When NTP access-control needs ACL for 127.127.7.1?
The very simple answer is when the local NTP master controller is synching to the IP address 127.127.7.1 instead of 127.127.1.1. Ok, I think I need to clarify few things. In a number of CCIE workbooks, you’ll get a task to configure NTP access-control on the master NTP router to only peer with R1. After trying for a long time, you lookup the solution guide and realize that you were missing an ACL entry for the local address 127.127.7.1. Or you finished the task, everything works, you check the solution guide and ask yourself “why did they have an ACL for the IP address 127.127.7.1? I did it without it and it worked.”
This is something that I found to be very frustrating and without any information on the web. After doing some of my own research, it appears Cisco made few changes that are not very clearly documented.
To give you an example, R4 is the NTP master and R6 (150.1.6.6) is the NTP peer.
R4#sh run | i ntp | access-list
ntp master 4
ntp access-group peer 1
access-list 1 permit 150.1. Continue reading