mirror of
https://gitlab.com/netravnen/NetworkLabNotes.git
synced 2024-12-23 20:57:53 +00:00
Added section header PTP
This commit is contained in:
parent
00355f4cfe
commit
5f13158d0e
|
@ -52,6 +52,7 @@
|
|||
## NTP
|
||||
- [ ] NTP
|
||||
- [ ] Simple NTP (SNTP)
|
||||
- [ ] PTP
|
||||
|
||||
## FHRP
|
||||
- [ ] GLBP (cisco proprietary)
|
||||
|
|
|
@ -109,6 +109,7 @@
|
|||
\newacronym{poe}{PoE}{Power over Ethernet}
|
||||
\newacronym{poe+}{PoE+}{Power over Ethernet Plus}
|
||||
\newacronym{pop3}{POP3}{Post Office Protocol}
|
||||
\newacronym{ptp}{PTP}{Precision Time Protocol}
|
||||
\newacronym{pvrst}{PVRST}{Per Vlan Rapid Spanning Tree}
|
||||
\newacronym{pvrst+}{PVRST+}{Per Vlan Rapid Spanning Tree Plus}
|
||||
\newacronym{pvst}{PVST}{Per Vlan Spanning Tree}
|
||||
|
|
|
@ -37,30 +37,30 @@ A select number of Cisco switches support synchronization with the hardware cloc
|
|||
\textbf{Team Cymru} has a nice template for how to enable \gls{ntp} \textbf{with} \textit{access control} on \gls{ios} and \gls{junos}\footnote{\url{https://www.team-cymru.org/secure-ntp-template.html}}. Shown below is a copy of the \gls{ios} example from Cymrus website.
|
||||
|
||||
\begin{cisco}
|
||||
! Core NTP configuration
|
||||
ntp update-calendar ! update hardware clock (certain hardware only, i.e. 6509s)
|
||||
ntp server 192.0.2.1 ! a time server you sync with
|
||||
ntp peer 192.0.2.2 ! a time server you sync with and allow to sync to you
|
||||
ntp source Loopback0 ! we recommend using a loopback interface for sending NTP messages if possible
|
||||
!
|
||||
! NTP access control
|
||||
ntp access-group query-only 1 ! deny all NTP control queries
|
||||
ntp access-group serve 1 ! deny all NTP time and control queries by default
|
||||
ntp access-group peer 10 ! permit time sync to configured peer(s)/server(s) only
|
||||
ntp access-group serve-only 20 ! permit NTP time sync requests from a select set of clients
|
||||
!
|
||||
! access control lists (ACLs)
|
||||
access-list 1 remark utility ACL to block everything
|
||||
access-list 1 deny any
|
||||
!
|
||||
access-list 10 remark NTP peers/servers we sync to/with
|
||||
access-list 10 permit 192.0.2.1
|
||||
access-list 10 permit 192.0.2.2
|
||||
access-list 10 deny any
|
||||
!
|
||||
access-list 20 remark Hosts/Networks we allow to get time from us
|
||||
access-list 20 permit 192.0.2.0 0.0.0.255
|
||||
access-list 20 deny any
|
||||
! Core NTP configuration
|
||||
ntp update-calendar ! update hardware clock (certain hardware only, i.e. 6509s)
|
||||
ntp server 192.0.2.1 ! a time server you sync with
|
||||
ntp peer 192.0.2.2 ! a time server you sync with and allow to sync to you
|
||||
ntp source Loopback0 ! we recommend using a loopback interface for sending NTP messages if possible
|
||||
!
|
||||
! NTP access control
|
||||
ntp access-group query-only 1 ! deny all NTP control queries
|
||||
ntp access-group serve 1 ! deny all NTP time and control queries by default
|
||||
ntp access-group peer 10 ! permit time sync to configured peer(s)/server(s) only
|
||||
ntp access-group serve-only 20 ! permit NTP time sync requests from a select set of clients
|
||||
!
|
||||
! access control lists (ACLs)
|
||||
access-list 1 remark utility ACL to block everything
|
||||
access-list 1 deny any
|
||||
!
|
||||
access-list 10 remark NTP peers/servers we sync to/with
|
||||
access-list 10 permit 192.0.2.1
|
||||
access-list 10 permit 192.0.2.2
|
||||
access-list 10 deny any
|
||||
!
|
||||
access-list 20 remark Hosts/Networks we allow to get time from us
|
||||
access-list 20 permit 192.0.2.0 0.0.0.255
|
||||
access-list 20 deny any
|
||||
\end{cisco}
|
||||
|
||||
\textbf{Beware} when running a cisco node as \gls{ntp} master and are using access-list to restrict possible clients/peers. You need to allow 127.127.[0-255].1 in the access-list\footnote{The 3rd octet will vary depending on the node.}. This because the master NTP node in the network uses this \gls{ipv4} address as internal master.
|
||||
|
@ -99,3 +99,7 @@ A select number of Cisco switches support synchronization with the hardware cloc
|
|||
%\end{itemize}
|
||||
%
|
||||
%\textbf{Beware} when using \gls{sntp} that \gls{ntp} cannot be used. The same \gls{udp} port is used.
|
||||
|
||||
\section[PTP]{Precision Time Protocol}
|
||||
|
||||
\gls{ieee} 1588v2
|
|
@ -8,7 +8,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Link\%20Layer\%20Discovery\%20Protocol&oldid=755990989}},
|
||||
note = "[Online; accessed 04-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:Cisco_Discovery_Protocol,
|
||||
author = "Wikipedia",
|
||||
|
@ -16,7 +16,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Cisco\%20Discovery\%20Protocol&oldid=779112658}},
|
||||
note = "[Online; accessed 04-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:CDP_Spoofing,
|
||||
author = "Wikipedia",
|
||||
|
@ -24,7 +24,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=CDP\%20Spoofing&oldid=740946635}},
|
||||
note = "[Online; accessed 04-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:Simple_Network_Management_Protocol,
|
||||
author = "Wikipedia",
|
||||
|
@ -32,7 +32,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Simple\%20Network\%20Management\%20Protocol&oldid=783942828}},
|
||||
note = "[Online; accessed 05-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:Category:First-hop_redundancy_protocols,
|
||||
author = "Wikipedia",
|
||||
|
@ -40,7 +40,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Category\%3AFirst-hop\%20redundancy\%20protocols&oldid=775231579}},
|
||||
note = "[Online; accessed 09-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:Common_Address_Redundancy_Protocol,
|
||||
author = "Wikipedia",
|
||||
|
@ -48,7 +48,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Common\%20Address\%20Redundancy\%20Protocol&oldid=767510512}},
|
||||
note = "[Online; accessed 11-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:ARPANET,
|
||||
author = "Wikipedia",
|
||||
|
@ -56,7 +56,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=ARPANET&oldid=783213190}},
|
||||
note = "[Online; accessed 17-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:Internet_transit,
|
||||
author = "Wikipedia",
|
||||
|
@ -64,7 +64,7 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Internet\%20transit&oldid=744538259}},
|
||||
note = "[Online; accessed 18-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:Border_Gateway_Protocol,
|
||||
author = "Wikipedia",
|
||||
|
@ -72,4 +72,12 @@
|
|||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Border\%20Gateway\%20Protocol&oldid=785954244}},
|
||||
note = "[Online; accessed 18-June-2017]"
|
||||
}
|
||||
}
|
||||
|
||||
@misc{ wiki:Precision_Time_Protocol,
|
||||
author = "Wikipedia",
|
||||
title = "{Precision Time Protocol} --- {W}ikipedia{,} The Free Encyclopedia",
|
||||
year = "2017",
|
||||
howpublished = {\url{http://en.wikipedia.org/w/index.php?title=Precision\%20Time\%20Protocol&oldid=778243103}},
|
||||
note = "[Online; accessed 30-June-2017]"
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue