I don't see this problem with my AP22, I hand out my router IP as an ntp server via DHCP, looks like you don't as it's going off site.
A packet capture with a reboot of ap-1:-
12:29:38.760155 IP ap-1.xxxxxxxxxx.net.ntp > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:29:38.760340 IP pfsense.xxxxxxxxxx.net.ntp > ap-1.xxxxxxxxxx.net.ntp: UDP, length 48
12:29:40.757263 IP ap-1.xxxxxxxxxx.net.ntp > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:29:40.757361 IP pfsense.xxxxxxxxxx.net.ntp > ap-1.xxxxxxxxxx.net.ntp: UDP, length 48
12:29:42.757289 IP ap-1.xxxxxxxxxx.net.ntp > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:29:42.757423 IP pfsense.xxxxxxxxxx.net.ntp > ap-1.xxxxxxxxxx.net.ntp: UDP, length 48
12:29:44.757290 IP ap-1.xxxxxxxxxx.net.ntp > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:29:44.757448 IP pfsense.xxxxxxxxxx.net.ntp > ap-1.xxxxxxxxxx.net.ntp: UDP, length 48
12:30:26.597327 IP switch-1.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:30:26.597489 IP pfsense.xxxxxxxxxx.net.ntp > switch-1.xxxxxxxxxx.net.49152: UDP, length 48
12:33:09.119179 IP switch-3.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:33:09.119407 IP pfsense.xxxxxxxxxx.net.ntp > switch-3.xxxxxxxxxx.net.49152: UDP, length 48
12:47:30.599416 IP switch-1.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:47:30.599655 IP pfsense.xxxxxxxxxx.net.ntp > switch-1.xxxxxxxxxx.net.49152: UDP, length 48
12:50:13.119392 IP switch-3.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:50:13.119596 IP pfsense.xxxxxxxxxx.net.ntp > switch-3.xxxxxxxxxx.net.49152: UDP, length 48
12:51:07.177921 IP switch-2.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
12:51:07.178107 IP pfsense.xxxxxxxxxx.net.ntp > switch-2.xxxxxxxxxx.net.49152: UDP, length 48
13:04:34.601470 IP switch-1.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:04:34.601689 IP pfsense.xxxxxxxxxx.net.ntp > switch-1.xxxxxxxxxx.net.49152: UDP, length 48
13:07:17.119310 IP switch-3.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:07:17.119498 IP pfsense.xxxxxxxxxx.net.ntp > switch-3.xxxxxxxxxx.net.49152: UDP, length 48
13:08:11.161243 IP switch-2.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:08:11.161435 IP pfsense.xxxxxxxxxx.net.ntp > switch-2.xxxxxxxxxx.net.49152: UDP, length 48
13:21:38.603406 IP switch-1.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:21:38.603618 IP pfsense.xxxxxxxxxx.net.ntp > switch-1.xxxxxxxxxx.net.49152: UDP, length 48
13:24:21.119585 IP switch-3.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:24:21.119771 IP pfsense.xxxxxxxxxx.net.ntp > switch-3.xxxxxxxxxx.net.49152: UDP, length 48
13:25:15.144327 IP switch-2.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:25:15.144533 IP pfsense.xxxxxxxxxx.net.ntp > switch-2.xxxxxxxxxx.net.49152: UDP, length 48
13:38:42.605360 IP switch-1.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:38:42.605527 IP pfsense.xxxxxxxxxx.net.ntp > switch-1.xxxxxxxxxx.net.49152: UDP, length 48
13:41:25.119335 IP switch-3.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:41:25.119532 IP pfsense.xxxxxxxxxx.net.ntp > switch-3.xxxxxxxxxx.net.49152: UDP, length 48
13:42:19.127534 IP switch-2.xxxxxxxxxx.net.49152 > pfsense.xxxxxxxxxx.net.ntp: UDP, length 48
13:42:19.127766 IP pfsense.xxxxxxxxxx.net.ntp > switch-2.xxxxxxxxxx.net.49152: UDP, length 48
You can configure the Palo-Alto to hand out the NTP server.
------------------------------
Andy K
------------------------------
Original Message:
Sent: 01-08-2023 08:50 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests
OK - I guess nobody else has seen this before. I will contact tech support.
------------------------------
Jeffrey Hochberg
Original Message:
Sent: 12-20-2022 05:01 PM
From: Jeffrey Hochberg
Subject: APs Issuing Tons of NTP Timesync Requests
Hello!
I was reviewing my firewall logs while troubleshooting a completely unrelated issue. I noticed a large number of NTP queries from one of my Aruba InstantOn APs.
I own 2x AP11s and 2x AP22s. They all appear to be doing exactly the same thing. I've included a screenshot of the activity. Note the timestamp of the NTP query and how many look-ups there are per second? It's pretty insane! Screenshot below...
It would be nice if there was a way to connect to the AP via a console connection so I could try issuing an NTP query from one of the APs to see if there's some sort of issue with getting a response back from the NTP server being queried. I was able to use 'ntpdate' successfully from a Linux server that's on the same subnet.
Would someone else please take a look at their firewall logs to see how frequently they're performing NTP queries?
I wish there was a way to specify which NTP server(s) the APs query - I'd just point them to an internal NTP server.
Thanks in advance!
------------------------------
JeffH