Solved

NTP access list help

Posted on 2010-11-19
1
463 Views
Last Modified: 2012-05-10
the request:

-8.x needs UDP access to 20.x and 21.
-We also need 12.x subnet to be able have NTP access to the 22.x

i'm reading that as 1) 8.x needs to be able to send UDP traffic to 20.x and 21.x and 2)  12.x needs to send NTP traffic to 22.x.

based on a year old config file that was sent to me, each subnet is a vlan with extended access groups for inbound and outbound traffic. i am going to have to look at the current config when i visit my client and go from there.

would this be accomplished by?

for 1)
ip access-list extended vlan8_out
permit udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan20_in
permid udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan21_in
permid udp x.x.8.0 0.0.0.255 any

for 2)

ip access-list extended vlan12_out
permit udp any eq ntp x.x.22.0 0.0.0.255

ip access-list extended vlan22_in
permit udp any eq ntp x.x.22.0 0.0.0.255
0
Comment
Question by:Netrinc
1 Comment
 
LVL 3

Accepted Solution

by:
GeneralMandible earned 500 total points
ID: 34174617
I think this is what you're looking for:

for 1)
ip access-list extended vlan8_out
permit udp any x.x.20.0 0.0.0.255
permit udp any x.x.21.0 0.0.0.255

ip access-list extended vlan20_in
permit udp x.x.8.0 0.0.0.255 any

ip access-list extended vlan21_in
permit udp x.x.8.0 0.0.0.255 any

for 2)

ip access-list extended vlan12_out
permit udp any x.x.22.0 0.0.0.255 eq ntp

ip access-list extended vlan22_in
permit udp x.x.8.0 0.0.0.255 any eq ntp
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

While it is possible to put two routes in place with the secondary having a higher metric, this may not always work. In the event of a failure that does not bring down the physical interface on the router the primary route is not removed. There is a…
Getting hacked is no longer a matter or "if you get hacked" — the 2016 cyber threat landscape is now titled "when you get hacked." When it happens — will you be proactive, or reactive?
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

27 Experts available now in Live!

Get 1:1 Help Now