[c-nsp] NTP on a 3750 & 2970

Kevin Graham kgraham at industrial-marshmallow.com
Tue Jun 12 12:24:25 EDT 2012


This would either require a severely broken client (that isn't discarding 0 timestamps), or a server that is setting them prior to being initialized. Most likely it'd be due to erroneous configuration (as earlier cited), declaring the local clock to be authoritative.

I'd place a far higher priority on correcting the server's implementation (including deprecating it as a server) than standing up additional configuration to hack around it.

[sent from my mobile]

On Jun 11, 2012, at 2:22 PM, "Chuck Church" <chuckchurch at gmail.com> wrote:

> Keep in mind that SNTP clients don't do the sanity checking that normal NTP
> does, so an out of sync router could provide bad time to an SNTP client.
> I've used a time-based ACL in the past so that if the router's clock was
> before a reasonable time, it would block those packets.  I can't remember
> what the time was, but most devices boot up with a date in the last century.
> An ACL blocking all NTP inbound before this router hits Jan 1, 2012 is a
> safe way to configure it.  This assumes your router doesn't have a calendar.
> 
> Chuck
> 
> 
> -----Original Message-----
> From: cisco-nsp-bounces at puck.nether.net
> [mailto:cisco-nsp-bounces at puck.nether.net] On Behalf Of Aled Morris
> Sent: Monday, June 11, 2012 4:43 PM
> To: Peter Rathlev
> Cc: cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] NTP on a 3750 & 2970
> 
> On 11 June 2012 18:00, Peter Rathlev <peter at rathlev.dk> wrote:
> 
>> You need "ntp master" command to enable others to sync with this switch.
>> 
> 
> Any IOS device that is in NTP sync will act as an NTP server.
> 
> You only need to set "ntp master" if the switch has a free-running clock
> i.e. not synchronized to an NTP source.
> 
> Aled
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



More information about the cisco-nsp mailing list