Re: NTP Control Queries

Bilal Al-Sardar · ‎10-16-2023

Hello Team!,

I would like to know if it is possible to disable NTP control queries on Catalyst switches and ISR routers.

Thanks,

balaji.bandi · ‎10-16-2023

what is the use case here - as i read part of my cert journey INE have good blog :

https://ine.com/blog/2008-07-28-ntp-access-control

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Bilal Al-Sardar · ‎10-18-2023

NTP is already configured with multiple server IPs associated with a key and MD5 authentication. we had a security assessment and we received a report that recommends disabling "NTP control queries". I have tried to use an ACL but that caused an "unsynchronised" status.

MHM Cisco World · ‎10-16-2023

Without config ntp server and ntp peer

SW or ISR not send any queries.

Bilal Al-Sardar · ‎10-18-2023

NTP is already configured with multiple servers.

balaji.bandi · ‎10-18-2023

what i am thinking,

If you have ACL which source and destination for NTP traffil allowed, that should be ok

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Bilal Al-Sardar · ‎10-22-2023

Tried this method, but i keep getting (unsynchronized) status.

MHM Cisco World · ‎10-18-2023

Hi

I think alot

There are two ways I think

1- config acl with query-only

This send ntp control for only server list in acl

2- change the mode to ntp broadcast' which is as silent mode in which server send ntp messages without any ntp from client/peer

Bilal Al-Sardar · ‎10-22-2023

Tried this method, but it keeps getting (unsynchronized) status.

MHM Cisco World · ‎10-22-2023

Which one you try

Acl with query only OR broadcast?

Bilal Al-Sardar · ‎10-22-2023

ACL only. Broadcast is not allowed in the environment.

M02@rt37 · ‎10-16-2023

Hello @Bilal Al-Sardar,

do not config NTP on your equipement !

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.