cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
25454
Views
15
Helpful
4
Replies

NTP access-group

snarayanaraju
Level 4
Level 4

Hi Experts,

I need your help to understand the logic behind the NTP access restriction. I learned that, NTP access-list as follows:

1. peer - Allows time requests and NTP control queries and allows the switch to synchronize itself to a device whose address passes the access list criteria.

2. serve - Allows time requests and NTP control queries, but does not allow the switch to synchronize itself to a device whose address passes the access list criteria.

3. serve-only - Allows only time requests from a device whose address passes the access list criteria.

4. query-only - Allows only NTP control queries from a device whose address passes the access list criteria.

Okay with this above explanation, I want to know

1. What is NTP control queries

2. When access-group "serve" is configured in ROUTER-A, the defination states that it will "allow time request and control queries but does not allow the switch to synchronize itself to a device". How it is possible to provie time to a device without synchronizing with it?

Can you please help me in clarifying this

Sairam

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Sairam,

NTP peering means that both devices compare their NTP status and the better wins and the other accepts the better NTP information.

So this is a mutual bidirectional relationship.

Configuring NTP server means that you provide with ACLs a list of possible clients.

that is the serve option is used on an NTP server device to specify allowed NTP clients that can query it.

This is the sense it doesn't allow local device to accept the time source of the other device even if it is better then the local one.

You are reading this link I suppose

http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_10.html#wp1090935

For NTP messages types you can use

http://www.faqs.org/rfcs/rfc1305.html

Hope to help

Giuseppe

Hi Giuseppe,

Your explanation was good. But I was not able to know what for Control query message are used and How it is different from request/response message. (RFC pages was vast and i find difficult to read each line by line)

While searching for the details, I found the below link seems to shed some lights

http://blog.internetworkexpert.com/2008/07/28/ntp-access-control/

Just a thought to share with you

Thanks

sairam

Hello Sairam,

yes the RFC is quite long and I admit I haven't read it too.

thanks for the link.

Of course that web site can be helpful for your studies.

As I wrote in other threads you need to focus on the concepts and on router configuration.

Best Regards

Giuseppe

That INE blog link is great - thanks.

Review Cisco Networking for a $25 gift card