Hi,

Thanks for the response.

I did the following changes:

ntp source ?
AccessTunnel Access Tunnel interface
AppGigabitEthernet App-hosting Gigabit Ethernet
Auto-Template Auto-Template interface
BDI Bridge-Domain interface
Bluetooth Bluetooth interface
CEM-PG Circuit Emulation interface with Protection group
CEOBC Cluster EOBC Interface
FortyGigabitEthernet Forty Gigabit Ethernet
GMPLS MPLS interface
GigabitEthernet GigabitEthernet IEEE 802.3z
InternalInterface Internal Interface
L2LISP L2 Locator/ID Separation Protocol Virtual Interface
LISP Locator/ID Separation Protocol Virtual Interface
Loopback Loopback interface
Lspvif LSP virtual interface
Null Null interface
PROTECTION_GROUP Protection-group controller
Port-channel Ethernet Channel of interfaces
SDH_ACR Virtual SDH-ACR controller
SERIAL-ACR Serial interface with ACR
Serial-PG Serial interface with Protection Group
TLS-VIF TLS Virtual Interface
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Tunnel-tp MPLS Transport Profile interface
TwentyFiveGigE Twenty Five Gigabit Ethernet
VirtualPortGroup Virtual Port Group
Vlan Catalyst Vlans
nve Network virtualization endpoint interface

X02YAL11UH001-KF001-(config)#ntp source vlan ?
<1-4094> Vlan interface number

X02YAL11UH001-KF001-(config)#ntp source vlan 403
X02YAL11UH001-KF001-(config)#do wr

But the firewall does not receive any packets from vlan 403.

Vlan 403 must be l3 and have IP and UP

In asa interface connect to SW

Capture CAP interface <interface name> match ip host <vpan403> any 

Then 

Show capture CAP

See if there is traffic toward asa or not

MHM

Hi,

The FW does not respond to the capture.

Result of the command: "capture cap eth 1/13 match ip host vlan 403 any"

capture cap eth 1/13 match ip host vlan 403 any
^
ERROR: % Invalid input detected at '^' marker.

Can you please help me correct it?

 "capture cap eth 1/13 match ip host vlan 403 any"

You need to use vlan403 ip not it name' I write it name because I dont know IP

MHM

Hi ,

Thank you for the suggestion.

The interface on the FW had a name and the "?" prompted me to use the name.

Please check the output:

sh cap
capture cap type raw-data interface Utility&Radio [Capturing - 212 bytes]
match ip host 10.169.29.193 any

sh capture cap

3 packets captured

1: 15:53:05.412225 10.169.29.193.123 > 10.169.24.11.123: udp 48
2: 15:53:42.411416 10.169.29.193.123 > 10.169.24.12.123: udp 48
3: 15:54:12.411447 10.169.29.193.123 > 10.169.24.11.123: udp 48

Looks like we do have the packets sent but the logging monitor does not show these packets.

now we finish this part, do same but other direction 
match ip any host 10.169.29.193

MHM

Hi,
please check output below:

No capture <name of capture>

Now we totally know that the NTP is send NTP to SW using interface we specify.

I.e. there is connection between NTP and SW'

And I think that answer your Q about using specific IP to connect to NTP.

Did you face issue with NTP?

MHM

yes the clock is still not synchronized. 
I can see the configured IPs in the show ntp associations but in the show ntp status I get a message that clock is not synchronized,no reference clock set.

share 
show ntp status <<-

let take look 

MHM

Below is the output:

last think before I run lab for this case 
debug ntp packet <<- in SW share this

MHM

Thank you for the support.

Output of debug :

X02YAL11UH001-KF001-SW#debug ntp packet
NTP packets debugging is on
X02YAL11UH001-KF001-SW#
*Apr 26 11:07:43.694 UTC: NTP: ntpio_send_ipv4: dst 10.169.24.11, src 0.0.0.0, if_out Vlan403
*Apr 26 11:07:43.694 UTC: NTP message sent to 10.169.24.11, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:07:58.694 UTC: NTP: ntpio_send_ipv4: dst 10.169.24.12, src 0.0.0.0, if_out Vlan403
*Apr 26 11:07:58.694 UTC: NTP message sent to 10.169.24.12, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:14.045 UTC: NTP message received from 10.169.29.196 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:14.046 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.196, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:14.046 UTC: NTP message sent to 10.169.29.196, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:15.045 UTC: NTP message received from 10.169.29.196 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:15.045 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.196, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:15.045 UTC: NTP message sent to 10.169.29.196, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:16.046 UTC: NTP message received from 10.169.29.196 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:16.046 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.196, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:16.046 UTC: NTP message sent to 10.169.29.196, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:17.046 UTC: NTP message received from 10.169.29.196 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:17.046 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.196, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:17.046 UTC: NTP message sent to 10.169.29.196, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:18.046 UTC: NTP message received from 10.169.29.196 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:18.046 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.196, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:18.046 UTC: NTP message sent to 10.169.29.196, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:19.045 UTC: NTP message received from 10.169.29.196 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:19.046 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.196, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:19.046 UTC: NTP message sent to 10.169.29.196, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:37.669 UTC: NTP message received from 10.169.29.201 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:37.669 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.201, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:37.669 UTC: NTP message sent to 10.169.29.201, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:38.669 UTC: NTP message received from 10.169.29.201 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:38.669 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.201, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:38.669 UTC: NTP message sent to 10.169.29.201, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:39.646 UTC: NTP message received from 10.169.29.197 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:39.646 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.197, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:39.646 UTC: NTP message sent to 10.169.29.197, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:39.670 UTC: NTP message received from 10.169.29.201 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:39.670 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.201, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:39.670 UTC: NTP message sent to 10.169.29.201, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:40.646 UTC: NTP message received from 10.169.29.197 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:40.646 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.197, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:40.646 UTC: NTP message sent to 10.169.29.197, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:40.669 UTC: NTP message received from 10.169.29.201 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:40.669 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.201, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:40.669 UTC: NTP message sent to 10.169.29.201, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:41.647 UTC: NTP message received from 10.169.29.197 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:41.647 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.197, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:41.647 UTC: NTP message sent to 10.169.29.197, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:41.670 UTC: NTP message received from 10.169.29.201 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:41.670 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.201, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:41.670 UTC: NTP message sent to 10.169.29.201, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:42.646 UTC: NTP message received from 10.169.29.197 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:42.646 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.197, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:42.646 UTC: NTP message sent to 10.169.29.197, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:42.669 UTC: NTP message received from 10.169.29.201 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:42.669 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.201, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:42.669 UTC: NTP message sent to 10.169.29.201, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:43.647 UTC: NTP message received from 10.169.29.197 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:43.647 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.197, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:43.648 UTC: NTP message sent to 10.169.29.197, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:44.646 UTC: NTP message received from 10.169.29.197 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:44.646 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.197, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:44.646 UTC: NTP message sent to 10.169.29.197, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:50.694 UTC: NTP: ntpio_send_ipv4: dst 10.169.24.11, src 0.0.0.0, if_out Vlan403
*Apr 26 11:08:50.694 UTC: NTP message sent to 10.169.24.11, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:59.440 UTC: NTP message received from 10.169.29.198 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:08:59.440 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.198, src 10.169.29.193, if_out Vlan403
*Apr 26 11:08:59.440 UTC: NTP message sent to 10.169.29.198, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:00.440 UTC: NTP message received from 10.169.29.198 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:00.440 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.198, src 10.169.29.193, if_out Vlan403
*Apr 26 11:09:00.440 UTC: NTP message sent to 10.169.29.198, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:01.440 UTC: NTP message received from 10.169.29.198 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:01.440 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.198, src 10.169.29.193, if_out Vlan403
*Apr 26 11:09:01.440 UTC: NTP message sent to 10.169.29.198, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:02.439 UTC: NTP message received from 10.169.29.198 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:02.439 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.198, src 10.169.29.193, if_out Vlan403
*Apr 26 11:09:02.439 UTC: NTP message sent to 10.169.29.198, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:03.439 UTC: NTP message received from 10.169.29.198 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:03.439 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.198, src 10.169.29.193, if_out Vlan403
*Apr 26 11:09:03.440 UTC: NTP message sent to 10.169.29.198, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:04.440 UTC: NTP message received from 10.169.29.198 on interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:04.441 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.198, src 10.169.29.193, if_out Vlan403
*Apr 26 11:09:04.441 UTC: NTP message sent to 10.169.29.198, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:05.693 UTC: NTP: ntpio_send_ipv4: dst 10.169.24.12, src 0.0.0.0, if_out Vlan403
*Apr 26 11:09:05.693 UTC: NTP message sent to 10.169.24.12, from interface 'Vlan403' (10.169.29.193).
*Apr 26 11:09:10.500 UTC: NTP message received from 10.169.29.200 on interface 'Vlan401' (10.169.29.1).
*Apr 26 11:09:10.500 UTC: NTP: ntpio_send_ipv4: dst 10.169.29.200, src 10.169.29.1, if_out Vlan401
*Apr 26 11:09:10.500 UTC: NTP message sent to 10.169.29.200, from interface 'Vlan401' (10.169.29.1).

I see that we are requesting for NTP on 10.169.29.193 (VLAN 403) but the reply is sent to 10.169.29.1 (VLAN 401).