7-9
Catalyst 2928 Switch Software Configuration Guide
OL-23389-01
Chapter 7 Administering the Switch
Managing the System Time and Date
The access group keywords are scanned in this order, from least restrictive to most restrictive:
1.
peer
—Allows time requests and NTP control queries and allows the switch to synchronize itself to
a device whose address passes the access list criteria.
2.
serve
—Allows time requests and NTP control queries, but does not allow the switch to synchronize
itself to a device whose address passes the access list criteria.
3.
serve-only
—Allows only time requests from a device whose address passes the access list criteria.
4.
query-only
—Allows only NTP control queries from a device whose address passes the access list
criteria.
If the source IP address matches the access lists for more than one access type, the first type is granted.
If no access groups are specified, all access types are granted to all devices. If any access groups are
specified, only the specified access types are granted.
To remove access control to the switch NTP services, use the
no ntp access-group
{
query-only
|
serve-only
|
serve
|
peer
} global configuration command.
This example shows how to configure the switch to allow itself to synchronize to a peer from access
list 99. However, the switch restricts access to allow only time requests from access list 42:
Switch#
configure terminal
Switch(config)#
ntp access-group peer 99
Switch(config)#
ntp access-group serve-only 42
Switch(config)#
access-list 99 permit 172.20.130.5
Switch(config)#
access list 42 permit 172.20.130.6
Step 3
access-list
access-list-number
permit
source
[
source-wildcard
]
Create the access list.
•
For
access-list-number
, enter the number specified in Step 2.
•
Enter the
permit
keyword to permit access if the conditions are
matched.
•
For
source
, enter the IP address of the device that is permitted access
to the switch.
•
(Optional) For
source-wildcard
, enter the wildcard bits to be applied
to the source.
Note
When creating an access list, remember that, by default, the end
of the access list contains an implicit deny statement for
everything if it did not find a match before reaching the end.
Step 4
end
Return to privileged EXEC mode.
Step 5
show running-config
Verify your entries.
Step 6
copy running-config startup-config
(Optional) Save your entries in the configuration file.
Command
Purpose
Содержание Catalyst 2928
Страница 28: ...Contents xxviii Catalyst 2928 Switch Software Configuration Guide OL 23389 01 ...
Страница 32: ...xxx Catalyst 2928 Switch Software Configuration Guide OL 23389 01 Preface ...
Страница 496: ...26 14 Catalyst 2928 Switch Software Configuration Guide OL 23389 01 Chapter 26 Configuring SPAN Displaying SPAN Status ...
Страница 534: ...29 18 Catalyst 2928 Switch Software Configuration Guide OL 23389 01 Chapter 29 Configuring SNMP Displaying SNMP Status ...
Страница 700: ...Index IN 36 Catalyst 2928 Switch Software Configuration Guide OL 23389 01 ...