Support User Manuals

Cisco Systems 2940 Switch User Manual

Open as PDF

of 444

6-8

Catalyst 2940 Switch Software Configuration Guide

78-15507-02

Chapter 6 Administering the Switch

Managing the System Time and Date

Creating an Access Group and Assigning a Basic IP Access List

Beginning in privileged EXEC mode, follow these steps to control access to NTP services by using

access lists:

The access group keywords are scanned in this order, from least restrictive to most restrictive:

1. peer—Allows time requests and NTP control queries and allows the switch to synchronize itself to

a device whose address passes the access list criteria.

2. serve—Allows time requests and NTP control queries, but does not allow the switch to synchronize

itself to a device whose address passes the access list criteria.

3. serve-only—Allows only time requests from a device whose address passes the access list criteria.

4. query-only—Allows only NTP control queries from a device whose address passes the access list

criteria.

Command Purpose

Step 1

configure terminal Enter global configuration mode.

Step 2

ntp access-group {query-only |

serve-only | serve | peer}

access-list-number

Create an access group, and apply a basic IP access list.

The keywords have these meanings:

• query-only—Allows only NTP control queries.

• serve-only—Allows only time requests.

• serve—Allows time requests and NTP control queries, but does not

allow the switch to synchronize to the remote device.

• peer—Allows time requests and NTP control queries and allows the

switch to synchronize to the remote device.

For access-list-number, enter a standard IP access list number from 1

to 99.

Step 3

access-list access-list-number permit

source [source-wildcard]

Create the access list.

• For access-list-number, enter the number specified in Step 2.

• Enter the permit keyword to permit access if the conditions are

matched.

• For source, enter the IP address of the device that is permitted access

to the switch.

• (Optional) For source-wildcard, enter the wildcard bits to be applied

to the source.

Note When creating an access list, remember that, by default, the end

of the access list contains an implicit deny statement for

everything if it did not find a match before reaching the end.

Step 4

end Return to privileged EXEC mode.

Step 5

show running-config Verify your entries.

Step 6

copy running-config startup-config (Optional) Save your entries in the configuration file.

previous next