[c-nsp] NTP on a 3750 & 2970
Chuck Church
chuckchurch at gmail.com
Mon Jun 11 17:22:36 EDT 2012
Keep in mind that SNTP clients don't do the sanity checking that normal NTP
does, so an out of sync router could provide bad time to an SNTP client.
I've used a time-based ACL in the past so that if the router's clock was
before a reasonable time, it would block those packets. I can't remember
what the time was, but most devices boot up with a date in the last century.
An ACL blocking all NTP inbound before this router hits Jan 1, 2012 is a
safe way to configure it. This assumes your router doesn't have a calendar.
Chuck
-----Original Message-----
From: cisco-nsp-bounces at puck.nether.net
[mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aled Morris
Sent: Monday, June 11, 2012 4:43 PM
To: Peter Rathlev
Cc: cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] NTP on a 3750 & 2970
On 11 June 2012 18:00, Peter Rathlev <peter at rathlev.dk> wrote:
> You need "ntp master" command to enable others to sync with this switch.
>
Any IOS device that is in NTP sync will act as an NTP server.
You only need to set "ntp master" if the switch has a free-running clock
i.e. not synchronized to an NTP source.
Aled
_______________________________________________
cisco-nsp mailing list cisco-nsp at puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list