Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ACL allowing NTP traffic on the switch

Hi ,

I am having issue with my NTP sync.

I have configured the NTP as below. The route to NTP server is on int VLAN 221 which is having ACL out. But inside the ACL , i already allowed for the NTP traffic. But my show ntp status still unsync to NTP server.

Anyone can advise if any woring in config. Is the locally generated traffic applicable to ACL?

NOTE: I got another switch connected another interface( int VLAN 150) on this Switch1. It is syned with NTP server.

Switch1 #sh run | i ntp server

ntp server y.y.y.y

ntp server x.x.x.x prefer

Switch1#sh ip route x.x.x.x

Routing entry for x.x.x.0/28

    * directly connected, via Vlan221

      Route metric is 0, traffic share count is 1

interface Vlan221

ip address x.x.x.w 255.255.255.240

ip access-group VLAN_221_out out

Extended IP access list VLAN_221_out

    10 permit tcp any any established (5 matches)

    20 permit udp any host x.x.x.x eq ntp

    30 permit udp any host y.y.y.y eq ntp

Thanks

WPA

1 REPLY
Hall of Fame Super Silver

ACL allowing NTP traffic on the switch

WPA

An access list applied outbound does not affect packets generated by the switch itself. So this access list is not causing the issue with ntp. Note that if the other switch you mention is sending its traffic through this switch to get to the ntp servers then you certainly do need the access list entries to permit the ntp traffic from the other switch.

Is it accurate that the ntp server is actually connected in the vlan 221? If so it is surprising that it does not supply ntp to a local connection but does supply time to the other switch. Can you do a traceroute from the other switch and verify what is the data path from that switch to the ntp server?

Also could you post the output of the command show ntp association detail? This might provide some insight into the problem.

HTH

Rick

1028
Views
0
Helpful
1
Replies
CreatePlease login to create content