cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

124
Views
0
Helpful
4
Replies
Enthusiast

NTP Design

I am struggling to decide on an NTP design. The way I understand it is Cisco ASA cannot be NTP server only NTP client. Routers can act as NTP masters. 

 

If you select "ntp master 1" and set ntp on the router to look at NIST, will this work? Are NIST server stratum 0?

 

4 REPLIES 4
Collaborator

Re: NTP Design

 

 - You don't necessarily need a stratum 0 server to connect with. Chaining up with the NTP servers provides by your ISP (or advised) will usually be sufficient.

 M.

VIP Advisor

Re: NTP Design

I agreed with other post, you not required to set number after master, basic to setup NTP master

 

setup clock

ntp server x.x.x.x prefer (if you want to get source from)

ntp server x.x.x.y you can alternative in the case above fails

ntp master - this act as a server

 

you can also have ACL to filter for the clients to use as master ntp.

BB
*** Rate All Helpful Responses ***
Enthusiast

Re: NTP Design

So what I want to do is have all my SVIs on my Core switches be the NTP point for all my network devices and non windows client things. Then I want my core switches to look to my edge firewall, then my edge firewall look to NIST. I feel like I do not have to set my core switches as master, but you cannot set ASA is NTP server.
VIP Advisor

Re: NTP Design

If you do not like your Core Switch as Master, you can set up any small Linux or raspberry pi as NTP Server in your DMZ / Inside network for your NTP MAster, and NTP Server for your device. ( Since ASA can not be NTP Server for security reasons.)

 

If your NTP Server inside your network, make sure you have relevant ACL in place for getting NTP updates from the Internet.

 

 

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards