Create restrict entry/add flags to entry, Create restrict entry/add flags to entry -39 – Alcatel Carrier Internetworking Solutions Omni Switch/Router User Manual

NTP Access Control Menu

Page 12-39

Create Restrict Entry/Add Flags to Entry

It is possible to place restriction flags on specific

NTP

entities in relation to the switch. Restric-

tion flags prevent messages or information coming from the

NTP

entity from affecting the

switch.

To create a restriction flag, enter the

ntpcres

command as shown:

ntpcres <address> <mask> <restriction>

where

<address>

is the

IP

address of the

NTP

entity,

<mask>

is the entity’s subnet mask, and

<restriction>

is the specific flag you want to place on the entity. For example to put an

ignore

restriction on an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter the
following:

ntpcres 1.1.1.1 255.255.0.0 ignore

The following is a list of possible restriction flags that can be used:

ignore

Ignore all packets from hosts which match this entry. If this flag
is specified neither queries nor time server polls will be
responded to

.

noquery

Ignore all

NTP

information queries and configuration requests

from the source. Time service is not affected.

nomodify

Ignore all

NTP

information queries and configuration requests

that attempt to modify the state of the server (i.e., run time
reconfiguration). Queries which return information are permit-
ted.

notrap

Decline to provide control message trap service to matching
hosts. The trap service is a subsystem of the control message
protocol which is intended for use by remote event logging
programs.

lowpriotrap

Declare traps set by matching hosts to be low priority. The
number of traps a server can maintain is limited (the current
limit is 3). Traps are usually assigned on a first come, first serve
basis, with later trap requestors being denied service. This flag
modifies the assignment algorithm by allowing low priority
traps to be overridden by later requests for normal priority
traps. For more information on setting traps see Configure a
Trap in the Server on page 12-41

noserve

Ignore

NTP

packets other than information queries and configu-

ration requests. In effect, time service is denied, though queries
may still be permitted.

nopeer

Provide stateless time service to polling hosts, but do not allo-
cate peer memory resources to these hosts even if they other-
wise might be considered useful as future synchronization
partners.

notrust

Treat these hosts normally in other respects, but never use
them as synchronization sources.