I would like to configure 2 of my 4k routers as ntp servers for my private network.
I have also 5 NTP GPS where my 4k routers are synchronised on.
So the "sh ntp ass" on 4k routers tells me ref clock GPS and strate 1 on 5 lines.
To configure my both 4k routers as NTP server, do I need just to enter :
ntp master 2
and if I want to limit access to the NTP server delivered by 4k routers only for my private network, I suppose I need to add ACL somewhere to allow only my private networks ?
How to do that please.
Thanks for your help.
Solved! Go to Solution.
If you like to setup NTP Server
example config :
clock timezone GMT
ntp master X <<-- example
here is ACL
access-list 10 permit 10.10.10.10 << -- NTP client IP
ntp access-group peer 10
I probably do not fully understand your question but it seem pretty straight forward to me. If your 4K is learning valid NTP time from at least one stratum 1 master then your 4K can act as NTP server for other devices and there is no need to configure ntp master on your 4K. If there is something in your question that I am not understanding correctly then please provide clarification.
yes maybe I was not clear enough.
I have 2x 4k routers in my datacenter.
We had built 2x VM as NTP server but NTP on VM is not a good idea, there are too much drifts and NTP on hypervisor is not something recommended.
Si I had an idea to switch NTP service on 4k routers. They will be used to synchronize all my DC (servers, switch, LB...).
My 4 routers are connected on internet and for sure I don't want them to be used as NTP for internet, juste for my DC (rfc1918).
I made some tests and I can confirm, no need to add "ntp master" command, I just complete my ACL to limit usage... it works well
Thank you for the explanation. What you are doing does seem reasonable, especially given the explanation about NTP on the VMs. I am glad that it is working well.