Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
744
Views
0
Helpful
3
Replies

how to configure NTP on a router ?

writetonagendra
Level 1
Level 1

‎04-19-2014 05:00 AM - edited ‎03-04-2019 10:49 PM

Hello Everyone,

 

i have a router access list configured on both inbound and outbound interface, and i have a local NTP server in my network, now i want to router get time updated from that server ,  i know it is possiable but the quistion is that i have to permit  that NTP server in access list or not ? if yes then what is the process

 

Thanks

Nagendra

Labels:
0 Helpful
3 Replies 3

Lisa Latour
Level 6
Level 6

‎03-31-2015 09:11 AM

hello - I have just moved your post to the Topic forums - you had posted your question in an obscure, non-visible, promotional community.  Hopefully our community users will see your question now

0 Helpful

mattp0002
Level 1
Level 1

‎03-31-2015 10:36 AM

Nagendra,

 

Figure out which interface the traffic will leave the router towards the NTP server.  Just use the command "sh ip route X.X.X.X" where x.x.x.x is the ip address of the NTP server.  You will see an indication of which interface the traffic will egress the router.

Now, figure out what acls are applied on that egress interface.  Use the command "sh run int X" where X is the interface determined in step 1.  You might see both inbound and outbound ACLs.

Finally, modify those ACLs to permit traffic sourced from the router towards the NTP server on port 123.  You can specify which source ip the router should use for this query using the cisco command "ntp source X" where X is the interface name with the source IP you want the packets to be addressed from.

Of course, you will also need the router config line "ntp server X.X.X.X" to point it to the NTP time server too.

0 Helpful

milan.kulik
Level 10
Level 10
In response to mattp0002

‎04-01-2015 12:02 AM

Hi, as you can read here http://www.cisco.com/c/en/us/td/docs/ios/12_2/security/configuration/guide/fsecur_c/scfacls.html "Access lists that are applied to interfaces do not filter traffic that originates from that router." So you don't need to modify the outgoing ACL. You just need to permit the NTP (UDP 123) traffic sent from the server within your inbound ACL(s) applied on the interface(s) on which you can receive the NTP packets sent from the server. Best regards, Milan
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card