NTP on NX-OS reloaded!

Hi guys. It’s been quite a long time, but I have been pretty busy lately. I just wanted to drop a quick line to tell you that the NTP problem on NX-OS when using ACLs to filter NTP is gone after installing 6.2(2) on our Nexus 7010 with Sup2. Read the original article here.

But it does not work out of the box. Our config had to be adjusted with the following command.

ntp access-group match-all

So now the full working NTP config on the Nexus 7k is as follows. We use peering ACLs as well as serve-only ACLs to specify who is allowed to get time via NTP from our machines.

R1-l3# sh run ntp
ntp server 172.16.0.1 key 1
ntp server 172.16.0.2 key 1
ntp peer 10.10.10.2 key 1
ntp peer 10.10.10.3 key 1
ntp peer 10.10.10.4 key 1
ntp source-interface loopback0
ntp authenticate
ntp authentication-key 1 md5 MY_SECRET_NTP_KEY
ntp trusted-key 1
ntp logging
ntp access-group match-all
ntp access-group peer 5
ntp access-group serve-only 6
ntp master 3

R1-l3# sh ip access-lists 5
IP access list 5
        10 permit ip 10.10.10.2/32 any

        20 permit ip 10.10.10.3/32 any

        30 permit ip 10.10.10.4/32 any

        40 deny ip any any

R1-l3# sh ip access-lists 6
IP access list 6
        10 permit ip 10.0.0.0/24 any

FHRP – a more detailed look at HSRP

Now that you have read my post on basic HSRP configuration we can go into some more detail of the protocol. We will be using the same topology used throughout that last post which is the following.   Let's first talk a little about how … [Continue reading]

FHRP – Basic HSRP Configuration

basic_fhrp_topology

Hey folks! Today we are going to discover one of the many First Hop Redundancy Protocols that we can configure on a Cisco Router, namely HSRP or Hot Standby Router Protocol.┬áIn order to have our default gateway for our LAN segment available all of … [Continue reading]

Dynamic Routing with RIP

Hey folks! In my first post about routing we dealt with the simplest form of it, static routing. Today is gonna be the day where we learn about a not-so-awesome routing protocol call Routing Information Protocol or short RIP. It is a distance vector … [Continue reading]

NTP problems on NX-OS

I recently encountered a weird problem concerning the ┬áNetwork Time Protocol on NX-OS on a Nexus 7k. I wanted to secure my NTP implementation with access-lists like I did all the time before on other platforms. Access-lists for peers and for clients … [Continue reading]

Static Routing on Cisco IOS

Basic Three Router Topology

Because this is gonna be a blog about a lot of routing & switching stuff what post could possibly be better to kick off this website than one that deals with routing? Well, it is gonna be about the easiest form of routing, namely static routing. … [Continue reading]

00101010 is born!

Hey networking people out there! This is the first post announcing the start of my new blog which will be concerned a lot with networking and security stuff mostly related to Cisco. I probably should have started this blog while pursuing my CCIE but … [Continue reading]