Wednesday, August 14, 2013

Cisco CUCM NTP servers, VMWare, re-licensing and what NOT to do

Let's assume you have a Cisco CUCM server(s) setup to use public NTP servers.
Let's assume those servers are unreliable, have been retired or are unreachable and you want to change them in CUCM.
Let's also assume you are running in CUCM in VMWare and you realize changing the NTP servers will invalidate your licenses because the license MAC will change.
Let's assume rehosting the licenses might be time consuming, or for whatever reason, an issue.
Let's assume you know you could, but don't want to root the CUCM server to spoof the license MAC.

You know what I mean, right?

Here's a dirty little hack.

Use a voice gateway as your NTP master (you could use any device with a real clock):

; setup your time zone correctly
clock timezone EST -5
clock summer-time EDT recurring
; setup name look ups 
ip name-server
ip name-server
; setup some name servers
ntp server
ntp server
ntp server
; setup the gateway as an NTP master
ntp master 5
; add a loopback interface 
; use the address of the CUCM NTP server that's unreliable
interface Loopback10
ip address
; verify your NTP status
show ntp associations
show ntp status

If the voice gateway is not your CUCM's default gateway, add a route to your new time server (you could have just made the default gateway the NTP master, but let's say it's an old layer 3 switch without an internal clock):

; create a static route to the old unreliable NTP server
; and route it to the voice gateway address
ip route

You now are using an internal NTP  server (the voice gateway's loopback) that you have control over (courtesy of some basic routing), synching with a reliable list of public clocks, and don't have to fiddle with CUCM.

Maybe dirty. Definitely works. Go nuts.

1 comment: