XOS 16.1.2 - How to disable the NTP restrict-list?

  • 0
  • 1
  • Question
  • Updated 2 years ago
I have successfully enabled a x460-g2 switch as NTP server, and clients can receive time from them.

BUT: It appears that only clients from directly connected VLANs are allowed by the NTP service, for all others I have to add an entry via:
configure ntp restrict-list add <subnet> <netmask> allow
I can list the active restrict-list:
# show ntp restrict-list
IP Address       Mask                 Count  Type    Action
===========================================================
0.0.0.0          0.0.0.0                128  System  Deny 
10.0.0.0       255.255.255.252          0  System  Permit
10.1.0.2       255.255.255.255          0  System  Permit
10.90.90.17     255.255.255.255       1875  System  Permit
127.0.0.1        255.255.255.255          0  System  Permit
...
The question is: How can disable the use of this ACL, aka: how can I change the implicit entry (0.0.0.0 0.0.0.0) to Permit? I found no way so far....
Photo of Carsten Buchenau

Carsten Buchenau

  • 888 Points 500 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of OscarK

OscarK, ESE

  • 7,702 Points 5k badge 2x thumb
I think adding a 0.0.0.0 0.0.0.0 allow will make it allow all ntp requests.
Photo of Carsten Buchenau

Carsten Buchenau

  • 888 Points 500 badge 2x thumb
I had tried that, doesn't work:

* Summit-PC.3 # configure ntp restrict-list add 0.0.0.0 0.0.0.0 permit
Error: NTP restrict network address 0.0.0.0 or mask 0.0.0.0 is invalid.

I can add 128.0.0.0/1 (netmask 128.0.0.0), but that still doesn't cover 0.0.0.0/1. Which I cannot add either...