When NTP access-control needs ACL for 127.127.7.1?

The very simple answer is when the local NTP master controller is synching to the IP address 127.127.7.1 instead of 127.127.1.1. Ok, I think I need to clarify few things.  In a number of CCIE workbooks, you’ll get a task to configure NTP access-control on the master NTP router to only peer with R1.  After trying for a long time, you lookup the solution guide and realize that you were missing an ACL entry for the local address 127.127.7.1. Or you finished the task, everything works, you check the solution guide and ask yourself “why did they have an ACL for the IP address 127.127.7.1? I did it without it and it worked.”

Continue reading