Ntp Configuration

ali_alavi · ‎06-08-2017

Hello ,

I have Two questions about ntp Configuration:

first :
If we wana ntp gets the information only by NTP window server, Is the configuration on Switch is Correct :

NTP window server IP : 172.20.70.5

Switch# configure terminal
Switch(config)# ntp access-group peer 20
Switch(config)# access-list 20 permit 172.20.70.5
Switch(config)# end
Switch#

Second :

Should we disable ntp on other interface for security :
Ntp disable { in all access ports }

Thank you so much for your time to respond my questions

Kind Regards,

Reza Sharifi · ‎06-08-2017

Hi,

The config looks correct. Also, ntp is a global command and not interface based. So, with an access list you should be fine.

HTH

joselgo2 · ‎06-08-2017

Hi Ali!

First: Verifying your configuration, is missing that you enter the command

(config)#ntp server 172.20.70.5,

and you can see with #show clock if the time is correct.

Second: You can disable the ntp by interface with the next command.

Router#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface Serial0/1
Router(config-if)#ntp disable
Router(config-if)#end
Router#

You can also prevent the router from providing NTP services on an individual interface with access control lists:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 107 deny udp any eq 123 any eq 123
Router(config)#access-list 107 permit ip any any 
Router(config)#interface Serial0/1
Router(config-if)#ip access-group 107 in
Router(config-if)#end
Router#