Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
578
Views
0
Helpful
5
Replies

NTP server issue

achampag
Level 1
Level 1

‎10-24-2003 11:24 AM - edited ‎03-09-2019 05:16 AM

Hi,

I use a box to provide NTP services to my routers. Using the following command

router(config)#ntp server 1.1.1.1 prefer

I configured my routers to sync with that Box. I just found out that my routers are now accepting NTP sync requests!! Is this a normal behavior? Is there a way to block NTP sync requests other then ntp disable on each interface or an access-list on every interface ?

Thanks

Alexandre Champagne

Labels:
0 Helpful
5 Replies 5

osam
Level 1
Level 1

‎10-24-2003 11:36 AM

I am not sure I understand the question. But if you want to limit NTP synchronization bnetween your router and the NTP box only. You can always define a key in between.

0 Helpful

achampag
Level 1
Level 1
In response to osam

‎10-26-2003 04:51 PM

I understand the auth process. My only problem is that now all routers that are syncing with the NTP box are now also providing NTP services for anobody who sends request to that router.

Alex

0 Helpful

osam
Level 1
Level 1
In response to achampag

‎10-26-2003 08:47 PM

These router will not provide NTP services unless you enable it as "NTP master", it will synch with the NTP box, but can not provide synch to other routers.. I am not sure I follow you.

Two things usually people take a look at,

1- In case you have other interfaces of this router connected to other parts of your network, just disable the ntp on the interface

2- Again, within your administrative network, if you have a key among your routers, other rouetrs won't be able to synch unless they know this specific key.

If you want to limit synch to certain network in spite of all that. You can look into "ntp access-group" interface command..

http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122cgcr/ffun_r/ffrprt3/frf012.htm#1018461

0 Helpful

achampag
Level 1
Level 1
In response to osam

‎10-27-2003 06:07 AM

Hi,

"These router will not provide NTP services unless you enable it as NTP master"

I agree with you that is exactly the way I assumed it would work. I'm running 12.03T on a 2500 wich syncs with the master clock. The only config I have in the 2500 is the following.

ntp server 1.1.1.1 (ntp box)

My only problem now is that I was able to sync a 7200 on that 2500 even if ntp master is nowhere to be found in the config ?.

Guess I should open a TAC case on this then !!

Alex

0 Helpful

mostiguy
Level 6
Level 6

‎10-24-2003 11:40 AM

On each interface you don't want ntp to be accessible:

ntp disable

0 Helpful
Customers Also Viewed These Support Documents