04-24-2024 06:35 AM
Hi All,
I have a couple of C9300 L3 switches that are connecting to an ASA firewall. The NTP and the syslog server for the switches are located behind a firewall.
When one of the switches request/send packets the gateway IP is the source address on the Firewall (which is normal behavior).
Is there an option to add the Management IP of the switch while sending/receiving such packets?
Thanks.
Solved! Go to Solution.
04-26-2024 04:15 AM
Sorry please ignore my last statement as that is not the case.
04-26-2024 04:18 AM
Not all NTP receive in vlan401
Can I see SW NTP config
MHM
04-26-2024 04:22 AM
Yes I agree.
04-26-2024 06:11 AM
Hi,
Thank you for the continuous support and feedback.The issue has been resolved.
We have 2 firewalls North and South,what we were looking at the whole time was the North Firewall.
The South FW was the one that was denying traffic and now I allowed traffic on it.Clock has been set
04-24-2024 08:27 AM
Cat 9300 support in band and OOB management, so depends on the configuration you can apply as source interface.
this can be VLAN SVI or Phusical layer3 port where the destination can be reachble or mgmt port will be different path (if you have one ?)
04-25-2024 01:15 AM
Hello,
Thank you for the suggestion. The CLI has an option just to add the vlan number,I would like the source to be the Vlan SVI. On implementation
ntp source ?
AccessTunnel Access Tunnel interface
AppGigabitEthernet App-hosting Gigabit Ethernet
Auto-Template Auto-Template interface
BDI Bridge-Domain interface
Bluetooth Bluetooth interface
CEM-PG Circuit Emulation interface with Protection group
CEOBC Cluster EOBC Interface
FortyGigabitEthernet Forty Gigabit Ethernet
GMPLS MPLS interface
GigabitEthernet GigabitEthernet IEEE 802.3z
InternalInterface Internal Interface
L2LISP L2 Locator/ID Separation Protocol Virtual Interface
LISP Locator/ID Separation Protocol Virtual Interface
Loopback Loopback interface
Lspvif LSP virtual interface
Null Null interface
PROTECTION_GROUP Protection-group controller
Port-channel Ethernet Channel of interfaces
SDH_ACR Virtual SDH-ACR controller
SERIAL-ACR Serial interface with ACR
Serial-PG Serial interface with Protection Group
TLS-VIF TLS Virtual Interface
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Tunnel-tp MPLS Transport Profile interface
TwentyFiveGigE Twenty Five Gigabit Ethernet
VirtualPortGroup Virtual Port Group
Vlan Catalyst Vlans
nve Network virtualization endpoint interface
X02YAL11UH001-KF001-(config)#ntp source vlan ?
<1-4094> Vlan interface number
X02YAL11UH001-KF001-(config)#ntp source vlan 403
X02YAL11UH001-KF001-(config)#do wr
There are no packets reaching the firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide