15.2. NTP Commands

Command Purpose

To create the Access Control Entries (ACE) of a NTP server/peer, use the ntp ace command in Global Config mode. To remove the ace, use the no form of this command.

Prerequisites

Command Syntax

ntp ace ( IP_ADDR | HOSTNAME ) ( mask MASK_LENGTH | ) ( version | kod | ignore | noquery | nomodify | notrap | noserve | nopeer | notrust | limited | none )

no ntp ace ( IP_ADDR | HOSTNAME ) ( mask MASK | ) ( version | kod | ignore | noquery | nomodify | notrap | noserve | nopeer | notrust | limited | none )

Command Mode

Global Config

Default

None

Usage

Use this command if you want to allow the system to synchronize with the specified server. The server will not synchronize to this machine.

Examples

The following example shows how to create an ACE for 1.1.1.1:

Switch# configure terminal
Switch(config)# ntp ace 1.1.1.1 version

Related Commands

show ntp

Command Purpose

To enable NTP authentication, use the ntp authentication enable command. To disable the NTP authentication, use the ntp authentication disable command.

Prerequisites

Command Syntax

ntp authentication ( enable | disable )

Command Mode

Global Config

Default

None

Usage

When NTP authentication is enabled, the switch will synchronize the time with NTP servers with trusted key only. For more information about trusted key, please see the ntp trustedkey command.

Examples

The following example shows how to enables NTP authentication:

Switch# configure terminal
Switch(config)# ntp authentication enable

Related Commands

show ntp

Command Purpose

To configure Disable NTP packets from being received on the interface, use the ntp disable command in interface configuration mode. To disable this capability, use the no form of this command.

Prerequisites

Command Syntax

ntp disable

no ntp disable

Command Mode

Interface Configuration

Default

By default, all interfaces receive NTP packets.

Usage

Only physical interface, vlan interface and loopback interface support this command.

Examples

In the following example, the system is configured not to receive NTP packet in interface eth-0-1:

Switch# configure terminal
Switch(config)# interface eth-0-1
Switch(config-if)# ntp disable

Related Commands

None

Command Purpose

To configure value of the NTP key, use the ntp key command in global configuration mode. To remove the value of the NTP key, use the no form of this command.

Prerequisites

Command Syntax

ntp key KEYID ( 8 | ) VALUE

no ntp key KEYID

Command Mode

Global Config

Default

None

Usage

Use this command to create a value for a NTP key.

Examples

In the following example, the value 321 is given to the NTP key 123:

Switch# configure terminal
Switch(config)# ntp key 123 321

Related Commands

show ntp

Command Purpose

To reload the NTP configuration on the interfaces, use the ntp interface reload command in Global Config mode.

Prerequisites

Command Syntax

ntp interface reload

Command Mode

Global Config

Default

None

Usage

Use this command to reload the NTP configuration on all the interfaces.

Examples

The following example reloads the NTP configuration on all interfaces:

Switch# configure terminal
Switch(config)# ntp interface reload

Related Commands

show ntp

Command Purpose

Use ntp max-distance command to config ntp max sync distance threshold. This command used in ntp client, and ntp calculate the sync distance to each ntp server and compare it with the ntp max sync distance which configured by ntp max-distance command. If the distance calculate by ntp over the distance configured by ntp max-distance, client will not sync with this ntp server.

Prerequisites

Command Syntax

ntp max-distance DISTANCE

no ntp max-distance DISTANCE

Command Mode

Global Config

Default

10

Usage

None

Examples

The following example shows the configuration of NTP:

Switch# configure terminal
Switch1(config)# ntp max-distance 16

Related Commands

None

Command Purpose

To configure the software clock to synchronize a peer or to be synchronized by a peer, use the ntp peer command in Global Config mode. To disable this capability, use the no form of this command.

Prerequisites

Command Syntax

ntp peer ( HOSTNAME | IP_ADDR ) { key KEY_ID | prefer | version VER } { source-interface IFNAME | source-ip SRC_ADDR }

no ntp peer ( HOSTNAME | IP_ADDR )

Command Mode

Global Config

Default

None

Usage

When a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.

Use this command to allow a device to synchronize with a peer, or vice versa. Using the prefer keyword reduces switching between peers.

If the source interface or source IP address is specified, the packet transmit will use the related IP address as source address.

Examples

The following example shows how to configure a switch to allow its software clock to be synchronized with the clock of the peer (or vice versa) at IP address 192.168.22.33 using NTP version 2:

Switch# configure terminal
Switch(config)# ntp peer 192.168.22.33 version 2

Related Commands

show ntp

Command Purpose

To configure an external clock source for use with Network Time Protocol (NTP) services, use the ntp refclock command in Global Config mode. To disable support of the external time source, use the no form of this command.

Prerequisites

Command Syntax

ntp refclock stratum NUMBER

no ntp refclock

Command Mode

Global Config

Default

This command is disabled by default.

Usage

None

Examples

The following example shows configuration of a NTP source on a switch platform:

Switch# configure terminal
Switch(config)# ntp refclock stratum 1

Related Commands

show ntp

Command Purpose

To allow the software clock to be synchronized by a Network Time Protocol (NTP) time server, use the ntp server command in global configuration mode. To disable this capability, use the no form of this command.

Prerequisites

Command Syntax

ntp server ( HOSTNAME | IP_ADDR ) { key KEY_ID | prefer | version VER } { source-interface IFNAME | source-ip SRC_ADDR }

no ntp server ( HOSTNAME | SRC_ADDR )

Command Mode

Global Config

Default

The server will not synchronize to this machine.

Usage

Use this command if you want to allow the system to synchronize with the specified server.

If the source interface or source IP address is specified, the packet transmit will use the related IP address as source address.

Examples

The following example shows how to configure a switch to allow its software clock to be synchronized with the clock by the device at IP address 172.16.22.44 using NTP version 2:

Switch# configure terminal
Switch(config)# ntp server 172.16.22.44 version 2

Related Commands

show ntp

Command Purpose

To authenticate the identity of a system to which Network Time Protocol (NTP) will synchronize, use the ntp trustedkey command in global configuration mode. To disable authentication of the identity of the system, use the no form of this command.

Prerequisites

Command Syntax

ntp trustedkey KEY_ID

no ntp trustedkey KEY_ID

Command Mode

Global Config

Default

None

Usage

If authentication is enabled, use this command to define one or more key numbers (corresponding to the keys defined with the ntp key command) that a peer NTP system must provide in its NTP packets, in order for this system to synchronize to it. This function provides protection against accidentally synchronizing the system to a system that is not trusted, because the other system must know the correct authentication key.

Examples

The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in its NTP packets:

Switch# configure terminal
Switch(config)# ntp authentication enable
Switch(config)# ntp key 42 aNiceKey
Switch(config)# ntp trustedkey 42

Related Commands

show ntp

ntp key

Command Purpose

To display the NTP configurations, use the show ntp command in privileged EXEC mode.

Prerequisites

Command Syntax

show ntp

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to display the NTP configurations.

Examples

The following example shows the configuration of NTP:

Switch# show ntp

Current NTP configuration: 
============================================================
NTP access control list:
Unicast peer: 
  1.1.1.1
Unicast server: 
  2.2.2.2
Authentication: enabled
Local reference clock: 
  enabled, stratum 10

Related Commands

ntp server

ntp peer

Command Purpose

To display the restrict list of Access Control Entries (ACE) of a NTP server/peer, use the show ntp ace command in privileged EXEC mode.

Prerequisites

Command Syntax

show ntp ace

Command Mode

Privileged EXEC

Default

None

Usage

None

Examples

The following example shows the NTP restrict list:

Switch# show ntp ace

address          mask            count        flags
=====================================================================
0.0.0.0         0.0.0.0             55188       noquery, nomodify, notrap
6.6.6.6         255.255.255.255     73          none
127.0.0.1       255.255.255.255    1259         none

Related Commands

ntp ace

Command Purpose

To show the status of Network Time Protocol (NTP) associations, use the show ntp associations command in privileged EXEC mode.

Prerequisites

Command Syntax

show ntp associations

Command Mode

Privileged EXEC

Default

None

Usage

Detailed descriptions of the information displayed by this command can be found in the NTP specification (RFC 1305).

Examples

The following example shows the status of NTP associations:

Switch# show ntp associations

Current NTP associations: 
     remote           refid      st when poll reach   delay   offset  disp
==============================================================================
*6.6.6.6         127.127.1.0      6  161  256  377    0.778   -0.087 119.400
* synchronized, + candidate, # selected, x falsetick, . excess, - outlyer

Related Commands

show ntp status

Command Purpose

To show the NTP keys, use the show ntp key command in privileged EXEC mode.

Prerequisites

Command Syntax

show ntp key

Command Mode

Privileged EXEC

Default

None

Usage

Use this command to display the NTP keys.

Examples

The following example shows the keys of NTP:

Switch# show ntp key

Current NTP key configuration: 
Flags: * - Trusted
  ID     Value
============================================================
* 1      trusted_key
  5      test_key

Related Commands

ntp key

Command Purpose

To show the status of the Network Time Protocol (NTP), use the show ntp status command in privileged EXEC mode.

Prerequisites

Command Syntax

show ntp status

Command Mode

Privileged EXEC

Default

None

Usage

None.

Examples

The following is sample output from the show ntp status command:

Switch# show ntp status

Current NTP status: 
============================================================
clock is synchronized
stratum:         11
reference clock: 127.127.1.0
frequency:       0.000 ppm
precision:       2^15
reference time:  d116c946.4dc2f6a7  ( 1:24:22.303 UTC Tue Mar  1 2023)
root delay:      0.000 ms
root dispersion: 449.207 ms
peer dispersion: 662.059 ms
clock offset:    0.000 ms
stability:       0.000 ppm

Related Commands

show ntp associations

Command Purpose

To show the statistics of the Network Time Protocol (NTP), use the show ntp statistics command in privileged EXEC mode.

Prerequisites

Command Syntax

show ntp statistics

Command Mode

Privileged EXEC

Default

None

Usage

None

Examples

The following is sample output from the show ntp statistics command:

Switch# show ntp statistics

Current NTP I/O statistics: 
============================================================
time since reset:     175834
receive buffers:      10
free receive buffers: 9
used receive buffers: 0
low water refills:    1
dropped packets:      0
ignored packets:      0
received packets:     32
packets sent:         31
packets not sent:     0
interrupts handled:   32
received by int:      32

Related Commands

show ntp associations

Command Purpose

To clear the statistics of the Network Time Protocol (NTP), use the clear ntp statistics command in privileged EXEC mode.

Prerequisites

Command Syntax

clear ntp statistics

Command Mode

Privileged EXEC

Default

None

Usage

None.

Examples

The following is a sample to clear ntp statistics:

Switch# clear ntp statistics

Related Commands

show ntp statistics

Command Purpose

To enable NTP management interface, use the ntp mgmt-if command. To enable management interface only, use the only parameter. To enable both in-band and management interface, use the enable parameter. To disable NTP management interface, use the no ntp mgmt-if command.

Prerequisites

Command Syntax

ntp mgmt-if ( enable | only )

no ntp mgmt-if

Command Mode

Global Config

Default

Disable management interface by default and only use in-band interface

Usage

Use this command to enable management interface, then the ntp client will connect to the server or peer.

Examples

The following example shows only use management interface:

Switch# configure terminal
Switch(config)# ntp mgmt-if only

Related Commands

show ntp