On (2014-02-18 10:36 -0600), Charles Spurgeon wrote: > -------------------- > "After applying an NTP access-group to deny inbound NTP queries, a > device still responds to NTP queries as if the ACL was not configured." > --------------------
Does it also affect numbered ACL? For some reason NTP ACL were for many many years only place where you needed numbered ACL, they didn't support named. At any rate, platforms which implement proper CoPP, like 6500, there should be no particular reason to have ability do filter NTP or restrict monlist. Your CoPP should specifically allow NTP only to your upstream NTP server. Even if NTP ACL would work, notion that you accept that untrusted NTP packets hit your puny control-plane is clearly completely unaccapble. -- ++ytti _______________________________________________ cisco-nsp mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-nsp archive at http://puck.nether.net/pipermail/cisco-nsp/
