[c-nsp] Use NTP server for syncing but do not respond to NTP requests
Phil Mayers
p.mayers at imperial.ac.uk
Sat Mar 22 13:02:38 EDT 2014
On 22/03/2014 16:10, Nick Hilliard wrote:
> On 22/03/2014 15:31, Andrew Clark wrote:
>> Take a look at NTP access-groups. You can control access for each
>> aspect (server, peer, etc). Details here:
>
> CSCuj66318: "15.2 ntp allows query with access-group configured"
Gee, it's a good job Cisco have a strong control-plane filtering feature
on all platforms, without any horrible caveats like conflating glean and
receive traffic, or matching outer MPLS label rather than inner IP
header in L3VPN setups, and without crazy maintenance overhead of
building an ACL with all local receive adjacencies in it!
Oh wait...
More information about the cisco-nsp
mailing list