NTP Access-group Options

From: gladston@br.ibm.com
Date: Mon May 16 2005 - 16:47:36 GMT-3

• Next message: l.tosolini@chello.nl: "Re: RE: Practical Study2 Lab6: group-list doesn't work"
• Previous message: Sean C: "Re: ppp authen -- chap and pap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Do you understand the differences on ntp access-group options?

Deal says on its book "This feature is useful if your router is an NTP server and you want to restrict NTP access to it..." but I have seem this command used on NTP client to filter from what server it can get time.
Even Deal has this example on page 732.

Reading Cisco, and doc recommended by Cisco - "For details on NTP control queries, see RFC 1305 (NTP version 3)" - did not clear the options:

query-only
serve-only
serve
peer

When applying a filter on 12.2T, it avoids relation with server and with client:
These are the commands used before ntp access-group:

ntp authentication-key 2 md5 cisco
ntp authenticate
ntp trusted-key 2
ntp server 150.100.20.254 key 2

R3, this router, has BB2 as the ntp server and R2 as ntp client. NTP is ok on R2 and R3 with this configuration.

Adding ntp access-group:

ntp access-group peer 99
!
access-group 99 permit 172.16.1.1 0.0.0.0

172.16.1.1 is R1 address.
Now, R3 does not synchronize with BB2 and does not allow R2 to be synchronized.
I am not sure if this access-group filter ntp packets to the server, to the client, or both.

• Next message: l.tosolini@chello.nl: "Re: RE: Practical Study2 Lab6: group-list doesn't work"
• Previous message: Sean C: "Re: ppp authen -- chap and pap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:58 GMT-3