ntp access-group <peer vs serve>

Guys,

So I configured an NTP server and with authentication with 2 clients - all
working good and jolley.

Now, I went on to configure the access-group to control who gets access to
the service on the NTP server. I used the NTP "ntp access-group peer 1" with
an ACL 1 permitting my clients.

However, right after making this addition, my hosts de-sync (if this word
exists :-)) from my NTP source/server. Checking the docCD, I have 4 options
when controlling NTP service access and from my understanding on the
documentation, it seems like the "peer" option is a kosher one (and also a
superset of the serve option). But naahhhh, my clients just fall off after
some time. I will now try out the "serve" keyword, to see what.

Anyone got some good leads on this one please?

Thanks as usual.
Sadiq

Excerp from the docCD:

The access group options are scanned in the following order, from least
restrictive to most restrictive:

* 1. **peer*Allows time requests and NTP control queries and allows the
system to synchronize itself to a system whose address passes the access
list criteria.

* 2. **serve*Allows time requests and NTP control queries, but does not
allow the system to synchronize itself to a system whose address passes the
access list criteria.

* 3. **serve-only*Allows only time requests from a system whose address
passes the access list criteria.

* 4. **query-only*Allows only NTP control queries from a system whose
address passes the access list criteria.

More here:

http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys_
manage_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1034942

--
CCIE #19963
Blogs and organic groups at http://www.ccie.net