Re: NTP Vulnerability for Cisco router 28000

Sriinuvas · ‎06-24-2023

Hi Firends,

We wants to apply NTP Vulnerability fix in cisco router, below are the requirement and do the needful.

1. We want to use NTP server as Microsoft (Cloud), means want to do client configuration on Cisco router.

2. no other NTP server should not communicate (May be need some access list, so that my router should reach-out only Microsoft NTP server only, not any other could NTP server.

Please help me for sample configuration.

Thanks in Advance,

Srinivas.

Flavio Miranda · ‎06-24-2023

Hi

Basically you need

conf t

clock timezone GMT- (your GMT)
ntp peer <Microsoft NTP> prefer normal-sync

This should be enough. For ACL but if you need to add

access-list xx permit udp host <your router> <Microsoft NTP> eq ntp

Srinivas N · ‎06-24-2023

Thanks for your response and is it should be in wan interface?

If possible, please help me with configuration in global part and interface part.

Thanks & Regards, Srinivas. N.

Flavio Miranda · ‎06-24-2023

On the wan interface you can to

int Gix/x

access-group xx in

Srinivas N · ‎06-24-2023

Thanks Flavio, will try and confirm you.

Thanks & Regards, Srinivas. N.

Flavio Miranda · ‎06-24-2023

Only keep in mind that the ACL may need to be more complex then that in order to handle other trafffics. I am considering only ntp