Dale,
If you do not have access to the Internet and can't connect to internet NTP
servers, what you can do is setup a master NTP router. It basically says
that this router can act as a root and you define which strata it's it (just
make that up). When you do so the router creates a virtual NTP root server
using one of it's loopback IP addresses. In this case it's 127.127.1.1.
Now if you would like to apply any NTP access control like who can query
this ntp server, who can this server sync time with...etc.. in your ACL you
have to specify 127.127.1.1 or else it won't be able to talk to that
internal server. This takes a while to expire but eventually no
communication occurs and it's not synced.
This is also referenced in
http://blog.ine.com/2008/07/28/ntp-access-control/
Hope that makes sense, I don't think that's that big of an issue in
production networks, as most will have synch with internet NTP servers, but
in the lab i don't think you'll have that.
Let me know if you have more questions.
Regards,
Tom Kacprzynski
On Mon, Nov 15, 2010 at 2:33 PM, Dale Shaw <dale.shaw_at_gmail.com> wrote:
> Hi Tom,
>
> On Tue, Nov 16, 2010 at 5:08 AM, Tom Kacprzynski <tom.kac_at_gmail.com>
> wrote:
> > I was wondering if anyone else noticed this, but I appears that Cisco
> > changes their NTP reference IP address on master NTP routers from
> > 127.127.7.1 to 127.127.1.1. Looks like this change occurs somewhere
> between
> > 12.4.15T5 and 12.4.24T2.
> >
> > How would this relate to CCIE lab? Well if you have to configure an ntp
> > access list on a master ntp router you would have to change the ip
> address
> > to 127.127.1.1 from 127.127.7.1.
>
> What configuration scenario did you envisage that would have this
> reference clock IP included in an ACL?
>
> (legitimately curious)
>
> cheers,
> Dale
Blogs and organic groups at http://www.ccie.net
Received on Mon Nov 15 2010 - 15:53:57 ART
This archive was generated by hypermail 2.2.0 : Sun Dec 05 2010 - 22:14:56 ART