Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1378
Views
0
Helpful
4
Replies

NTP Design

Steven Williams
Level 4
Level 4

‎10-21-2019 07:49 AM

I am struggling to decide on an NTP design. The way I understand it is Cisco ASA cannot be NTP server only NTP client. Routers can act as NTP masters. 

 

If you select "ntp master 1" and set ntp on the router to look at NIST, will this work? Are NIST server stratum 0?

 

Labels:
0 Helpful
4 Replies 4

marce1000
VIP
VIP

‎10-21-2019 07:55 AM

 

 - You don't necessarily need a stratum 0 server to connect with. Chaining up with the NTP servers provides by your ISP (or advised) will usually be sufficient.

 M.



-- ' 'Good body every evening' ' this sentence was once spotted on a logo at the entrance of a Weight Watchers Club !
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎10-21-2019 08:36 AM

I agreed with other post, you not required to set number after master, basic to setup NTP master

 

setup clock

ntp server x.x.x.x prefer (if you want to get source from)

ntp server x.x.x.y you can alternative in the case above fails

ntp master - this act as a server

 

you can also have ACL to filter for the clients to use as master ntp.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Steven Williams
Level 4
Level 4
In response to balaji.bandi

‎10-21-2019 08:39 AM

So what I want to do is have all my SVIs on my Core switches be the NTP point for all my network devices and non windows client things. Then I want my core switches to look to my edge firewall, then my edge firewall look to NIST. I feel like I do not have to set my core switches as master, but you cannot set ASA is NTP server.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Steven Williams

‎10-21-2019 09:15 AM

If you do not like your Core Switch as Master, you can set up any small Linux or raspberry pi as NTP Server in your DMZ / Inside network for your NTP MAster, and NTP Server for your device. ( Since ASA can not be NTP Server for security reasons.)

 

If your NTP Server inside your network, make sure you have relevant ACL in place for getting NTP updates from the Internet.

 

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents