09-02-2019 07:28 AM
hi,
I would like to configure 2 of my 4k routers as ntp servers for my private network.
I have also 5 NTP GPS where my 4k routers are synchronised on.
So the "sh ntp ass" on 4k routers tells me ref clock GPS and strate 1 on 5 lines.
To configure my both 4k routers as NTP server, do I need just to enter :
ntp master 2
and if I want to limit access to the NTP server delivered by 4k routers only for my private network, I suppose I need to add ACL somewhere to allow only my private networks ?
How to do that please.
Thanks for your help.
Nicolas
Solved! Go to Solution.
09-03-2019 07:08 AM
Glad it all working as expected, can we mark as solution if this is resolved ?
09-02-2019 07:57 AM - edited 09-02-2019 07:58 AM
If you like to setup NTP Server
example config :
clock timezone GMT
clock summer-time
GMTrecurring
clock calendar-valid
ntp master X <<-- example
here is ACL
access-list 10 permit 10.10.10.10 << -- NTP client IP
ntp master
ntp access-group peer 10
09-02-2019 11:31 AM
Nicolas
I probably do not fully understand your question but it seem pretty straight forward to me. If your 4K is learning valid NTP time from at least one stratum 1 master then your 4K can act as NTP server for other devices and there is no need to configure ntp master on your 4K. If there is something in your question that I am not understanding correctly then please provide clarification.
HTH
Rick
09-03-2019 12:13 AM - edited 09-03-2019 01:07 AM
hi Richard,
yes maybe I was not clear enough.
I have 2x 4k routers in my datacenter.
We had built 2x VM as NTP server but NTP on VM is not a good idea, there are too much drifts and NTP on hypervisor is not something recommended.
Si I had an idea to switch NTP service on 4k routers. They will be used to synchronize all my DC (servers, switch, LB...).
My 4 routers are connected on internet and for sure I don't want them to be used as NTP for internet, juste for my DC (rfc1918).
I made some tests and I can confirm, no need to add "ntp master" command, I just complete my ACL to limit usage... it works well
Nicolas
09-03-2019 04:55 AM
Nicolas
Thank you for the explanation. What you are doing does seem reasonable, especially given the explanation about NTP on the VMs. I am glad that it is working well.
HTH
Rick
09-03-2019 07:08 AM
Glad it all working as expected, can we mark as solution if this is resolved ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide