Re: ntp access-group <peer vs serve> from Sadiq Yakasai on 2010-05-30 (Ccielab archives 05/2010)

From: Sadiq Yakasai <sadiqtanko_at_gmail.com>
Date: Sun, 30 May 2010 23:12:33 +0100

Thanks guys,

So whats the difference between "time requests" and "ntp control queries"
BTW? Any link on the this would be helpful.

Sadiq

On Sun, May 30, 2010 at 10:45 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:

> For your situation you should be doing the query-only if you are wanting to
> control who can get time from the server. You would use the serve option on
> the clients if you want to control who can give them time. I would use the
> peer option when you have the command "ntp server" configured and "ntp
> peer"
> with another device.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
> Managing Partner / Sr. Instructor - IPexpert, Inc.
> Mailto: tscott_at_ipexpert.com
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
> Sadiq Yakasai
> Sent: Sunday, May 30, 2010 5:39 PM
> To: Cisco certification; Cisco certification
> Subject: ntp access-group <peer vs serve>
>
> Guys,
>
> So I configured an NTP server and with authentication with 2 clients - all
> working good and jolley.
>
> Now, I went on to configure the access-group to control who gets access to
> the service on the NTP server. I used the NTP "ntp access-group peer 1"
> with
> an ACL 1 permitting my clients.
>
> However, right after making this addition, my hosts de-sync (if this word
> exists :-)) from my NTP source/server. Checking the docCD, I have 4 options
> when controlling NTP service access and from my understanding on the
> documentation, it seems like the "peer" option is a kosher one (and also a
> superset of the serve option). But naahhhh, my clients just fall off after
> some time. I will now try out the "serve" keyword, to see what.
>
> Anyone got some good leads on this one please?
>
> Thanks as usual.
> Sadiq
>
>
> Excerp from the docCD:
>
> The access group options are scanned in the following order, from least
> restrictive to most restrictive:
>
> * 1. **peer* Allows time requests and NTP control queries and allows the
> system to synchronize itself to a system whose address passes the access
> list criteria.
>
> * 2. **serve* Allows time requests and NTP control queries, but does not
> allow the system to synchronize itself to a system whose address passes the
> access list criteria.
>
> * 3. **serve-only* Allows only time requests from a system whose address
> passes the access list criteria.
>
> * 4. **query-only* Allows only NTP control queries from a system whose
> address passes the access list criteria.
>
> More here:
>
>
> http://www.cisco.com/en/US/docs/ios/netmgmt/configuration/guide/nm_basic_sys
> _
> manage_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1034942
> --
> CCIE #19963
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>
>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net

Received on Sun May 30 2010 - 23:12:33 ART

This archive was generated by hypermail 2.2.0 : Tue Jun 01 2010 - 07:09:54 ART