07-25-2024 10:26 PM
Hi Team,
Already we have NTP configuration for my switches and NTP server is windows machine.
after applying below configuration in my couple of switches, seeing the message "NTP Core (NOTICE): ntp_receive: dropping message: restricted"
ntp logging
ntp allow mode control 3
ntp server 10.20.1.10 prefer (Windows Server)
ntp access-group peer /query-only NTP
ip access-list extended NTP
10 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.10 eq ntp
20 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.11 eq ntp
30 permit udp host 10.20.1.10 eq ntp 10.10.1.64 0.0.0.63 eq ntp
40 permit udp host 10.20.1.11 eq ntp 10.10.1.64 0.0.0.63 eq ntp
50 deny ip any any
Please help me out for fixing the issue.
07-25-2024 11:48 PM
Are you looking to contact NTP Server from switch for testing remove below line see if that works.
no ntp access-group peer /query-only NTP
Once that is working and confirmed, what is the switch IP and you can use using source IP to reach NTP Server.
in that ACL do you see the source IP is part of the ACL ?
If you looking only NTP using only source you can simply add any to destination 10.20.1.10
Look at some example :
https://ine.com/blog/2008-07-28-ntp-access-control
07-26-2024 05:13 AM
Hi Balaji,
Thanks for reply.
while enabling ntp access-group peer NTP then getting error "NTP Core (NOTICE): ntp_receive: dropping message: restricted"But under access list, NTP server is allowed.
07-26-2024 12:12 PM
So when you enabling you getting that Error (so i take it when there is no ACL it works - please confirm ?)
we know the destination NTP Server from config - that is 10.20.1.10 , what is the source of the device you looking to connect from device IP ? is that matches that ACL.
you can also try any source destination ntp host 10.20.1.10 eq ntp (allow)
07-25-2024 09:57 PM
Hi Team,
Already we have NTP configuration for my switches and NTP server is windows machine.
after applying below configuration in my couple of switches, seeing the message "NTP Core (NOTICE): ntp_receive: dropping message: restricted"
ntp logging
ntp allow mode control 3
ntp server 10.20.1.10 prefer (Windows Server)
ntp access-group peer /query-only NTP
ip access-list extended NTP
10 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.10 eq ntp
20 permit udp 10.10.1.64 0.0.0.63 eq ntp host 10.20.1.11 eq ntp
30 permit udp host 10.20.1.10 eq ntp 10.10.1.64 0.0.0.63 eq ntp
40 permit udp host 10.20.1.11 eq ntp 10.10.1.64 0.0.0.63 eq ntp
50 deny ip any any
Please help me out for fixing the issue.
07-26-2024 05:18 AM
debug ntp packet
see for which IP NTP come, are this IP include in ACL
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide