Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
261
Views
0
Helpful
5
Replies

NTP Core (NOTICE): ntp_receive: dropping message: restricted

Srinivas N
Level 1
Level 1

‎07-25-2024 10:26 PM

Hi Team,

Already we have NTP configuration for my switches and NTP server is windows machine.

after applying below configuration in my couple of switches, seeing the message "NTP Core (NOTICE): ntp_receive: dropping message: restricted"

ntp logging
ntp allow mode control 3
ntp server 10.20.1.10 prefer (Windows Server)
ntp access-group peer /query-only NTP

ip access-list extended NTP
10 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.10 eq ntp
20 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.11 eq ntp
30 permit udp host 10.20.1.10 eq ntp 10.10.1.64 0.0.0.63 eq ntp
40 permit udp host 10.20.1.11 eq ntp 10.10.1.64 0.0.0.63 eq ntp
50 deny ip any any

Please help me out for fixing the issue.

Thanks & Regards, Srinivas. N.
Labels:
0 Helpful
5 Replies 5

balaji.bandi
Hall of Fame
Hall of Fame

‎07-25-2024 11:48 PM

Are you looking to contact NTP Server from switch for testing remove below line see if that works.

no ntp access-group peer /query-only NTP

Once that is working and confirmed, what is the switch IP and you can use using source IP to reach NTP Server.

in that ACL do you see the source IP is part of the ACL ?

If you looking only NTP using only source you can simply add any to destination 10.20.1.10 

Look at some example :

https://ine.com/blog/2008-07-28-ntp-access-control

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Srinivas N
Level 1
Level 1
In response to balaji.bandi

‎07-26-2024 05:13 AM

Hi Balaji,

Thanks for reply.

while enabling ntp access-group peer NTP then getting error "NTP Core (NOTICE): ntp_receive: dropping message: restricted"But under access list, NTP server is allowed.

 

Thanks & Regards, Srinivas. N.
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame
In response to Srinivas N

‎07-26-2024 12:12 PM

So when you enabling you getting that Error (so i take it when there is no ACL it works - please confirm ?)

we know the destination NTP Server from config  - that is 10.20.1.10 , what is the source of the device you looking to connect from device IP ? is that matches that ACL.

you can also try any source destination  ntp host 10.20.1.10 eq ntp (allow)

 

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Sriinuvas
Level 1
Level 1

‎07-25-2024 09:57 PM

Hi Team,

Already we have NTP configuration for my switches and NTP server is windows machine.

after applying below configuration in my couple of switches, seeing the message "NTP Core (NOTICE): ntp_receive: dropping message: restricted"

ntp logging
ntp allow mode control 3
ntp server 10.20.1.10 prefer (Windows Server)
ntp access-group peer /query-only NTP

ip access-list extended NTP
10 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.10 eq ntp
20 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.11 eq ntp
30 permit udp host 10.20.1.10 eq ntp 10.10.1.64 0.0.0.63 eq ntp
40 permit udp host 10.20.1.11 eq ntp 10.10.1.64 0.0.0.63 eq ntp
50 deny ip any any

Please help me out for fixing the issue.

0 Helpful

MHM Cisco World
VIP
VIP
In response to Sriinuvas

‎07-26-2024 05:18 AM

debug ntp packet 

see for which IP NTP come, are this IP include in ACL

MHM

0 Helpful
Customers Also Viewed These Support Documents