP client as follows:
/system ntp client print
enabled: yes
mode: unicast
primary-ntp: 67.215.65.132
secondary-ntp: 67.215.65.132
poll-interval: 16s
active-server: 67.215.65.132
The time never updates on the router. Am I missing something?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: NTP Client

Mon Jul 04, 2011 9:29 am

configuration looks fine. the NTP client doesn't give any detailed status, uninstall the NTP package if you are not using it as a NTP server, and you will get SNTP client, which gives better status info:
Capture.PNG
You do not have the required permissions to view the files attached to this post.
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Nov 18, 2010 7:22 am
Location: Alberta, Canada

Re: NTP Client

Tue Jul 05, 2011 11:27 am

You didn't give much information about how your router is set up, but if you are using it as an AP within a local subnet you could be missing a default route or default gateway. Another possibility is firewall filter rules that are interfering.
 
RogerWilco
Member
Member
Topic Author
Posts: 434
Joined: Wed Feb 16, 2011 6:02 am
Location: Australia

Re: NTP Client

Wed Jul 06, 2011 3:50 am

Thanks Normis - done this but it doesn't ever update.

Here is some of my router details:
[admin@Lamp Post] > /ip  pool print detail 
 0 name="dhcp_pool1" ranges=192.168.88.3-192.168.88.254


[admin@Lamp Post] >> /ip dhcp-server print detail   
Flags: X - disabled, I - invalid 
 0   name="dhcp1" interface=ether1 lease-time=3d address-pool=dhcp_pool1 
     bootp-support=static authoritative=after-2sec-delay 


[admin@Lamp Post] >> /ip dhcp-server network print detail 
 0 address=192.168.88.0/24 gateway=192.168.88.1 
   dns-server=208.67.222.222,208.67.220.220


[admin@Lamp Post] >> /ip dns export 
# jan/02/1970 10:02:44 by RouterOS 5.2
# software id = V9I9-BAQY
#
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=208.67.222.222,208.67.222.220


[admin@Lamp Post] >> /ip address print detail 
Flags: X - disabled, I - invalid, D - dynamic 
 0   address=192.168.88.1/24 network=192.168.88.0 interface=ether1 
     actual-interface=ether1 

 1 D address=58.165.11.141/32 network=10.112.112.125 interface=BigPon
     actual-interface=BigPond


[admin@Lamp Post] >> /ip route print detail   
Flags: X - disabled, A - active, D - dynamic, 
C - connect, S - static, r - rip, b - bgp, o - ospf, m - mme, 
B - blackhole, U - unreachable, P - prohibit 
 0 ADS  dst-address=0.0.0.0/0 gateway=10.112.112.125 
        gateway-status=10.112.112.125 reachable BigPond distance=1 scope=30 
        target-scope=10 

 1 ADC  dst-address=10.112.112.125/32 pref-src=58.165.11.141 gateway=BigPond 
        gateway-status=BigPond reachable distance=0 scope=10 

 2 ADC  dst-address=192.168.88.1/24 pref-src=192.168.88.1 gateway=ether1 
        gateway-status=ether1 reachable distance=0 scope=10


[admin@Lamp Post] >> /interface print 
Flags: D - dynamic, X - disabled, R - running, S - slave 
 #     NAME                                            TYPE             MTU   
 0  R  ether1                                          ether            1500  
 1  R  BigPond


[admin@Lamp Post] >> /ip firewall export    
# jan/02/1970 10:04:59 by RouterOS 5.2
# software id = V9I9-BAQY
#
/ip firewall connection tracking
set enabled=yes generic-timeout=10m icmp-timeout=10s tcp-close-timeout=10s \
    tcp-close-wait-timeout=10s tcp-established-timeout=1d tcp-fin-wait-timeout
    10s tcp-last-ack-timeout=10s tcp-syn-received-timeout=5s \
    tcp-syn-sent-timeout=5s tcp-syncookie=no tcp-time-wait-timeout=10s \
    udp-stream-timeout=3m udp-timeout=10s
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=masquerade chain=srcnat disabled=no out-interface=BigPond
/ip firewall service-port
set ftp disabled=no ports=21
set tftp disabled=no ports=69
set irc disabled=no ports=6667
set h323 disabled=no
set sip disabled=no ports=5060,5061
set pptp disabled=no
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: NTP Client

Wed Jul 06, 2011 8:20 am

please show the SNTP client status. you can also enable debug logs and see what they say
 
RogerWilco
Member
Member
Topic Author
Posts: 434
Joined: Wed Feb 16, 2011 6:02 am
Location: Australia

Re: NTP Client

Wed Jul 06, 2011 8:56 am

Here is the SNTP client:
sntp.png
Here is the log:
log.png
it looks like to is working fine, but as you can see by the timestamp in the logs, it is not updating.
You do not have the required permissions to view the files attached to this post.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: NTP Client

Wed Jul 06, 2011 9:02 am

change the servers to something else from pool.ntp.org, see if the behavior changes. also have different addresses in primary and secondary
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Nov 18, 2010 7:22 am
Location: Alberta, Canada

Re: NTP Client

Wed Jul 06, 2011 11:43 am

It isn't clear to me why you need to masquerade in both directions. I haven't seen it done this way before.
/ip firewall nat
add action=masquerade chain=srcnat disabled=no out-interface=ether1
add action=masquerade chain=srcnat disabled=no out-interface=BigPond
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: NTP Client

Wed Jul 06, 2011 11:44 am

good catch, bburley. yes, masquerade should have one rule, out interface is the INTERNET
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Nov 18, 2010 7:22 am
Location: Alberta, Canada

Re: NTP Client

Wed Jul 06, 2011 11:57 am

I don't think this has anything to do with NTP but I think the second DNS should be 208.67.220.220
/ip dns
set allow-remote-requests=no cache-max-ttl=1w cache-size=2048KiB \
    max-udp-packet-size=512 servers=208.67.222.222,208.67.222.220
I also wonder why the network address doesn't match the IP address for the BigPon Interface. The use of interface=BigPon / actual-interface=BigPond suggests that something is configured in a way that I can't follow.
/ip address print detail 
Flags: X - disabled, I - invalid, D - dynamic 
0   address=192.168.88.1/24 network=192.168.88.0 interface=ether1 
     actual-interface=ether1 

1 D address=58.165.11.141/32 network=10.112.112.125 interface=BigPon
     actual-interface=BigPond
 
bburley
Frequent Visitor
Frequent Visitor
Posts: 80
Joined: Thu Nov 18, 2010 7:22 am
Location: Alberta, Canada

Re: NTP Client

Wed Jul 06, 2011 11:58 am

Thanks Normis :)
 
djmuk
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jan 18, 2010 8:48 pm

Re: NTP Client

Wed Jul 06, 2011 9:31 pm

I don't know the details of how bigpond is set up but the address / network on the bigpond interface looks 'wrong' - Normally the address wouldn't be a /32 but /29 or lower and the network would tally with the interface IP address.

Can't you use DHCP on the internet facing address?

Can users on the LAN get to the Internet?

Can you ping www.yahoo.com or an internet IP address from the mikrotik?

David
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: NTP Client

Wed Jul 06, 2011 10:34 pm

It's a PPP connection - they hand out /32s, and the network address/broadcast address/gateway can be on entirely unrelated interfaces. With a /32 the IP information is irrelevant since it's just a host address, the interface itself becomes the gateway.
 
djmuk
Frequent Visitor
Frequent Visitor
Posts: 54
Joined: Mon Jan 18, 2010 8:48 pm

Re: NTP Client

Wed Jul 06, 2011 11:18 pm

OK now I see...

Looks like the NTP server being used might be 'dead' - as suggested earlier try another pair from pool.ntp.org - if you use nslookup you should get the list of servers...

David
 
User avatar
petrn
Member Candidate
Member Candidate
Posts: 180
Joined: Thu Jul 29, 2010 3:56 am
Location: Dubai

Re: NTP Client

Thu Jul 07, 2011 12:17 am

Hi,

i have this script scheduled once in month or two:
# ROS V5.5
# once in some time lets use some other NTP servers
# pick your country code (but not all works):
:local region "us"
:local ntp1 [:resolve ("0.".$region.".pool.ntp.org")]
:local ntp2 [:resolve ("1.".$region.".pool.ntp.org")]
/system ntp client set primary-ntp=$ntp1 secondary-ntp=$ntp2
:log info ("NTP servers updated, ".$ntp1.", ".$ntp2)
 
RogerWilco
Member
Member
Topic Author
Posts: 434
Joined: Wed Feb 16, 2011 6:02 am
Location: Australia

Re: NTP Client

Thu Jul 07, 2011 1:15 am

Thanks for the help - I changed to another NTP IP and it works.
 
User avatar
elgo
Member Candidate
Member Candidate
Posts: 151
Joined: Sat Apr 02, 2011 2:34 am
Location: France

Re: NTP Client

Thu Jul 07, 2011 2:08 am

@petrn: thanks, great idea :)
 
jhonmarton
just joined
Posts: 1
Joined: Sun Apr 16, 2023 10:00 am

Re: NTP Client

Sun Apr 16, 2023 10:03 am

Based on the information you provided, it appears that you have correctly configured the NTP client on your router with the primary and secondary NTP servers set to 67.215.65.132, and a polling interval of 16 seconds. However, you mentioned that the time on the router never updates.

One thing you may want to check is if the NTP servers 67.215.65.132 are reachable and responding to NTP requests from your router. You can try pinging the NTP servers or using an NTP client tool to verify their availability. If the servers are not responding, you may need to update the NTP server addresses to valid and reachable NTP servers.

Additionally, make sure that the NTP client is enabled and running on your router. You can check the status of the NTP client using the "/system ntp client print" command to ensure that it is enabled and configured correctly or light is on

Who is online

Users browsing this forum: Amazon [Bot], esj, sybadi and 82 guests