Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1346
Views
0
Helpful
2
Replies

NTP Configuration

croftsd23
Level 1
Level 1

‎08-19-2020 02:04 AM

I am looking at NTP configuration and have the following configuration:-

 

ip access-list standard NTP
permit x.x.x.x
deny   any log
access-list 23 deny   any log
ntp access-group peer NTP
ntp access-group serve-only 23
ntp server  prefer x.x.x.x
 
The result I am seeing is that when I apply debug I can see downward devices getting blocked.  However, the devices do appear to be getting a response from the server.  There lies my confusion.
 
 
Labels:
0 Helpful
2 Replies 2

marce1000
VIP
VIP

‎08-19-2020 03:25 AM

 

 access-list 23 deny   any log ->  Doesn't that overall-deny match first ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

croftsd23
Level 1
Level 1
In response to marce1000

‎08-19-2020 05:20 AM

Thanks for the reply.  I see the configuration working as follows:-

 

The switch is able to peer with the NTP server but due to the deny access list, all downward devices attempting to get a time source should fail.  I see blocks in the log.  However, the devices are getting a time reply?

 

 
0 Helpful
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card