For your situation you should be doing the query-only if you are wanting to
control who can get time from the server. You would use the serve option on
the clients if you want to control who can give them time. I would use the
peer option when you have the command "ntp server" configured and "ntp peer"
with another device.
Regards,
Tyson Scott - CCIE #13513 R&S, Security, and SP
Managing Partner / Sr. Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com
-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
Sadiq Yakasai
Sent: Sunday, May 30, 2010 5:39 PM
To: Cisco certification; Cisco certification
Subject: ntp access-group <peer vs serve>
Guys,
So I configured an NTP server and with authentication with 2 clients - all
working good and jolley.
Now, I went on to configure the access-group to control who gets access to
the service on the NTP server. I used the NTP "ntp access-group peer 1" with
an ACL 1 permitting my clients.
However, right after making this addition, my hosts de-sync (if this word
exists :-)) from my NTP source/server. Checking the docCD, I have 4 options
when controlling NTP service access and from my understanding on the
documentation, it seems like the "peer" option is a kosher one (and also a
superset of the serve option). But naahhhh, my clients just fall off after
some time. I will now try out the "serve" keyword, to see what.
Anyone got some good leads on this one please?
Thanks as usual.
Sadiq
Excerp from the docCD:
The access group options are scanned in the following order, from least
restrictive to most restrictive: