I have been playing with getting a single NTP source on my network. I discovered that changing the configured NTP server on the router that is the AP controller causes a synchronization of configurations on the APs (and they set their NTP server to whatever is configured in the router). This seems odd to me since I want the APs to pull time from the local NTP server (I only want the router to go to the internet for time, everything else on my network should use the router as the NTP source)
So, I have a second Balance router (B30). The B30 is connected via WAN1 to a LAN port on the B1. No matter what I do, I cannot get the B1 to use the NTP server on the B30. I tried to access the NTP server via WAN1 IP address as well as local LAN IP address.
I tried configuring Inbound Rules, Internal Rules, and local service rules. I also tried setting up a forwarder from the WAN IP address to the LAN address – nothing worked.
I would have thought that an Inbound Firewall Rule would have been appropriate since the request is coming from the WAN link. Nope. Then, I thought maybe it is considered an Internal network connection since it is using IP Forwarding instead of NAT. Nope. Finally, since the service is hosted on the router - maybe a Local Service rule is required. Nope again.
I have since abandoned trying to get a central NTP server to work with all of my networking gear, which begs the question – why use the router as an NTP server?
In a perfect world, I would set my main router (B1) to be an NTP server and update its own time via the internet source, and then my APs (5) and my other router would point to the B1 as their NTP source. Since the NTP server seems inaccessible from outside of the LAN, and the APs will always follow the setting in the AP Controller – there is no way to accomplish what I am wanting. Full disclosure - I have not validated anything via packet capture – so, I am assuming the APs are using the value configured for their NTP source (time.google.com).
FWIW - I am able to use the B1 as a time source for the B30. The B30 is on the B1 LAN, therefore the NTP server is accessible. So, I was able to keep one device out of 7 from going to the internet for its time sync.