1
0
Fork 0
mirror of https://gitlab.com/netravnen/NetworkLabNotes.git synced 2024-12-23 20:57:53 +00:00
This commit is contained in:
chhan11 2017-06-04 22:51:49 +02:00
parent a25f5b021c
commit 80403e1531

View file

@ -61,9 +61,10 @@ A select number of Cisco switches support synchronization with the hardware cloc
access-list 20 remark Hosts/Networks we allow to get time from us
access-list 20 permit 192.0.2.0 0.0.0.255
access-list 20 deny any
\end{cisco}
\textbf{Beware} when running a cisco node as \gls{ntp} master and are using access-list to restrict possible clients/peers. You need to allow 127.127.[0-255].1 in the access-list\footnote{The 3rd octet will vary depending on the node.}. This because the master NTP node in the network uses this \gls{ipv4} address as internal master.
\section{Secure NTP}
\subsection{Characteristics}
@ -92,5 +93,5 @@ Generally today \gls{ntp}v3 or v4 is found. The difference to v4 \textit{(amongs
\item support for \gls{ipv6}.
\item The security in the protocol is upped to with support for X509 certs.
\item Automatic calculation of time-distribution\footnote{to archive high time accuracy against lowest bandwidth cost} in a network based upon specific multicast groups leveraging v6 site-local multicast addresses.
\item \cliline{network-node(config)# ntp-server \textit{\gls{ipv6}-addr} version 4}
\end{itemize}