RE: NTP authentication and access-groups

From: RSiddappa@xxxxxxxxxx
Date: Tue Mar 26 2002 - 02:39:39 GMT-3

• Next message: CCIE2B: "Reverse Telnet Question"
• Previous message: Edward Monk: "RE: How to exclude addresses in a NAT pool?"
• Maybe in reply to: Shailen Amichand: "NTP authentication and access-groups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
This was really good one.

Lot of people had problems just with authnetication or Just with
Acces-group.

Thsi will really help.

R.

-----Original Message-----
From: Shailen Amichand [mailto:Shailen.Amichand@xtra.co.nz]
Sent: Monday, March 25, 2002 8:26 PM
To: 'Landon Fitts'; ccielab@groupstudy.com
Subject: RE: NTP authentication and access-groups

Thanks Landon,

But as Mamoor pointed out I need to look at my access-list and found
that needed to added
access-list 30 permit 127.127.7.1

It is now working.

Thanks Guys.
Shailen

Ps:// heres it the working config if anyone wants to know.

R9R07# MASTER
access-list 30 permit 127.127.7.1
access-list 30 permit 192.168.2.136 0.0.0.3
access-list 30 permit 192.168.2.152 0.0.0.3
access-list 30 deny any log
!
ntp authenticate
ntp authentication-key 1 md5 070C285F4D06 7
ntp access-group serve 30
ntp master 2
ntp update-calendar
End

R9R07#sh ntp stat
Clock is synchronized, stratum 2, reference is 127.127.7.1
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is
2**24
reference time is C04A5A57.B670DC2A (14:24:23.712 NZDT Tue Mar 26 2002)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec

R6R06# CLIENT#1
ntp authentication-key 1 md5 01100F175804 7
ntp authenticate
ntp trusted-key 1
ntp server 192.168.2.153 key 1

R6R06#sh ntp stat
Clock is synchronized, stratum 3, reference is 192.168.2.153
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is
2**19
reference time is C04A5A31.F22B2780 (14:23:45.945 NZDT Tue Mar 26 2002)
clock offset is -1.8346 msec, root delay is 42.71 msec
root dispersion is 2.76 msec, peer dispersion is 0.89 msec

-----Original Message-----
From: Landon Fitts [mailto:l.fitts@mindspring.com]
Sent: Tuesday, 26 March 2002 14:20
To: Shailen Amichand; ccielab@groupstudy.com
Subject: Re: NTP authentication and access-groups

Shailen,

Try using the access-list on your router R6R07 rather than your router
R9R07.

Regards,

Landon Fitts
CCNP, CCDP, NNCSE, NNCDE
l.fitts@mindspring.com

----- Original Message -----
From: "Shailen Amichand" <Shailen.Amichand@xtra.co.nz>
To: <ccielab@groupstudy.com>
Sent: Monday, March 25, 2002 8:41 PM
Subject: NTP authentication and access-groups

> Hi Folks
>
>
> I need some help with this ntp config. I want to use authentication as

> well as access-list 30. As soon as I put the access-group command in
> (I have tried all the options server-only, peer, etc) the master clock

> gets unsynch. Thus no other router can sync to it. What I am I missing

> here??
>
> Thanks
> Shailen
>
> R9R07#
> access-list 30 permit 192.168.2.138
> access-list 30 permit 192.168.2.154
> ntp authentication-key 1 md5 070C285F4D06 7
> ntp authenticate
> ntp access-group serve 30
> ntp master 1
> ntp update-calendar
> End
>
> R9R07#sh ntp stat
> Clock is unsynchronized, stratum 16, no reference clock nominal freq
> is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**24
> reference time is C04A44D7.B68A29EA (12:52:39.713 NZDT Tue Mar 26
2002)
> clock offset is 0.0000 msec, root delay is 0.00 msec
> root dispersion is 1875.02 msec, peer dispersion is 1875.02 msec
> R9R07#
>
------------------------------------------------------------------------
> ----------------------------------------------------------
> R9R07(config)#no ntp access-group peer 30
> R9R07#
> .Mar 26 13:07:35: NTP: 127.127.7.1 reachable
> .Mar 26 13:07:35: NTP: synced to new peer 127.127.7.1
> Mar 26 13:07:35: NTP: sync change
> Mar 26 13:07:35: NTP: peer stratum changesh ntp stat
> Clock is synchronized, stratum 1, reference is .LOCL.
> nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is
> 2**24
> reference time is C04A4857.B6880FDB (13:07:35.713 NZDT Tue Mar 26
2002)
> clock offset is 0.0000 msec, root delay is 0.00 msec
> root dispersion is 15875.02 msec, peer dispersion is 15875.02 msec
> R9R07#
>
------------------------------------------------------------------------
> ----------------------------------------------------------
>
>
> R6R06#
> ntp authentication-key 1 md5 01100F175804 7
> ntp authenticate
> ntp trusted-key 1
> ntp server 192.168.2.153 key 1

• Next message: CCIE2B: "Reverse Telnet Question"
• Previous message: Edward Monk: "RE: How to exclude addresses in a NAT pool?"
• Maybe in reply to: Shailen Amichand: "NTP authentication and access-groups"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:57:22 GMT-3