NTP access group on the NTP client
we will use ntp access-group serve-only 15
- Peer: Peer access-groups allow both request and control queries to be processed meaning the router will be allowed to update its time from the allowed peers.
- Query-only: This only allows control queries to be accepted, control queries don’t actually the effect the date/time so I’m going to skip this one. See RFC 1305 for addition information about this.
- Serve: Allows the router to reply to request as well as control queries.
- Serve-only: Does not allow control queries and only replies to NTP requests.
access-list 15 remark NTP Peer Only ACL
access-list 15 permit host %{NTP_SERVER_PRIMARY}%
access-list 15 permit host %{NTP_SERVER_SECONDARY}%
access-list 15 deny any log
!
access-list 16 remark NTP Serve Only ACL
access-list 16 permit %{CLIENT_NETWORK}% %{CLIENT_WILDCARD}%
access-list 16 deny any log
!
ntp source %{NTP_SOURCE_INT}%
!
ntp authentication-key %{NTP_KEY_ID}% md5 %{NTP_KEY}%
ntp trusted-key %{NTP_KEY_ID}%
ntp authenticate
!
ntp access-group peer 15
ntp access-group serve-only 16
!
ntp server %{NTP_SERVER_PRIMARY}% key %{NTP_KEY_ID}% prefer
ntp server %{NTP_SERVER_SECONDARY}% key %{NTP_KEY_ID}%
!
ntp logging
ntp max-associations 4
沒有留言:
張貼留言