Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
499
Views
0
Helpful
0
Replies

NTP Access Control

Netmart
Level 3
Level 3

‎08-20-2015 08:05 AM - edited ‎03-03-2019 07:57 AM

Recently, I tried to introduce NTP Access control by issuing the ntp access-group peer and server-only parameters.

First, all looked fine; the declared NTP servers (ASR1001) responded to NTP requests of their NTP clients (LAN) and were also able to sync with external servers (pool.ntp.org).

After running NTP access control for approximately 30 minutes, the two ASR routers were not able to communicate with external NTP servers.

The only way to get it working again was to remove NTP access control.

Software version

Cisco IOS XE Software, Version 03.12.01.S - Standard Support Release

Cisco IOS Software, ASR1000 Software (X86_64_LINUX_IOSD-UNIVERSALK9-M), Version 15.4(2)S1, RELEASE SOFTWARE (fc4)

 

 

Below you will find an extract of the configuration.

router1:

ntp peer <router2>

access-list 1990 remark **********Start NTP Peer********

access-list 1990 permit <router2>

access-list 1990 remark **********End NTP Peer**********

ntp access-group peer 1990

 

ntp source Loopback 0

 

access-list 1991 remark **********Start NTP Serve-Only********

access-list 1991 permit <subnet A>

access-list 1991 permit <subnet B>

:

access-list 1991 remark **********End NTP Serve-Only**********

ntp access-group serve-only 1991

 

ntp server <1.ntp.org>

ntp server <2.ntp.org.

 

I was wondering, whether this problem refers to a software or configuration related issue.

Please advise

 

Thank you

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents