Solved

NTP access list help

Posted on 2010-11-19
1
468 Views
Last Modified: 2012-05-10
the request:

-8.x needs UDP access to 20.x and 21.
-We also need 12.x subnet to be able have NTP access to the 22.x

i'm reading that as 1) 8.x needs to be able to send UDP traffic to 20.x and 21.x and 2)  12.x needs to send NTP traffic to 22.x.

based on a year old config file that was sent to me, each subnet is a vlan with extended access groups for inbound and outbound traffic. i am going to have to look at the current config when i visit my client and go from there.

would this be accomplished by?

for 1)
ip access-list extended vlan8_out
permit udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan20_in
permid udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan21_in
permid udp x.x.8.0 0.0.0.255 any

for 2)

ip access-list extended vlan12_out
permit udp any eq ntp x.x.22.0 0.0.0.255

ip access-list extended vlan22_in
permit udp any eq ntp x.x.22.0 0.0.0.255
0
Comment
Question by:Netrinc
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 3

Accepted Solution

by:
GeneralMandible earned 500 total points
ID: 34174617
I think this is what you're looking for:

for 1)
ip access-list extended vlan8_out
permit udp any x.x.20.0 0.0.0.255
permit udp any x.x.21.0 0.0.0.255

ip access-list extended vlan20_in
permit udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan21_in
permit udp x.x.8.0 0.0.0.255 any

for 2)

ip access-list extended vlan12_out
permit udp any x.x.22.0 0.0.0.255 eq ntp

ip access-list extended vlan22_in
permit udp x.x.8.0 0.0.0.255 any eq ntp
0

Featured Post

Major Incident Management Communications

Major incidents and IT service outages cost companies millions. Often the solution to minimizing damage is automated communication. Find out more in our Major Incident Management Communications infographic.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Server 172.16.200.2  was moved from behind Router R2 f0/1 to behind router R1 int f/01 and has now address 172.16.100.2. But we want users still to be able to connected to it by old IP. How to do it ? We can used destination NAT (DNAT).  In DNAT…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

726 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question