From 80403e15319a9e9d9ee067f3517d55460587a21a Mon Sep 17 00:00:00 2001
From: chhan11 <zbcchhan11@zbc.dk>
Date: Sun, 4 Jun 2017 22:51:49 +0200
Subject: [PATCH] ntp.tex

---
 chapter/ntp.tex | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/chapter/ntp.tex b/chapter/ntp.tex
index 452ec5b..1684497 100644
--- a/chapter/ntp.tex
+++ b/chapter/ntp.tex
@@ -61,9 +61,10 @@ A select number of Cisco switches support synchronization with the hardware cloc
 	access-list 20 remark Hosts/Networks we allow to get time from us
 	access-list 20 permit 192.0.2.0 0.0.0.255
 	access-list 20 deny any
-	
 \end{cisco}
 
+\textbf{Beware} when running a cisco node as \gls{ntp} master and are using access-list to restrict possible clients/peers. You need to allow 127.127.[0-255].1 in the access-list\footnote{The 3rd octet will vary depending on the node.}. This because the master NTP node in the network uses this \gls{ipv4} address as internal master.
+
 \section{Secure NTP}
 
 \subsection{Characteristics}
@@ -92,5 +93,5 @@ Generally today \gls{ntp}v3 or v4 is found. The difference to v4 \textit{(amongs
 	\item support for \gls{ipv6}.
 	\item The security in the protocol is upped to with support for X509 certs.
 	\item Automatic calculation of time-distribution\footnote{to archive high time accuracy against lowest bandwidth cost} in  a network based upon specific multicast groups leveraging v6 site-local multicast addresses.
+	\item \cliline{network-node(config)# ntp-server \textit{\gls{ipv6}-addr} version 4}
 \end{itemize}
-