cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
586
Views
0
Helpful
5
Replies
Highlighted
Beginner

configure 4k as ntp server

hi,
I would like to configure 2 of my 4k routers as ntp servers for my private network.
I have also 5 NTP GPS where my 4k routers are synchronised on.
So the "sh ntp ass" on 4k routers tells me ref clock GPS and strate 1 on 5 lines.

To configure my both 4k routers as NTP server, do I need just to enter :
ntp master 2


and if I want to limit access to the NTP server delivered by 4k routers only for my private network, I suppose I need to add ACL somewhere to allow only my private networks ?
How to do that please.

Thanks for your help.

Nicolas

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted

Glad it all working as expected, can we mark as solution if this is resolved ?



BB


*** Rate All Helpful Responses ***

View solution in original post

5 REPLIES 5
Highlighted
VIP Expert

If you like to setup NTP Server

example config :

 

clock timezone GMT
clock summer-time GMT recurring
clock calendar-valid
ntp master X  <<-- example

 

here is ACL

 

access-list 10 permit 10.10.10.10  << -- NTP client IP
ntp master
ntp access-group peer 10

 



BB


*** Rate All Helpful Responses ***

Highlighted
Hall of Fame Guru

Nicolas

 

I probably do not fully understand your question but it seem pretty straight forward to me. If your 4K is learning valid NTP time from at least one stratum 1 master then your 4K can act as NTP server for other devices and there is no need to configure ntp master on your 4K. If there is something in your question that I am not understanding correctly then please provide clarification.

 

HTH

 

Rick

HTH

Rick
Highlighted

hi Richard,

yes maybe I was not clear enough.

I have 2x 4k routers in my datacenter.

We had built 2x VM as NTP server but NTP on VM is not a good idea, there are too much drifts and NTP on hypervisor is not something recommended.

 

Si I had an idea to switch NTP service on 4k routers. They will be used to synchronize all my DC (servers, switch, LB...).

My 4 routers are connected on internet and for sure I don't want them to be used as NTP for internet, juste for my DC (rfc1918).

 

I made some tests and I can confirm, no need to add "ntp master" command, I just complete my ACL to limit usage... it works well

 

Nicolas

Highlighted

Nicolas

 

Thank you for the explanation. What you are doing does seem reasonable, especially given the explanation about NTP on the VMs. I am glad that it is working well.

 

HTH

 

Rick

HTH

Rick
Highlighted

Glad it all working as expected, can we mark as solution if this is resolved ?



BB


*** Rate All Helpful Responses ***

View solution in original post