SystemCCNA 200-301

NTP Stratum Too High — Devices Not Accepting as Server

Presenting Symptom

A client device configured with 'ntp server 192.168.1.10' shows 'ntp associations' with '~' (stratum too high) and the server is not accepted.

Network Context

Small branch office with a Cisco ISR 4321 router (IOS XE 16.9) acting as NTP server for 20 client switches. The router is synchronized to an external NTP server (pool.ntp.org) but clients report 'NTP stratum too high' and refuse to synchronize.

Diagnostic Steps

Check NTP associations on the server router

show ntp associations

  address         ref clock     st  when  poll reach  delay  offset  disp
*~192.168.1.10    .LOCL.          16    -    64    0     0.0    0.0    0.0
*~192.168.1.10    .LOCL.          16    -    64    0     0.0    0.0    0.0

The '~' indicates the peer is not synchronized (stratum 16). The server thinks its own stratum is 16, meaning it has no valid time source. This is the root cause: the router is not synchronized to any external NTP server.

Check NTP status on the server router

show ntp status

Clock is synchronized, stratum 16, reference is .LOCL.
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10
reference time is D8C9E4A0.00000000 (12:34:56.000 UTC Mon Jan 1 2024)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.00 msec, peer dispersion is 0.00 msec
loopfilter state is 'CTRL' (Normal Controlled Loop)

The router is synchronized to its own local clock (.LOCL.) at stratum 16. This means it is not receiving NTP from any external source. The router should be stratum 2 or 3 if it had an external source.

Verify NTP configuration on the server router

show running-config | include ntp

ntp server pool.ntp.org
ntp master 5

The router has both 'ntp server pool.ntp.org' and 'ntp master 5'. The 'ntp master 5' command overrides the external server and forces the router to act as an NTP master at stratum 5, but if the external server is reachable, the router should synchronize to it and become stratum 2. However, the output shows stratum 16, indicating the external server is unreachable or not responding.

Test connectivity to the external NTP server

ping pool.ntp.org

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 162.159.200.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 20/21/22 ms

Ping succeeds, so connectivity is not the issue. The problem is likely that the 'ntp master' command is preventing the router from synchronizing to the external server. When 'ntp master' is configured, the router ignores external NTP servers and uses its own clock.

Root Cause

The router is configured with both 'ntp server pool.ntp.org' and 'ntp master 5'. The 'ntp master' command forces the router to act as an authoritative NTP server using its local clock, overriding the external server. As a result, the router never synchronizes to the external source and remains at stratum 16 (unsynchronized). Clients see stratum 16 and reject the server because it is too high (stratum > 15 is considered invalid).

Resolution

Remove the 'ntp master' command to allow the router to synchronize to the external NTP server. If the router must act as a server for clients, it will automatically become stratum 2 after synchronizing. Commands: 1. Enter global configuration mode: configure terminal 2. Remove the ntp master command: no ntp master 3. (Optional) Ensure the ntp server command is present: ntp server pool.ntp.org 4. Exit and save: end write memory

Verification

Run 'show ntp status' to confirm synchronization: Clock is synchronized, stratum 2, reference is 162.159.200.1 nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**10 reference time is D8C9E4A0.00000000 (12:34:56.000 UTC Mon Jan 1 2024) clock offset is 0.0000 msec, root delay is 0.00 msec root dispersion is 0.00 msec, peer dispersion is 0.00 msec loopfilter state is 'CTRL' (Normal Controlled Loop) Then run 'show ntp associations' on the server: address ref clock st when poll reach delay offset disp *~162.159.200.1 .GPS. 1 47 64 377 20.0 0.5 1.0 * sys.peer, # selected, + candidate, - outlyer, ~ configured Clients should now see stratum 2 and synchronize.

Prevention

["Avoid using 'ntp master' unless the router is intended to be the primary time source (e.g., no external NTP available).","When using an external NTP server, do not configure 'ntp master' on the same device.","Always verify NTP synchronization with 'show ntp status' after configuration changes."]

CCNA Exam Relevance

On the CCNA 200-301 exam, this scenario tests understanding of NTP stratum levels and the interaction between 'ntp server' and 'ntp master' commands. Expect a troubleshooting question where you must identify why clients are not synchronizing, with multiple-choice options including 'stratum too high' or 'ntp master configured'. Key fact: A device configured with 'ntp master' will not synchronize to an external server; it becomes an authoritative source using its local clock.

Exam Tips

Remember that stratum 16 means unsynchronized; a valid NTP server must have stratum 15 or lower.

The 'ntp master' command overrides any 'ntp server' commands; they cannot coexist if you want external synchronization.

In the exam, look for 'show ntp associations' output with '~' (tilde) indicating a peer that is not synchronized.

Commands Used in This Scenario

show ntp associations

Displays the status of NTP associations configured on the device, used to verify NTP synchronization and identify time sources.

show ntp status

Displays the current NTP synchronization status, including clock stratum, reference clock, and synchronization state, used to verify NTP operation and clock accuracy.

show running-config

Displays the current active configuration in DRAM, showing all non-default settings.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions