Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

NTP Question

I am trying to secure NTP for our network. From the A Router, I would like to only pull time from the USNO and I would like to allow only B router to poll A Router for time. I have set-up an ACL on A Router to "serve-only" B Router (no problems there). I run in to the problem when I try to apply the "query" or "query-only" ACL on the A router facing the USNO. It loses sync everytime. It only stays active if "peer" is used but I thought that may be to much. Any suggestions?

(USNO)----(A Router)----(B Router)

1 REPLY
New Member

Re: NTP Question

Unfortunately I don't have an answer for this problem; however, I can confirm that this problem is not unique to your setup. With my 7206 I replicated your same issue. I'm guessing that I am misinterpreting Cisco's implementation of the query-only access control. I suspect that the only way for this to work properly is for you to use it in peer mode.

Another possibility is to setup a key exchange (authentication/hash/encryption) with another trusted entity. Perhaps USNO can setup an agreement with you or recommend someone else?

Cheers,

-JGR

Reference:

Cisco NTP peer and server:

http://tinyurl.com/n8vuj

Cisco NTP Access-group

http://tinyurl.com/qjcnv

Description of NTP modes (+control query):

http://java.apress.com/betabooks/bb_content/18/0359_ch04_BETA.html

124
Views
0
Helpful
1
Replies
CreatePlease to create content