In related to configuring management interface in Juniper, NTP traffic should go via the management port and not through the data ports. Pre-requisite configuration can be found here:
https://mynetworkbio.blogspot.com/2020/03/configure-management-interface-in.html
NTP Server1: 192.168.10.101
NTP Server1: 192.168.10.102
Configuration:
set system ntp server 192.168.10.101 routing-instance mgmt_junos
set system ntp server 192.168.10.102 routing-instance mgmt_junos
set system ntp source-address 172.16.0.100 routing-instance mgmt_junos
where: 172.16.0.100 is your management (em0) interface IP
Sample Firewall configuration:
set firewall family inet filter FIREWALL-RE term NTP-PERMIT from source-prefix-list NTP-LIST
set firewall family inet filter FIREWALL-RE term NTP-PERMIT from protocol udp
set firewall family inet filter FIREWALL-RE term NTP-PERMIT from port ntp
set firewall family inet filter FIREWALL-RE term NTP-PERMIT then policer RE-POLICER-256K
set firewall family inet filter FIREWALL-RE term NTP-PERMIT then count NTP-PERMIT
set firewall family inet filter FIREWALL-RE term NTP-PERMIT then accept
set firewall policer ntp-policer if-exceeding bandwidth-limit 1m
set firewall policer ntp-policer if-exceeding burst-size-limit 15k
set firewall policer ntp-policer then discard
set policy-options prefix-list NTP-LIST 172.20.2.100/32
set policy-options prefix-list NTP-LIST 192.168.10.101/32
set policy-options prefix-list NTP-LIST 192.168.10.102/32
where:
172.20.2.100/32 is your loopback0 address
Note: Those highlighted commands in bold font are the most important to make this work.
Verification:
darwin@QFX-re0#run show ntp associations
remote refid st t when poll reach delay offset jitter
===============================================================================
192.168.10.101 .GPS. 1 - - 64 1 1.555 -0.053 0.026
192.168.10.102 .GPS. 1 - 1 64 1 0.901 -0.045 0.031
{master}[edit]
darwin@QFX-re0#run show ntp status
status=0644 leap_none, sync_ntp, 4 events, event_peer/strat_chg,
version="ntpd 4.2.0-a Thu Dec 26 20:26:31 2019 (1)", processor="amd64",
system="FreeBSDJNPR-11.0-20191223.5f5c7dc_buil", leap=00, stratum=2,
precision=-23, rootdelay=1.514, rootdispersion=13.291, peer=13884,
refid=192.168.10.101,
reftime=e270e335.ef6c45ca Thu, May 21 2020 19:23:33.935, poll=6,
clock=e270e3fa.23b9d2ce Thu, May 21 2020 19:26:50.139, state=4,
offset=-0.019, frequency=34.239, jitter=0.042, stability=0.000
Additional Tips:
Set timezone (example changing from default UTC to SGT)
darwin@QFX-re0# set system time-zone Asia/Singapore
darwin@QFX-re0# run show system uptime
Current time: 2020-05-21 11:24:09 UTC
Time Source: NTP CLOCK
System booted: 2020-04-19 13:28:11 UTC (4w3d 21:55 ago)
Protocols started: 2020-04-19 13:29:05 UTC (4w3d 21:55 ago)
Last configured: 2020-05-21 11:23:18 UTC (00:00:51 ago) by darwin
11:24AM up 31 days, 21:56, 1 users, load averages: 0.37, 0.28, 0.25
darwin@QFX-re0# run show system uptime
Current time: 2020-05-21 19:25:48 SGT
Time Source: NTP CLOCK
System booted: 2020-04-19 21:28:11 SGT (4w3d 21:57 ago)
Protocols started: 2020-04-19 21:29:05 SGT (4w3d 21:56 ago)
Last configured: 2020-05-21 19:25:29 SGT (00:00:19 ago) by darwin
7:25PM up 31 days, 21:58, 1 users, load averages: 0.39, 0.30, 0.26
No comments:
Post a Comment