Brett Verney

Deploy different NTP servers for Routers vs Switches

Hi all,


I have a customer that has uses the following NTP hierarchy at each one of their sites:


Access & Core switches --> WAN Router --> Domain Controllers in central DC.


As in - each sites switches use the local WAN router as an NTP server, and the WAN routers all use the Domain Controllers in the DC as their NTP servers.


Under my 'Network Hierarchy', the routers and switches at each location are assigned to their appropriate 'site' which have a common NTP server configuration. It looks to me that the same NTP server configuration will be deployed to all devices within a site folder.


How do I deploy different NTP server configuration for routers under each site?




VIP Master

is this sites are in same region or different Geo locaiton ? If they are same Location.


how is this WAN Router connected to HQ ? you should have Centralised  NTP Server, where you can sync time to all.


Either you can setiup small NTP Server on your HQ (using Linux  or  in Router interfacing use Public NTP server as source)


and all your internal network of WAN uses that  same, and Local network use WAN router as NTP Server


is this make sense ?


example :


Internet -- WAN - HQ (NTP Servers) --- WAN1  --- Local network

                                                               --- WAN2   - Local network


So on




Preston Chilcote
Cisco Employee

The cleanest idea that comes to mind is to keep your site hierarchy organized geographically, and specify the wan router as the NTP server in Design settings.  Yes, this means the router will have an NTP server pointing to itself, but, you would use a configuration template (and a router network profile) in DNA to configure an additional NTP server for the WAN.  Based on strata or the "prefer" keyword, I don't think it's too hard to get the Router to use the NTP server of your choosing even if multiple servers are configured.


If you're thinking that you can also use the configuration template to UNDO the NTP server that is specific in Design settings, it's worth a test, but I'm not sure what the order of operations is.  Does DNA apply the configuration template commands before the commands generated from design settings?  


If the router happens to be in its own building or floor, then the answer is trivial.  Just specify the NTP server pointing at the DC for that building or floor in the site hierarchy in design settings.  Then it will no longer inherit the NTP server you gave for the rest of the site hierarchy.