08-24-2015 03:36 PM - edited 03-08-2019 01:29 AM
I am trying to discover if I can "recover" a bad investment with a NAT trick. I purchased an NTP appliance and only recently discovered that it will not allow an 8-bit Sub-net mask. In and of itself, that is not bad. But, I have hundreds of devices campus wide that are looking to get to the NTP server by static IP address (instead of a DNS entry, bad on us). So I'm looking for a configuration that could do the following (I'm just brain storming here).
I have 2 major sub-nets on 2 Vlans across my campus. For this example lets call them:
Vlan10 - 10.0.0.0 / 8 (where the "Old" ntp server resides). The "old" ntp server is 10.123.123.123/8. The "new' one won't allow an 8-bit sub-net mask.
Vlan20 - 10.20.0.0/16 is where the majority of my hosts reside. Hundreds of them ask 10.123.123.123/8 for NTP time sync. Since I cannot IP the new NTP server to the same IP Address with an 8-bit sub-net mask, could I....
... invent a NAT configuration that will see requests for UDP port 123 to 10.123.123.123/8 and NAT that request to a vlan where I can place the new NTP server? Say Vlan123 with the new NTP server at 192.168.123.123/24?
If anyone has any hints or ideas that would be great!
08-24-2015 05:34 PM
Yes you could do NAT, I take it you have L3 devices that allow NAT. Otherwise you could give one of your Router or switches the existing NTP server address, then point that to the new NTP server. So then existing devices need no change.
08-24-2015 11:08 PM
excellent idea and easy to test as well. start with a free 10.0.0.0/8 address and NAT it into something that already exists in the "vlan123' and see if you can connect to it. if you can you can deploy your bad investment NTP server according to the same principle.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide