4-9
Catalyst 4500 Series Switch, Cisco IOS Software Configuration Guide - Cisco IOS XE 3.9.xE and IOS 15.2(5)Ex
Chapter 4 Administering the Switch
Managing the System Time and Date
Creating an Access Group and Assigning a Basic IP Access List
To control access to NTP services by using access lists, perform this task:
The access group keywords are scanned in this order, from least restrictive to most restrictive:
1.
peer
—Allows time requests and NTP control queries and allows the switch to synchronize itself to
a device whose address passes the access list criteria.
2.
serve
—Allows time requests and NTP control queries, but does not allow the switch to synchronize
itself to a device whose address passes the access list criteria.
3.
serve-only
—Allows only time requests from a device whose address passes the access list criteria.
4.
query-only
—Allows only NTP control queries from a device whose address passes the access list
criteria.
If the source IP address matches the access lists for more than one access type, the first type is granted.
If no access groups are specified, all access types are granted to all devices. If any access groups are
specified, only the specified access types are granted.
Command
Purpose
Step 1
configure terminal
Enters global configuration mode.
Step 2
ntp access-group
{
query-only
|
serve-onl
y |
serve
|
peer
}
access-list-number
Creates an access group, and apply a basic IP access list.
The keywords have these meanings:
•
query-only
—Allows only NTP control queries.
•
serve-only
—Allows only time requests.
•
serve
—Allows time requests and NTP control queries, but does not
allow the switch to synchronize to the remote device.
•
peer
—Allows time requests and NTP control queries and allows the
switch to synchronize to the remote device.
For
access-list-number
, enter a standard IP access list number from 1
to 99.
Step 3
access-list
access-list-number
permit
source
[
source-wildcard
]
Creates the access list.
•
For
access-list-number
, enter the number specified in Step 2.
•
Enter the
permit
keyword to permit access if the conditions are
matched.
•
For
source
, enter the IP address of the device that is permitted access
to the switch.
•
(Optional) For
source-wildcard
, enter the wildcard bits to be applied
to the source.
Note
When creating an access list, remember that, by default, the end
of the access list contains an implicit deny statement for
everything if it did not find a match before reaching the end.
Step 4
end
Returns to privileged EXEC mode.
Step 5
show running-config
Verifies your entries.
Step 6
copy running-config startup-config
(Optional) Saves your entries in the configuration file.
Содержание Catalyst 4500 Series
Страница 2: ......
Страница 4: ......
Страница 2086: ...Index IN 46 Software Configuration Guide Release IOS XE 3 9 0E and IOS 15 2 5 E ...