What Happens When Your Cisco Switch Loses NTP Sync?

Network Time Protocol (NTP) is one of those foundational services we often set and forget. But what exactly happens to your downstream clients when a Cisco switch or switch stack acting as an NTP server loses the ability to sync with its own upstream NTP source?

How a Cisco switch answers incoming NTP queries during an upstream outage depends on how you've configured it, and to some extent, which version of Cisco IOS you are running. Let's break down the three primary scenarios.

1. The Default Behavior: Stratum 16

If you haven't explicitly configured a fallback mechanism, a switch that loses its upstream connection will fall back to its internal hardware clock. This default behavior is dictated by core NTP protocol standards (RFC 1305 and RFC 5905) and applies universally across legacy IOS, IOS-XE, and NX-OS platforms.

• The Response: The switch will start responding to incoming client queries with a stratum 16 reply.
• The Client Reaction: In the NTP world, stratum 16 translates to "unsynchronized" or "unreliable." Most clients will reject these answers, though exact behavior depends on each client’s configured minimum stratum requirements.
• What about Switch Stacks? In a stack environment, the behavior is consistent. Each member switch will continue to sync its time with the stack master, but all switches in the stack will respond to external incoming queries with that same stratum 16 response. This allows the stack to remain in sync so that it can continue to function, while not allowing the stack to propagate unreliable time to other devices.

2. Using ntp master

If you want to ensure your switch continues to hand out usable time to clients even when isolated from the wider time sync network, you can configure it as an NTP master. Like the default behavior, this command is widely supported across older 12.x/15.x IOS trains, modern IOS-XE, and NX-OS.

• The Configuration: ntp master [stratum]
• The Response: The switch still relies on its internal clock, but it will now answer queries authoritatively at the stratum level you define.
• The Client Reaction: If you don't specify a stratum number, the default is 7. Because this is well below the unusable stratum 16 threshold, most clients will accept this time and stay synced with it.

3. Using ntp orphan

For larger, more complex network topologies, such as environments with multiple core and edge switches, or redundant routers, the orphan mode is generally the preferred approach.

• The Configuration: ntp orphan [stratum]
• The Response: Similar to the ntp master command, the switch uses its internal clock and answers authoritatively at the configured stratum level.
• The Benefit: This mode is specifically designed to allow a group of isolated devices to sync to a single, elected "orphan parent" based on the orphan with the lowest IP address, keeping the local network’s time completely uniform even when entirely cut off from the internet or upstream data center. This ensures that you do not have multiple, unsyncronized masters propagating different, drifting times to different sets of downstream devices.
• Version Compatibility: Orphan mode is an NTP version 4 (NTPv4) feature. It requires IOS 15.1(2)T or 15.2(1)E and later. For newer hardware, it is fully supported from IOS-XE 3.1S onward (including the 16.x/17.x trains on Catalyst 3850/9000s) and is natively supported across NX-OS. If you are running legacy 12.x code, you will need to rely on ntp master instead.

Quick Troubleshooting Tip: If you suspect your switch is isolated, running the show ntp status command is your first line of defense. This will output the current sync status, your current stratum level, and the upstream NTP sources your switch or stack is looking at.

In conclusion, if your Cisco network equipment is being used to distribute the load of provinding NTP to your edge devices, it is often ideal to configure at least one of these options. Your particular circumstances will dictate which solution is most appropriate. I expect that in many small environments, ntp master will make the most sense, while ntp orphan will be more appropriate in more complex situations.

Happy synchronizing!