NTP port opening!

SOLVED
nikma
Here to help

NTP port opening!

Hi,

 

We need to open ntp port 123 from one vlan to another. I have created a rule that allows ntp from that vlan 10.10.10.0/24 to the another 10.10.20.0/24 on udp port 123. But it is still not working! 

 

Source - 10.10.10.0/24

Destination - 10.10.20.0/24

Src port: any

Dst port: 123

 

Should I open on the other side also! Is there a need for that?

 

BR Nikma

 

 

 

 

1 ACCEPTED SOLUTION
jdsilva
Kind of a big deal

Hi @nikma ,

 

By default on an MX all inter-VLAN traffic on the LAN ports is already allowed. So there's no need to create a rule. If you've previously added rules that block everything then you will need to create the rule you're asking about.

 

The MX is (generally) a stateful firewall, meaning that if you allow traffic in one direction, the return traffic will automatically be allowed back. So in this case you would write your rule as you stated and that's it. Return traffic is good to go.

 

As for why it's not working, can clients on the same VLAN as the NTP server sync their time? Is the inter-VLAN routing working correctly (i.e. can the client ping the NTP server?)

 

 

View solution in original post

2 REPLIES 2
jdsilva
Kind of a big deal

Hi @nikma ,

 

By default on an MX all inter-VLAN traffic on the LAN ports is already allowed. So there's no need to create a rule. If you've previously added rules that block everything then you will need to create the rule you're asking about.

 

The MX is (generally) a stateful firewall, meaning that if you allow traffic in one direction, the return traffic will automatically be allowed back. So in this case you would write your rule as you stated and that's it. Return traffic is good to go.

 

As for why it's not working, can clients on the same VLAN as the NTP server sync their time? Is the inter-VLAN routing working correctly (i.e. can the client ping the NTP server?)

 

 

Hi Jdsilva,

 

Thank you for these information. They are indeed very useful!

 

BR Nikma

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels