cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1066
Views
0
Helpful
10
Replies

NTP Configuration in a three-tier topology

umer zubairi
Level 1
Level 1

Gents,

I'm currently working on a three-tier topology and the task it to make Core switch working as NTP server and to further sync Distribution and Access layer switches with the Core node.

Anyone has an idea what configurations are needed for this task accomplishment.

*Can I possibly make the loopback address of the Core as NTP server IP?

Thanking you all in advance for sharing the configs.

BR,

Umer

1 Accepted Solution

Accepted Solutions

Hello,

actually, on the distribution and access switches, you don't even need the update source. The below should work:

Core

interface loopback0
ip address 1.1.1.1 255.255.255.255
!
ntp update-source loopback0
!
ntp server x.x.x.x // IP address of corporate NTP appliance
ntp master 2

Distribution

ntp server 1.1.1.1


Access

ntp server 1.1.1.1

View solution in original post

10 Replies 10

Hello,

'ntp source loopback' is actually a best practice when configuring NTP. Make sure that you set the stratum correctly on the core when you configure the ntp master"

ntp master 2

is the minimum, depending on how your core is connected to the Internet.

Thanks Georg!

I need to know the configs for Core, Dist and Access nodes.

It'd be great if someone can share.

Hello,

below is a basic NTP configuration. You can add authentication, as well as peering between switches on the same level, for redundancy, if required:

Core

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
ntp update-source loopback0
!
ntp server pool.ntp.org
ntp master 2

Distribution

interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
ntp update-source loopback0
ntp server 1.1.1.1

Access

interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
ntp update-source loopback0
ntp server 2.2.2.2

Obviously, make sure that your loopback IP addresses can be reached throughout the network.

Thanks for support Dear Georg!!

In fact, I don't have loopbacks configured on the Access Layer because the Access nodes are communicating via mgmt vlan through the default GW of an SVI residing on the distribution node. 

I'v loopbacks only on the Core & Dist boxes - not on the Access ones.

Any solution that can sync the time of Access and Dist whilst considering the Core as NTP server? 

Can I possibly use the loopback address of the Core as NTP source since it's reachable throughout the topology?

Kindly, let me know please

Hello Umer,

you don't need to use the loopback IP addresses as update sources. You can also use the IP addresses of the management interfaces. The NTP update source needs to be an IP address that is configured on the device itself. So for example:

Core

interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
ntp update-source loopback0
!
ntp server pool.ntp.org
ntp master 2

Distribution

interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
ntp update-source Vlan1
ntp server 1.1.1.1

Access

interface Vlan1
ip address 192.168.1.2 255.255.255.0
!
ntp update-source Vlan1
ntp server 192.168.1.1

Hope that makes sense...

Dear Georg, thanks again for your prompt response.

Is there any possibility to use only 1.1.1.1 (loopback of Core) as the NTP source for all the devices in the network?

It's a new network block deployment in an existing premises. So we have our own Core, Dist and Access nodes.

Our core will be further connected to the client's corporate network which has dedicated NTP server running.

In short, within our block NTP server will be our Core and our Core will be synchronized the client's corporate NTP server appliance in an hierarchical order. 

Hello,

I don't know how your devices are physically connected, but yes, you can use the Loopback address 1.1.1.1 as the source for all devices (as long as 1.1.1.1 is reachable, obviously, from every device in the network).

Can you check if below will work if 1.1.1.1 is reachable throughout the network

Core

interface loopback0
ip address 1.1.1.1 255.255.255.255
!
ntp update-source loopback0
!
ntp server x.x.x.x // IP address of corporate NTP appliance 
ntp master 2

Distribution

interface loopback0
ip address 2.2.2.2 255.255.255.255
!
ntp update-source loopback0
ntp server 1.1.1.1

int vlan1 

ip add 192.168.1.1 255.255.255.0

Access

ntp update-source Vlan1

ntp server 1.1.1.1

interface Vlan1
ip address 192.168.1.2 255.255.255.0

ip default-gateway 192.168.1.1

Hello,

actually, on the distribution and access switches, you don't even need the update source. The below should work:

Core

interface loopback0
ip address 1.1.1.1 255.255.255.255
!
ntp update-source loopback0
!
ntp server x.x.x.x // IP address of corporate NTP appliance
ntp master 2

Distribution

ntp server 1.1.1.1


Access

ntp server 1.1.1.1

Hi Georg, you're simply awesome Bro!

Thanks a lot for all your support.