In FortiSwitch, the following commands can be used for NTP configuration:

show switch ntp

config system ntp
    config ntpserver

        edit 1
            set server "ntp1.fortinet.net"
        next
    end
    set ntpsync enable
end

After a while, new NTP server information may appear. However, no logs (such as from the command execute log display) will be generated on the FortiSwitch to indicate how the NTP server was added.

For example:

config system ntp
    config ntpserver
        edit 1
            set server "ntp1.fortinet.net"
        next

        edit 2
            set server "test.net"
        next
    end
    set ntpsync enable
end

Reason:

This behavior occurs when the FortiSwitch receives NTP server information via DHCP option 42 in a DHCP ACK packet.

Challenges posed by this behavior:

If multiple interfaces of the switch are using DHCP servers to obtain IP addresses, and each DHCP server provides different NTP server addresses in option 42 within different scopes, or if there are multiple DHCP servers with different NTP server addresses, the following issue arises:

Whenever any interface receives a DHCP ACK packet (whether due to initial DHCP handshaking, renewal, or rebinding), the latest NTP server address from option 42 will overwrite the previous NTP configuration on the switch. For instance, if the previous configuration had four NTP servers and the new DHCP ACK packet includes only one NTP server, the new address will overwrite the first NTP server in the configuration, while the remaining NTP server configurations will remain unchanged.

Solution:

• Disable option 42 from sending NTP information to the DHCP server.
• Ensure that NTP information is consistently received from a single DHCP server.