[c-nsp] Problem encountered while securing NTP

Jeff Kell jeff-kell at utc.edu
Thu Oct 8 10:33:09 EDT 2009

While we're on the subject, I came in this morning to find our core 6500
out of NTP sync.  Checking the associations, a local host was in the
list as a "dynamic" association, with an invalid time.

I was under the (apparently incorrect) assumption that IOS would not
accept unsolicited/unconfigured NTP control requests from anyone... as I
haven't revisited my NTP configuration in years.

The IOS in question (12.2(33)SXI2) does not have a "ntp broadcast
client" option I can simply turn off, as the generic NTP configuration

The access-group documentation is a bit confusing...

I'd like to have control requests restricted to my configured 'ntp
server' list, but allow queries from anyone, and certainly not accept
NTP updates from unsolicited sources.

Does anyone have a nice, canned NTP config to accomplish this goal they
would care to share? 



More information about the cisco-nsp mailing list