Setup local NTP servers
None of the RouterBoards have a battery backed up clock so it is good practice to setup the NTP client on all boards to be able to set proper time after boot. There are many public NTP servers on the Internet but it's always good to have some centralized control of a time source and in addition lower the load of public servers with the aid of local cached NTP servers.
Since v6.14 'mode' variable is now read-only and not therefore configurable. It is set to 'unicast' if one or two server IP addresses are specified, otherwise it is set to 'broadcast'.
Since v6.16 the current time is saved in the system configuration on reboot and on clock adjustment and is used to set the initial time after reboot.
- Router doesn't need direct access to internet and public NTP servers
- Allow control of a primary source of clock for your router on only two main routers (primary and secondary)
- It can reduce traffic and the load of some public NTP servers by local time caching
RouterOS supports the setting of two servers for NTP client, primary and secondary. It's better to setup and use two servers for redundancy if it is feasible. NTP servers should be located in independent locations with high availability near main gateways.
NTP server can be configured by WinBox in menu System - NTP Server or in command line /system/ntp/server. NTP server service is not included in default set of packages so it needs to be downloaded and installed manually with ntp.npk package. ntp.npk package is NOT required to provide router with sNTP client as this is already built into system package!
If package is successfully installed then it can be simply enabled with Manycast support.
/system ntp server set broadcast=no enabled=yes manycast=yes multicast=no
Local NTP servers need to be synchronized from Stratum 1 or Stratum 2 public servers. Pick some from public list.
/system ntp client set enabled=yes primary-ntp=220.127.116.11 secondary-ntp=18.104.22.168
Server ip mismatch
A routed network router can have multiple interfaces and IP addresses and NTP server running on such a router can answer on a different IP address than it received the request. Source NAT should be configured to solve this kind of problem which can otherwise result in Bad packet reason = server-ip-mismatch on the client side.
/ip firewall nat add action=src-nat chain=srcnat comment="NTP" disabled=no \ protocol=udp src-port=123 to-addresses=192.168.0.1
Where 192.168.0.1 is the desired NTP server address. But this rule also applies source NAT to all traffic going through so every other NTP server traffic will also be SNAT'ed to one address too. This rule therefore can be more closely specified with src-address parameter configured to all the other IP addresses which the router has on other interfaces. E.g., If the router has three addresses then two SNAT rules should be added as follows:
/ip firewall nat add action=src-nat chain=srcnat src-address="192.168.0.2" \ comment="NTP interface ether2" disabled=no protocol=udp src-port=123 to-addresses=192.168.0.1 /ip firewall nat add action=src-nat chain=srcnat src-address="192.168.0.3" \ comment="NTP interface ether3" disabled=no protocol=udp src-port=123 to-addresses=192.168.0.1
Now the local NTP servers can be configured on every router in the local network:
/system ntp client set enabled=yes primary-ntp=192.168.0.1 secondary-ntp=192.168.1.1
Also you should set the correct time zone according to your location on every router.
/system clock set time-zone-name=CET