Tuesday, September 15, 2015

play around with ipv6 NTP services

We have a symmetricon  TP5500 on our network. This GPS clock receiver is used for ipv4 clocking. Surprise that we have no ipv6 clock support.

So a ASR9K was used to sync to our ipv4 clock source,  and I configured a interface with a ipv6 address for testing.


Tue Sep 15 7:10:06.499 CST
interface GigabitEthernet0/0/0/1
 description SOCPUPS_ASR9K_TEST_LAB-ipv6
 bandwidth 1500
 mtu 1514
 ipv6 address 2001:db8:199::1/64

 ipv6 enable
 speed 1000
 shutdown
 load-interval 30
 transceiver permit pid all
!

To control the interface and ipv6 ntp-services you can use the  following commands.

ntp
  interface <interFaceName>
     disable


Better yet, a simple clock access-group for the peers that you want and applied for both ipv4 & ipv6 would work also.

e.g

ntp
 max-associations 100
 server 191.21.3.6 source Loopback0
 access-group ipv4 query-only NTP_CLIENT_ACL

 access-group ipv6 query-only  DENY_ACL
 update-calendar
 log-internal-sync
!



Ken Felix
NSE ( Network Security Expert) and Route/Switching Engineer.
kfelix  -----a----t---- socpuppets ---dot---com

    ^     ^
=(  *  * )=
       o 
      /  \



No comments:

Post a Comment