This blog was originally started to better help me understand the technologies in the CCIE R&S blueprint; after completing the R&S track I have decided to transition the blog into a technology blog.

CCIE #29033

This blog will continue to include questions, troubleshooting scenarios, and references to existing and new technologies but will grow to include a variety of different platforms and technologies. Currently I have created over 185 questions/answers in regards to the CCIE R&S track!! Note: answers are in the comment field or within "Read More" section.

You can also follow me on twitter @FE80CC1E


Monday, October 25, 2010

Troubleshooting 5


NTP needs to be authenticated between R5 and R6. All clocks need to be synchronized. Good Luck and by the way time is ticking.


R5
__
hostname R5
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
!
ip cef
!
interface FastEthernet0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
interface Serial1/0
 ip address 192.168.56.5 255.255.255.0
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
!
router ospf 1
 router-id 5.5.5.5
 log-adjacency-changes
 network 192.168.56.5 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
control-plane
!
mgcp behavior g729-variants static-pt
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp authentication-key 1 md5 060506324F41 7
ntp authenticate
ntp master 3
!
end





R6
__
hostname R6
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
class-map match-all CMAP
 match access-group name NTPAllowed
!
!
policy-map PMAP
 class CMAP
   drop
!
interface Serial1/0
 ip address 192.168.56.6 255.255.255.0
 serial restart-delay 0
 no fair-queue
!
interface Serial1/2
 ip address 192.168.67.6 255.255.255.0
 serial restart-delay 0
!
router ospf 1
 router-id 6.6.6.6
 log-adjacency-changes
 network 192.168.56.6 0.0.0.0 area 0
 network 192.168.67.6 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
ip access-list extended NTPAllowed
 permit udp any any eq ntp
 deny   ip any any
!
control-plane
 service-policy input PMAP
!

line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp authentication-key 1 md5 060506324E41 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179839
ntp source Serial1/0
ntp server 192.168.56.5
!
end

R7
__

hostname R7
!
boot-start-marker
boot-end-marker
!
no aaa new-model
memory-size iomem 5
!
ip cef
!
interface Serial1/0
 ip address 192.168.67.7 255.255.255.0
 ip access-group 100 in
 serial restart-delay 0
 no fair-queue
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
router ospf 1
 router-id 7.7.7.7
 log-adjacency-changes
 network 192.168.67.7 0.0.0.0 area 0
!
ip http server
no ip http secure-server
ip forward-protocol nd
!
access-list 100 deny   udp any any eq ntp
access-list 100 permit ip any any
!
control-plane
!
mgcp behavior g729-variants static-pt
!
line con 0
 exec-timeout 0 0
line aux 0
line vty 0 4
 login
!
ntp clock-period 17179811
ntp peer 192.168.67.6
!
end
Posted by Packets Analyzed at 8:09 PM
Labels: ,

2 comments:

networkdongle said...

nice one...

on the control plane on R6 dropping NTP

and on R7 an acl on int s1/0 dropping NTP

October 26, 2010 at 2:30 PM
Packets Analyzed said...

There are a couple more things. You may have to lab it up to see them.

October 26, 2010 at 2:32 PM

Post a Comment

Subscribe to: Post Comments (Atom)