Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Can I use a common NTP server from multiple VLANs ?

J Vesterdahl
Regular Advisor

Can I use a common NTP server from multiple VLANs ?

Hello all.

I have multiple VLANs on my static network which is primarily using 2824 switches.
Only one VLAN has configured IP addresses, and this is used for management. This way, the other VLANs are isolated, and the network does not care what IP address space is used in the various VLANs. They are being used for static purposes such as video, telemetry, dedicated point-to-point connections etc.

One of the applications must now use and NTP server, which is going to be a GPS box, which is easily attached.

But I was thinking that maybe I could use this reasonably exact time for the management VLAN also, and perhaps other uses in the future.

So now I have to think about routing for the first time.

Is there a way that I can reach the single IP address of the NTP server from multiple VLANs *without allowing the VLANs to see each other* ?

This is what I think I should do:
- Enable routing in one switch
- Optionally put the NTP server in its own VLAN
- Set the routing switch as default gateway in all switches that need to reach the NTP server
- Set a static route in the routing switch pointing to the NTP server
- Set static routes in the routing switch pointing back to the NTP users, so the NTP server can respond
- Ummm ...

Am I even close here?
I am guessing the static routes are so specific that general cross-VLAN access.
There is always one more bug ...
4 REPLIES
J Vesterdahl
Regular Advisor

Re: Can I use a common NTP server from multiple VLANs ?

After reading som more and talking to a friend in the know, it looks like I should replace at least one 2824 with a 2910al and use access control lists.
There is always one more bug ...
Olaf Borowski
Respected Contributor

Re: Can I use a common NTP server from multiple VLANs ?

Other option:
Multinet the NTP server. Does the server NIC support tagging?

Pieter 't Hart
Honored Contributor

Re: Can I use a common NTP server from multiple VLANs ?

you can configure the default-gateway only on devices that really need to access hte ntp-server (like the switches)
if clients have no default gateway configured or point to another address then the switch you configured these clients will not be able to access the other vlan's.
It' not realy secure, but will block accidental acces to other vlan's.

beware if you configure a vlan for "management only" then it will not route!
the switch will route between other vlans but not from/to the management vlan.
J Vesterdahl
Regular Advisor

Re: Can I use a common NTP server from multiple VLANs ?

Multinetting is not a good option for me, because then I would have to care about the subnets on all VLANs. At this time I have one subnet per VLAN, and I don't care what address ranges are used on the VLANs - only the management VLAN is strictly controlled.
This setup is very convenient for me and my users.

Configuring the default gateway only on the devices that must access the NTP server is a good idea. As you say, it's not really secure, but good enough for me, as my network is static, and mostly used for video, telemetry and various "transportation" point-to-point connections.
Thanks for tip with the "management only" VLAN. I didn't know that, and I have wondered what the setting was for. It's not enabled and now it's not going to be.

For now, it looks like I'm going with a 2910 switch and ACLs.



There is always one more bug ...