excellent idea and easy to

MARK CHRISTY · ‎08-24-2015

I am trying to discover if I can "recover" a bad investment with a NAT trick. I purchased an NTP appliance and only recently discovered that it will not allow an 8-bit Sub-net mask. In and of itself, that is not bad. But, I have hundreds of devices campus wide that are looking to get to the NTP server by static IP address (instead of a DNS entry, bad on us). So I'm looking for a configuration that could do the following (I'm just brain storming here).

I have 2 major sub-nets on 2 Vlans across my campus. For this example lets call them:

Vlan10 - 10.0.0.0 / 8 (where the "Old" ntp server resides). The "old" ntp server is 10.123.123.123/8. The "new' one won't allow an 8-bit sub-net mask.

Vlan20 - 10.20.0.0/16 is where the majority of my hosts reside. Hundreds of them ask 10.123.123.123/8 for NTP time sync. Since I cannot IP the new NTP server to the same IP Address with an 8-bit sub-net mask, could I....

... invent a NAT configuration that will see requests for UDP port 123 to 10.123.123.123/8 and NAT that request to a vlan where I can place the new NTP server? Say Vlan123 with the new NTP server at 192.168.123.123/24?

If anyone has any hints or ideas that would be great!

Richard Bradfield · ‎08-24-2015

Yes you could do NAT, I take it you have L3 devices that allow NAT. Otherwise you could give one of your Router or switches the existing NTP server address, then point that to the new NTP server. So then existing devices need no change.

Dennis Mink · ‎08-24-2015

excellent idea and easy to test as well. start with a free 10.0.0.0/8 address and NAT it into something that already exists in the "vlan123' and see if you can connect to it. if you can you can deploy your bad investment NTP server according to the same principle.

Please remember to rate useful posts, by clicking on the stars below.

Can I use NAT to redirect one IP Address to another for NTP requests?