Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

NTP issue in 15.2(4)

I'm trying to configure our router to be both an NTP client and server for clients on our network.  I believe that I'm running into a bug.

 

My configuration is:

 

access-list 1 remark Restrict NTP to local networks
access-list 1 permit 207.x.y.0 0.0.15.255
access-list 1 permit 10.0.0.0 0.255.255.255

access-list 2 remark NTP sync with specified servers
access-list 2 permit 127.127.7.1
access-list 2 permit 18.26.4.105
access-list 2 permit 209.81.9.7
access-list 2 permit 192.5.41.40

 

ntp access-group peer 2
ntp access-group serve-only 1
ntp master
ntp update-calendar
ntp server 192.5.41.40
ntp server 18.26.4.105
ntp server 209.81.9.7

 

 

The router is syncing fine with the 3 NTP servers.  However, no clients can query my routers.  The only way that I can get clients to successfully query my routers for NTP is to either remove both "ntp access-group" commands (which I obviously can't do) or to add my clients to the peer access list, which is also incorrect:

access-list 2 permit 207.x.y.0 0.0.15.255
access-list 2 permit 10.0.0.0 0.255.255.255

 

It looks like NTP queries coming into the router are being checked against the "peer" ACL only and that "serve-only" is being ignored. 

If I remove "ntp access-group peer 2" and only have "ntp access-group serve-only 1" the queries still fail.

 

I found 1 previous post regarding someone having a similar issue a year ago and it didn't receive any replies.

 

1 REPLY

Hello.I believe you hit a bug

Hello.

I believe you hit a bug CSCuj66318, that is fixed in 15.2(4)M7.

I tried 15.2(4)M7 and 15.2(4)M1 - M1 behaves as you described, while M7 works fine.

81
Views
0
Helpful
1
Replies
CreatePlease login to create content