Our Infosec team send us a vulnerability list, in which one was disable ntp queries.
Currently i dont have an acl on ntp, it is just configured as ntp server x.x.x.x source port-channel 1.1.
How do i disable ntp queries and what all command i need to do?
Go to Solution.
About NTP, you can implement ACLs to secure your NTP service, you can allow traffic from a source and deny the rest, for example:
I have 3 routers (R1, R2, R3 and R4) -> R2 (10.1.0.1), R3 (10.2.0.2) and R4 (10.3.0.3)
Then on R1:
R1(config)#access-list 1 permit 10.1.0.1 logR1(config)#access-list 1 permit 10.2.0.2 log R1(config)#access-list 1 deny any logR1(config)#ntp access-group peer 1
and the output:
%SEC-6-IPACCESSLOGNP: list 1 denied 0 10.3.0.3 -> 0.0.0.0, 30 packets%SEC-6-IPACCESSLOGNP: list 1 permitted 0 10.1.0.1 -> 0.0.0.0, 1 packet%SEC-6-IPACCESSLOGNP: list 1 permitted 0 10.2.0.2 -> 0.0.0.0, 1 packet
Hope it helps,
View solution in original post
I found this link very informative:
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: