Thanks Danny.

Let me be a little clearer here.  What I'm aiming to do here is get the time on SWT2 from my management vlan 50.   So somehow  I need to make SWT1 advertise it to that vlan.  I'm just not sure which commands to use on the SG300.  VLAN50 is already the default gateway on SWT2.   I really don't want the management VLAN 50 going to the router for security reasons.  So if someone knows the commands that might be used 'SG300 specific' it would be a great help.

What sort of commands are you referring to? CLI.  As long as the switch VLAN has a route to the NTP server, specifying that NTP server on SW2 will grab the time from your designated NTP server. Example To follow.  

Thanks Danny.

Yes the CLI.  From what I understand it is better to have your NTP running on your management vlan.  My management vlan 50 does not have a path to the NTP server running on the router and I want to keep it that way.  It does however have a path to my all my other vlans.

VLANS with access to router 10,20 and 30.

On SWT1

clock source sntp
sntp unicast client enable
sntp server 192.168.0.2

RTR -192.168.0.2/30  --> SWT1 192.168.0.1/30 --> Vlans 10,20,30,96 (defalt), 50 (mgmt)

SWT1 - vlans, 10 and 50  -> SWT2

VLAN 50 (MGMT) ip addresses:

SWT1 - 192.168.50.1/30

SWT2 - 192.168.50.2

default gateway on SWT2 is 192.168.50.1

On SWT2 I would like to do something like the following:

sntp server 192.168.50.1

But I need to make SWT1 also advertise the NTP protocol as well as the router.  Because thats were I want SWT2 to pick it up from as well as another devices on the network.

Hopefully that helps explain.  Or maybe I'm hopelessly lost.  Thanks gain for the help.

Mike

Did you take a look at SNTP Multicast/Anycast under Administration-> time? 

You still have to have a main clock source.  This is the only thing I see.  Help does not bring up any info on it.

Thanks Lee!

Yes my switch2 is a layer 3 switch and as you can see above it only have one connection to the router.  All my other routes at handled on SWT 1 as SVI's. 

But you hit the problem area that I'm having!   I tried using the Muti and anycast setting but to be honest I don't understand them.  The last time I used anycast I think it was an IPv6 setting.  So I'm not that familiar with with those type of ntp commands.

Trying to do this all from the CLI.  But maybe if I use the web page it might be easier to figure out.  Then go back into the CLI and figure out what it changed.  You know us command line guys. LOL.  Normally I have all my http stuff turned off and normally just access everything through a terminal server.  But I may try that and see what I get and report back.

Thanks

Hi Michael,

These commands I have, this is working for me, providing all the routes are correct and things can talk to each other etc.

clock timezone " " 0 minutes 0
clock summer-time web recurring eu                    
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 0.uk.pool.ntp.org poll
sntp source-interface vlan 10

ip domain name BLANKED
ip name-server  BLANKED
ip domain polling-interval 8

I suppose you could change the settings to reflect your internal NTP server.

Regards

Dan

The way I have it setup right now is using pfsense with ntpd for time on my network.  By using pfsense there is a little more firewall checking than just feeding time to a switch straight off the internet.  Plus the pfsense people are actively checking for ntpd errors and problems so I feel a little more comfortable setting it up this way.  My SG300-28 switch points to time on the pfsense router but the management VLAN is not fed to the router.  All network traffic from pfsense is routed to my SG300-28 layer 3 switch using an access port for pfsense.

My config was an example. Simply substitute the external NTP servers for an internal range. Although if your management VLAN can't access it you may have issues. We have an internal device at work serving NTP then that single device checks via web. Not the case for my home office setup though.

Havent played with PFSense for a little while.  I'm sure you could probably do some clever natting to achieve the necessary. 

Will try try to spin one up this week and have a play with config. 

So essentially your first switch is fed the time via PFSense then you want that switch to send time via NTP to switch 2? Just so I am clear on how you want to achieve this setup. 

Thanks Danny!

Yes exactly, instead of both switches pulling time from the router or pfsense as in Lee's situation I want SWT1 to also act as a NTP server also and send the time to SWT2 when it requests it.  However I see no command to do that.  Only commands that work as clients requesting time.

  It is recommended in most situation to keep all your management stuff on a separate management vlan and that would normally include your NTP protocol as well.  That's the way I understand it anyway.  Probably in a small business / home situation it really doesn't matter that much.  But as my network I also use it as a proving ground for concepts I'm trying to use.

One solution I see is to create a path to the route for vlan 50 to the router and then create a ACL to block everything except NTP on the path to the router.

The other as mentioned would be to place an actual device to act as an NTP server on the local network and get time from it.

The last and the one I'm using now is to just sod it and set the time manually on that switch.  LOL.  It really doesn't go down that often. 

Thanks again for everyone's help.  It's nice to be on a active community!

Mike

My setup works best with pfsense and the SG300-28 VLAN using a 30 bit mask if you try it. Create a router VLAN add 1 access port. Plug router into the 1 access port.  SG300-28 layer 3 switch will route all the traffic to the appropriate VLANs. pfsense needs to route all the VLAN networks to the switch's 30 bit port IP address. Pfsense only knows the networks and no VLANs. 

My understanding is on a trunk port only the default VLAN can pass as untagged all other VLANs need to be tagged.  Maybe just make SWT1 have VLAN50 as the default VLAN also.

You can use your switch as the router for the VLANs and connect your router on an access port so no management VLAN passes to the router.  This is the way I run my switch and router. It allows me to change routers quickly.