cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

NTP port opening!

SOLVED
Highlighted
Here to help

NTP port opening!

Hi,

 

We need to open ntp port 123 from one vlan to another. I have created a rule that allows ntp from that vlan 10.10.10.0/24 to the another 10.10.20.0/24 on udp port 123. But it is still not working! 

 

Source - 10.10.10.0/24

Destination - 10.10.20.0/24

Src port: any

Dst port: 123

 

Should I open on the other side also! Is there a need for that?

 

BR Nikma

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Kind of a big deal

Re: NTP port opening!

Hi @nikma ,

 

By default on an MX all inter-VLAN traffic on the LAN ports is already allowed. So there's no need to create a rule. If you've previously added rules that block everything then you will need to create the rule you're asking about.

 

The MX is (generally) a stateful firewall, meaning that if you allow traffic in one direction, the return traffic will automatically be allowed back. So in this case you would write your rule as you stated and that's it. Return traffic is good to go.

 

As for why it's not working, can clients on the same VLAN as the NTP server sync their time? Is the inter-VLAN routing working correctly (i.e. can the client ping the NTP server?)

 

 

View solution in original post

2 REPLIES 2
Highlighted
Kind of a big deal

Re: NTP port opening!

Hi @nikma ,

 

By default on an MX all inter-VLAN traffic on the LAN ports is already allowed. So there's no need to create a rule. If you've previously added rules that block everything then you will need to create the rule you're asking about.

 

The MX is (generally) a stateful firewall, meaning that if you allow traffic in one direction, the return traffic will automatically be allowed back. So in this case you would write your rule as you stated and that's it. Return traffic is good to go.

 

As for why it's not working, can clients on the same VLAN as the NTP server sync their time? Is the inter-VLAN routing working correctly (i.e. can the client ping the NTP server?)

 

 

View solution in original post

Highlighted
Here to help

Re: NTP port opening!

Hi Jdsilva,

 

Thank you for these information. They are indeed very useful!

 

BR Nikma

Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.