netravnen/NetworkLabNotes
1
0
Fork 0
mirror of https://gitlab.com/netravnen/NetworkLabNotes.git synced 2024-11-23 19:17:54 +00:00
Code Releases Activity

ntp.tex

Browse source
This commit is contained in:
chhan11 2017-06-04 22:51:49 +02:00
parent a25f5b021c
commit 80403e1531
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
chapter/ntp.tex
View file

@ -61,9 +61,10 @@ A select number of Cisco switches support synchronization with the hardware cloc
access-list 20 remark Hosts/Networks we allow to get time from us access-list 20 remark Hosts/Networks we allow to get time from us
access-list 20 permit 192.0.2.0 0.0.0.255 access-list 20 permit 192.0.2.0 0.0.0.255
access-list 20 deny any access-list 20 deny any
\end{cisco} \end{cisco}
\textbf{Beware} when running a cisco node as \gls{ntp} master and are using access-list to restrict possible clients/peers. You need to allow 127.127.[0-255].1 in the access-list\footnote{The 3rd octet will vary depending on the node.}. This because the master NTP node in the network uses this \gls{ipv4} address as internal master.
\section{Secure NTP} \section{Secure NTP}
\subsection{Characteristics} \subsection{Characteristics}
@ -92,5 +93,5 @@ Generally today \gls{ntp}v3 or v4 is found. The difference to v4 \textit{(amongs
\item support for \gls{ipv6}. \item support for \gls{ipv6}.
\item The security in the protocol is upped to with support for X509 certs. \item The security in the protocol is upped to with support for X509 certs.
\item Automatic calculation of time-distribution\footnote{to archive high time accuracy against lowest bandwidth cost} in a network based upon specific multicast groups leveraging v6 site-local multicast addresses. \item Automatic calculation of time-distribution\footnote{to archive high time accuracy against lowest bandwidth cost} in a network based upon specific multicast groups leveraging v6 site-local multicast addresses.
\item \cliline{network-node(config)# ntp-server \textit{\gls{ipv6}-addr} version 4}
\end{itemize} \end{itemize}