Requirement:
WLAN admin to be able to specify source IP for originating NTP traffic from the Controller.
Solution:Starting AOS version 8.1, WLAN admin can now specify source IP address for the NTP traffic to be originated from the Controller. NTP source address can be a VLAN interface or loopback address. Specifying source IP for NTP will help in managing the packets by applying appropriate filters.
Advantages of Specifying Source IP:
- NTP Servers can be configured to allow packets only from specific source address. This will ensure the integrity and the security of the Servers.
- Easy to process and to review the logs in Servers, as it can be tracked using the source address.
- NTP peers can be tracked in better way.
- Loopback as source ensures IP address is always reachable, provided atleast 1 interface is up and have route to the IP address block assigned to loopback interface.
Configuration:NTP soruce can be a VLAN interface or Loopback interface as shown below.
(7010) (config) #ntp source ?
loopback Set loopack interface as source for NTP client traffic.
<vlanid> Set source VLAN for NTP client traffic.
Configuration of NTP server and source address as follows,
(7010)(config)# ntp server 172.16.172.1 iburst
(7010)(config)# ntp source 173
VerificationFollowing command can be executed to verify NTP configuration. As highlighted below, VLAN interface 173 has been configured as source address.
(7010) (config) #show ntp servers
remote local st poll reach delay offset disp
====================================================================================
*172.16.172.1 172.16.173.2 2 64 1 0.00038 0.000309 0.96825
:-WARNING-:
NTP Source Enabled.
NTP source interface: 173
Ensure Upstream NTP Server(s) are reachable by source interface.