Cisco C1000-NTP time server with data diode closed system

cisco-newbie2022 · ‎07-27-2022

Hello,

In short, I'm working with a closed enclave and have two Linux machines that are connected to a data diode, then to the C1000 switch, which is the NTP master. The NTP works on the other machines that are not attached to the data diode, but are attached to the switch. The NTP does not work with the machines that are after the diode, presumably because the switch cannot get the message back from computers. Is there a way to force NTP to these machines? The switch is on 15.2-7R-E6 if that helps. I tried getting into a port config on the switch where one of the machines connects and typing "NTP broadcast" but it wont take the command past the NTP. Any advice would be appreciated.

Reza Sharifi · ‎07-27-2022

Hi,

For testing, would NTP work if you connect the two Linus machines directly to the switch (no data diode)?

HTH

cisco-newbie2022 · ‎07-28-2022

Hello,

NTP does work without the data diodes.

bfoulks · ‎07-29-2022

NTP is by default bi-directional. Because of the data diode, blocks the client return traffic. You need to put your ntp server in broadcast mode. Then becomes one-way. Issue with that is accuracy then is degraded, but you'll get it on the other side of the data diode.

bfoulks · ‎07-29-2022

Sorry if I wasn't clear. The broadcast configuration is done on the ntp server itself. Without knowing what server you are using, I cant provide the exact configuration details for you.