Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2144
Views
2
Helpful
20
Replies

NTP and Syslog packets with specific IP Address

Go to solution
Ranjita
Level 1
Level 1

‎04-24-2024 06:35 AM

Hi All,

I have a couple of C9300 L3 switches that are connecting to an ASA firewall. The NTP and the syslog server for the switches are located behind a firewall.

When one of the switches request/send packets the gateway IP is the source address on the Firewall (which is normal behavior).

Is there an option to add the Management IP of the switch while sending/receiving such packets?

Thanks.

 

Labels:
0 Helpful
20 Replies 20

Go to solution
Ranjita
Level 1
Level 1
In response to Ranjita

‎04-26-2024 04:15 AM

Sorry please ignore my last statement as that is not the case.

0 Helpful

Go to solution
MHM Cisco World
VIP
VIP
In response to Ranjita

‎04-26-2024 04:18 AM

Not all NTP receive in vlan401

Can I see SW NTP config 

MHM

0 Helpful

Go to solution
Ranjita
Level 1
Level 1
In response to MHM Cisco World

‎04-26-2024 04:22 AM

Yes I agree.

Ranjita_0-1714130545252.png

 

0 Helpful

Go to solution
Ranjita
Level 1
Level 1
In response to Ranjita

‎04-26-2024 06:11 AM

Hi,

Thank you for the continuous support and feedback.The issue has been resolved.
We have 2 firewalls North and South,what we were looking at the whole time was the North Firewall.
The South FW was the one that was denying traffic and now I allowed traffic on it.Clock has been set 

0 Helpful

Go to solution
balaji.bandi
Hall of Fame
Hall of Fame

‎04-24-2024 08:27 AM

Cat 9300 support in band and OOB management, so depends on the configuration you can apply as source interface.

this can be VLAN SVI or Phusical layer3 port where the destination can be reachble or mgmt port will be different path (if you have one ?)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Go to solution
Ranjita
Level 1
Level 1
In response to balaji.bandi

‎04-25-2024 01:15 AM

Hello,
Thank you for the suggestion. The CLI has an option just to add the vlan number,I would like the source to be the Vlan SVI. On implementation

ntp source ?
AccessTunnel Access Tunnel interface
AppGigabitEthernet App-hosting Gigabit Ethernet
Auto-Template Auto-Template interface
BDI Bridge-Domain interface
Bluetooth Bluetooth interface
CEM-PG Circuit Emulation interface with Protection group
CEOBC Cluster EOBC Interface
FortyGigabitEthernet Forty Gigabit Ethernet
GMPLS MPLS interface
GigabitEthernet GigabitEthernet IEEE 802.3z
InternalInterface Internal Interface
L2LISP L2 Locator/ID Separation Protocol Virtual Interface
LISP Locator/ID Separation Protocol Virtual Interface
Loopback Loopback interface
Lspvif LSP virtual interface
Null Null interface
PROTECTION_GROUP Protection-group controller
Port-channel Ethernet Channel of interfaces
SDH_ACR Virtual SDH-ACR controller
SERIAL-ACR Serial interface with ACR
Serial-PG Serial interface with Protection Group
TLS-VIF TLS Virtual Interface
TenGigabitEthernet Ten Gigabit Ethernet
Tunnel Tunnel interface
Tunnel-tp MPLS Transport Profile interface
TwentyFiveGigE Twenty Five Gigabit Ethernet
VirtualPortGroup Virtual Port Group
Vlan Catalyst Vlans
nve Network virtualization endpoint interface

X02YAL11UH001-KF001-(config)#ntp source vlan ?
<1-4094> Vlan interface number

X02YAL11UH001-KF001-(config)#ntp source vlan 403
X02YAL11UH001-KF001-(config)#do wr

There are no packets reaching the firewall.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card