From 5f13158d0e52a3f5b85de605249d0ea5d791ba66 Mon Sep 17 00:00:00 2001 From: chhan11 Date: Fri, 30 Jun 2017 22:24:28 +0200 Subject: [PATCH] Added section header PTP --- README.md | 1 + acronyms.tex | 1 + chapter/ntp.tex | 52 +++++++++++++++++++++------------------- references-wikipedia.bib | 26 +++++++++++++------- 4 files changed, 47 insertions(+), 33 deletions(-) diff --git a/README.md b/README.md index 8f4bc9b..774db74 100644 --- a/README.md +++ b/README.md @@ -52,6 +52,7 @@ ## NTP - [ ] NTP - [ ] Simple NTP (SNTP) +- [ ] PTP ## FHRP - [ ] GLBP (cisco proprietary) diff --git a/acronyms.tex b/acronyms.tex index 4eb4f94..92884f5 100644 --- a/acronyms.tex +++ b/acronyms.tex @@ -109,6 +109,7 @@ \newacronym{poe}{PoE}{Power over Ethernet} \newacronym{poe+}{PoE+}{Power over Ethernet Plus} \newacronym{pop3}{POP3}{Post Office Protocol} +\newacronym{ptp}{PTP}{Precision Time Protocol} \newacronym{pvrst}{PVRST}{Per Vlan Rapid Spanning Tree} \newacronym{pvrst+}{PVRST+}{Per Vlan Rapid Spanning Tree Plus} \newacronym{pvst}{PVST}{Per Vlan Spanning Tree} diff --git a/chapter/ntp.tex b/chapter/ntp.tex index a941e79..5fd2918 100644 --- a/chapter/ntp.tex +++ b/chapter/ntp.tex @@ -37,30 +37,30 @@ A select number of Cisco switches support synchronization with the hardware cloc \textbf{Team Cymru} has a nice template for how to enable \gls{ntp} \textbf{with} \textit{access control} on \gls{ios} and \gls{junos}\footnote{\url{https://www.team-cymru.org/secure-ntp-template.html}}. Shown below is a copy of the \gls{ios} example from Cymrus website. \begin{cisco} - ! Core NTP configuration - ntp update-calendar ! update hardware clock (certain hardware only, i.e. 6509s) - ntp server 192.0.2.1 ! a time server you sync with - ntp peer 192.0.2.2 ! a time server you sync with and allow to sync to you - ntp source Loopback0 ! we recommend using a loopback interface for sending NTP messages if possible - ! - ! NTP access control - ntp access-group query-only 1 ! deny all NTP control queries - ntp access-group serve 1 ! deny all NTP time and control queries by default - ntp access-group peer 10 ! permit time sync to configured peer(s)/server(s) only - ntp access-group serve-only 20 ! permit NTP time sync requests from a select set of clients - ! - ! access control lists (ACLs) - access-list 1 remark utility ACL to block everything - access-list 1 deny any - ! - access-list 10 remark NTP peers/servers we sync to/with - access-list 10 permit 192.0.2.1 - access-list 10 permit 192.0.2.2 - access-list 10 deny any - ! - access-list 20 remark Hosts/Networks we allow to get time from us - access-list 20 permit 192.0.2.0 0.0.0.255 - access-list 20 deny any +! Core NTP configuration +ntp update-calendar ! update hardware clock (certain hardware only, i.e. 6509s) +ntp server 192.0.2.1 ! a time server you sync with +ntp peer 192.0.2.2 ! a time server you sync with and allow to sync to you +ntp source Loopback0 ! we recommend using a loopback interface for sending NTP messages if possible +! +! NTP access control +ntp access-group query-only 1 ! deny all NTP control queries +ntp access-group serve 1 ! deny all NTP time and control queries by default +ntp access-group peer 10 ! permit time sync to configured peer(s)/server(s) only +ntp access-group serve-only 20 ! permit NTP time sync requests from a select set of clients +! +! access control lists (ACLs) +access-list 1 remark utility ACL to block everything +access-list 1 deny any +! +access-list 10 remark NTP peers/servers we sync to/with +access-list 10 permit 192.0.2.1 +access-list 10 permit 192.0.2.2 +access-list 10 deny any +! +access-list 20 remark Hosts/Networks we allow to get time from us +access-list 20 permit 192.0.2.0 0.0.0.255 +access-list 20 deny any \end{cisco} \textbf{Beware} when running a cisco node as \gls{ntp} master and are using access-list to restrict possible clients/peers. You need to allow 127.127.[0-255].1 in the access-list\footnote{The 3rd octet will vary depending on the node.}. This because the master NTP node in the network uses this \gls{ipv4} address as internal master. @@ -99,3 +99,7 @@ A select number of Cisco switches support synchronization with the hardware cloc %\end{itemize} % %\textbf{Beware} when using \gls{sntp} that \gls{ntp} cannot be used. The same \gls{udp} port is used. + +\section[PTP]{Precision Time Protocol} + +\gls{ieee} 1588v2 \ No newline at end of file diff --git a/references-wikipedia.bib b/references-wikipedia.bib index 2b626d1..3e6d30f 100644 --- a/references-wikipedia.bib +++ b/references-wikipedia.bib @@ -8,7 +8,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Link\%20Layer\%20Discovery\%20Protocol&oldid=755990989}}, note = "[Online; accessed 04-June-2017]" -} + } @misc{ wiki:Cisco_Discovery_Protocol, author = "Wikipedia", @@ -16,7 +16,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Cisco\%20Discovery\%20Protocol&oldid=779112658}}, note = "[Online; accessed 04-June-2017]" -} + } @misc{ wiki:CDP_Spoofing, author = "Wikipedia", @@ -24,7 +24,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=CDP\%20Spoofing&oldid=740946635}}, note = "[Online; accessed 04-June-2017]" -} + } @misc{ wiki:Simple_Network_Management_Protocol, author = "Wikipedia", @@ -32,7 +32,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Simple\%20Network\%20Management\%20Protocol&oldid=783942828}}, note = "[Online; accessed 05-June-2017]" -} + } @misc{ wiki:Category:First-hop_redundancy_protocols, author = "Wikipedia", @@ -40,7 +40,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Category\%3AFirst-hop\%20redundancy\%20protocols&oldid=775231579}}, note = "[Online; accessed 09-June-2017]" -} + } @misc{ wiki:Common_Address_Redundancy_Protocol, author = "Wikipedia", @@ -48,7 +48,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Common\%20Address\%20Redundancy\%20Protocol&oldid=767510512}}, note = "[Online; accessed 11-June-2017]" -} + } @misc{ wiki:ARPANET, author = "Wikipedia", @@ -56,7 +56,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=ARPANET&oldid=783213190}}, note = "[Online; accessed 17-June-2017]" -} + } @misc{ wiki:Internet_transit, author = "Wikipedia", @@ -64,7 +64,7 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Internet\%20transit&oldid=744538259}}, note = "[Online; accessed 18-June-2017]" -} + } @misc{ wiki:Border_Gateway_Protocol, author = "Wikipedia", @@ -72,4 +72,12 @@ year = "2017", howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Border\%20Gateway\%20Protocol&oldid=785954244}}, note = "[Online; accessed 18-June-2017]" -} \ No newline at end of file + } + +@misc{ wiki:Precision_Time_Protocol, + author = "Wikipedia", + title = "{Precision Time Protocol} --- {W}ikipedia{,} The Free Encyclopedia", + year = "2017", + howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Precision\%20Time\%20Protocol&oldid=778243103}}, + note = "[Online; accessed 30-June-2017]" + }