Hi guys. It’s been quite a long time, but I have been pretty busy lately. I just wanted to drop a quick line to tell you that the NTP problem on NX-OS when using ACLs to filter NTP is gone after installing 6.2(2) on our Nexus 7010 with Sup2. Read the original article here.
But it does not work out of the box. Our config had to be adjusted with the following command.
ntp access-group match-all
So now the full working NTP config on the Nexus 7k is as follows. We use peering ACLs as well as serve-only ACLs to specify who is allowed to get time via NTP from our machines.
R1-l3# sh run ntp ntp server 172.16.0.1 key 1 ntp server 172.16.0.2 key 1 ntp peer 10.10.10.2 key 1 ntp peer 10.10.10.3 key 1 ntp peer 10.10.10.4 key 1 ntp source-interface loopback0 ntp authenticate ntp authentication-key 1 md5 MY_SECRET_NTP_KEY ntp trusted-key 1 ntp logging ntp access-group match-all ntp access-group peer 5 ntp access-group serve-only 6 ntp master 3 R1-l3# sh ip access-lists 5 IP access list 5 10 permit ip 10.10.10.2/32 any 20 permit ip 10.10.10.3/32 any 30 permit ip 10.10.10.4/32 any 40 deny ip any any R1-l3# sh ip access-lists 6 IP access list 6 10 permit ip 10.0.0.0/24 any