Alcatel Carrier Internetworking Solutions Switch/Router Create Restrict Entry/Add Flags to Entry

NTP Access Control Menu

Page 12-39

Create Restrict Entry/Add Flags to Entry

It is possible to place restriction flags on specific NTP entities in relation to the switch. Restric-

tion flags prevent messages or information coming from the NTP entity from affecting the

switch.

To create a restriction flag, enter the ntpcres command as shown:

ntpcres <address> <mask> <restriction>

where <address> is the IP address of the NTP entity, <mask> is the entity’s subnet mask, and

<restriction> is the specific flag you want to place on the entity. For example to put an ignore

restriction on an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter the

following:

ntpcres 1.1.1.1 255.255.0.0 ignore

The following is a list of possible restriction flags that can be used:

ignore Ignore all packets from hosts which match this entry. If this flag

is specified neither queries nor time server polls will be

responded to.

noquery Ignore all NTP information queries and configuration requests

from the source. Time service is not affected.

nomodify Ignore all NTP information queries and configuration requests

that attempt to modify the state of the server (i.e., run time

reconfiguration). Queries which return information are permit-

ted.

notrap Decline to provide control message trap service to matching

hosts. The trap service is a subsystem of the control message

protocol which is intended for use by remote event logging

programs.

lowpriotrap Declare traps set by matching hosts to be low priority. The

number of traps a server can maintain is limited (the current

limit is 3). Traps are usually assigned on a first come, first serve

basis, with later trap requestors being denied service. This flag

modifies the assignment algorithm by allowing low priority

traps to be overridden by later requests for normal priority

traps. For more information on setting traps see Configure a

Trap in the Server on page 12-41

noserve Ignore NTP packets other than information queries and configu-

ration requests. In effect, time service is denied, though queries

may still be permitted.

nopeer Provide stateless time service to polling hosts, but do not allo-

cate peer memory resources to these hosts even if they other-

wise might be considered useful as future synchronization

partners.

notrust Treat these hosts normally in other respects, but never use

them as synchronization sources.