Contents

• Basic System Management Commands

• ntp access-group

• ntp authenticate

• ntp authentication-key

• ntp broadcast

• ntp broadcast client

• ntp broadcastdelay

• ntp clear drift

• ntp clock-period

• ntp disable

• ntp logging

• ntp master

• ntp max-associations

• ntp multicast

• ntp peer

• ntp refclock

• ntp server

• ntp source

• ntp update-calendar

• show calendar

• show clock

• show ntp status

• show sntp

Basic System Management Commands

---

• ntp access-group
• ntp authenticate
• ntp authentication-key
• ntp broadcast
• ntp broadcast client
• ntp broadcastdelay
• ntp clear drift
• ntp clock-period
• ntp disable
• ntp logging
• ntp master
• ntp max-associations
• ntp multicast
• ntp peer
• ntp refclock
• ntp server
• ntp source
• ntp update-calendar
• show calendar
• show clock
• show ntp status
• show sntp

ntp access-group

To control access to Network Time Protocol (NTP) services on the system, use the ntp access-group command in global configuration mode. To remove access control to the NTP services, use the no form of this command.

ntp access-group [ ipv4 | ipv6 ] { peer | query-only | serve | serve-only } { access-list-number | access-list-number-expanded | access-list-name } [ kod ]

no ntp access-group [ ipv4 | ipv6 ] { peer | query-only | serve | serve-only }

Syntax Description

ipv4	(Optional) Configures IPv4 access lists.
ipv6	(Optional) Configures IPv6 access lists.
peer	Allows time requests and NTP control queries and permits the system to synchronize with the remote system.
query-only	Allows only NTP control queries. See RFC 1305 (NTP version 3).
serve	Allows time requests and NTP control queries, but does not allow the system to synchronize with the remote system.
serve-only	Allows only time requests. Note    You must configure the ntp server ip-address command before using the serve-only keyword.
access-list-number	Number (from 1 to 99) of a standard IPv4 or IPv6 access list.
access-list-number-expanded	Number (from 1300 to 1999) of an expanded range IPv4 or IPv6 access list.
access-list-name	Name of an access list.
kod	(Optional) Sends the “Kiss-of-Death” (KOD) packet to any host that tries to send a packet that is not compliant with the access-group policy.

Command Default

By default, there is no access control. Full access is granted to all systems.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.4(15)T	This command was modified in a release earlier than Cisco IOS Release 12.4(15)T. The access-list-number-expanded argument was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. The access-list-name argument and kod keyword were added. Support for IPv6 was added.
12.2(33)SXJ	This command was modified. The access-list-name argument and kod keyword were added. Support for IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 access list was added.
Cisco IOS XE Release 3.5S	This command was modified. The ipv4 and ipv6 keywords were added.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

The access group options are scanned in the following order from the least restrictive to the most restrictive:

1. peer
2. query-only
3. serve
4. serve-only

Access is granted for the first match that is found. If no access groups are specified, comprehensive access is granted to all sources. If you specify any access groups, only the specified access is granted. This facility provides minimal security for the time services of the system. However, it can be circumvented by a determined programmer. For tighter security, use the NTP authentication facility.

The NTP service can be activated by entering any ntp command. When you use the ntp access-group command, the NTP service is activated (if it has not already been activated) and access control to NTP services is configured simultaneously.

When you enter the no ntp access-group command, only the access control to NTP services is removed. The NTP service itself remains active, along with any other previously configured NTP functions.

To disable the NTP service on a device, use the no ntp command without any keywords in global configuration mode. For example, if you want to remove the access control to NTP services, and all NTP functions from the device, use the no ntp command without any keywords.

If you do not specify the ipv4 or ipv6 keyword, the IPv4 access list is configured by default. In Cisco IOS XE Release 3.5S and later releases, the show running-config command displays only the last configured ntp access-group command configured on the router. However, in releases prior to Cisco IOS XE Release 3.5S, the show running-config command displays all ntp access-group commands configured on the router. For example, in Cisco IOS XE Release 3.5S and later releases, if you first configure the ntp access-group serve 1 command and then configure the ntp access-group serve 2 command on the router, the output of the show running-config displays only the ntp access-group serve 1 command, shown below:

Router# configure terminal
Router(config)# ntp access-group serve 2
Router(config)# ntp access-group serve 1
Router(config)# exit
Router# show running-config | include ntp access-group
ntp access-group serve 1
Router#

Examples

The following example shows how to configure a system to allow itself to be synchronized by a peer from access list 99. However, the system restricts access to allow only time requests from access list 42.

Router(config)# ntp access-group peer 99
Router(config)# ntp access-group serve-only 42

In the following IPv6 example, a KOD packet is sent to any host that tries to send a packet that is not compliant with the access-group policy:

Router(config)# ntp access-group serve acl1 kod

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
access-list	Configures the access list mechanism for filtering frames by protocol type or vendor code.
ntp server	Allows the software clock to be synchronized by a time server.

ntp authenticate

To enable Network Time Protocol (NTP) authentication, use the ntp authenticate command in global configuration mode. To disable the function, use the no form of this command.

ntp authenticate

no ntp [authenticate]

Syntax Description

This command has no arguments or keywords.

Command Default

By default, NTP authentication is not enabled.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for NTPv4 and IPv6 was added.
12.2(33)SXJ	This command was modified. Support for NTPv4 and IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Use this command if you want to authenticate NTP. If this command is specified, the system will not synchronize to another system unless it carries one of the authentication keys specified in the ntp trusted-key global configuration command.

The NTP service can be activated by entering any ntp command. When you use the ntp authenticatecommand, the NTP service is activated (if it has not already been activated) and NTP authentication is enabled simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp authenticatecommand, only the NTP authentication is removed from the NTP service. The NTP service itself remains active, along with any other functions you that previously configured.

To disable the NTP service on a device, you must enter the no ntp command without any keywords in global configuration mode. For example, if you previously issued the ntp authenticate command and you now want to disable not only the authentication, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to configure the system to synchronize only to systems that provide the authentication key 42 in their NTP packets:

Router(config)# ntp authenticate
Router(config)# ntp authentication-key 42 md5 aNiceKey
Router(config)# ntp trusted-key 42

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
ntp authentication-key	Defines an authentication key for NTP.
ntp trusted-key	Authenticates the identity of a system to which NTP will synchronize.

ntp authentication-key

To define an authentication key for Network Time Protocol (NTP), use the ntp authentication-key command in global configuration mode. To remove the authentication key for NTP, use the no form of this command.

ntp authentication-key number md5 key [encryption-type]

no ntp [ authentication-key number ]

Syntax Description

number	Key number from 1 to 4294967295.
md5	Specifies the authentication key. Message authentication support is provided using the message digest 5 (MD5) algorithm. The key type md5 is the only key type supported.
key	Character string of up to 32 characters that is the value of the MD5 key. Note    In auto secure mode, an error is displayed on the console and the authentication key is not configured if the character string length exceeds 32.
encryption-type	(Optional) Authentication key encryption type. Range: 0 to 4294967295.

Command Default

No authentication key is defined for NTP.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for NTPv4 and IPv6 was added.
12.2(33)SXJ	This command was modified. Support for NTPv4 and IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Use this command to define authentication keys for use with other NTP commands in order to provide a higher degree of security.

Note	When this command is written to NVRAM, the key is encrypted so that it is not displayed in the configuration.

When you configure the authentication key using the ntp authentication-key command or using the auto secure ntp command, if the length of the MD5 key exceeds 32 characters, an error message is displayed.

The NTP service can be activated by entering any ntp command. When you use the ntp authentication-keycommand, the NTP service is activated (if it has not already been activated) and the NTP authentication key is defined simultaneously.

When you enter the no ntp authentication-keycommand, only the NTP authentication key is removed from the NTP service. The NTP service itself remains active, along with any other previously configured NTP functions.

Note	If a specific authentication key configuration is removed, the NTP process is not stopped until all the authentication key configurations are removed.

To disable the NTP service on a device, use the no ntp command without any keywords in global configuration mode. For example, if you want to remove not only the access control to NTP services, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to configure the system to synchronize only to systems providing the authentication key 42 in their NTP packets:

Router(config)# ntp authenticate
Router(config)# ntp authentication-key 42 md5 aNiceKey
Router(config)# ntp trusted-key 42

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

The following example shows the error message displayed when the authentication key character string length exceeds 32:

Router(config)# ntp authentication-key 23 md5 11111111111111111111111111111111111
%NTP: Key too long

Related Commands

Command	Description
auto secure	Secures the management and forwarding planes of the router.
ntp authenticate	Enables NTP authentication.
ntp peer	Configures the software clock to synchronize a peer or to be synchronized by a peer.
ntp server	Allows the software clock to be synchronized by a time server.
ntp trusted-key	Authenticates the identity of a system to which NTP will synchronize.

ntp broadcast

To configure the options for broadcasting Network Time Protocol (NTP) traffic, use the ntp broadcast command in interface configuration mode. To disable this capability, use the no form of this command.

ntp broadcast [ client | [ destination { ip-address | hostname } ] [ key [broadcast-key] ] [ version number ] ]

no ntp [ broadcast [ client | [ destination { ip-address | hostname } ] [ key [broadcast-key] ] [ version number ] ] ]

Syntax Description

client	(Optional) Configures a device to listen to NTP broadcast messages.
destination	(Optional) Configures a device to receive broadcast messages.
ip-address | hostname	(Optional) IP address or hostname of the device to send NTP broadcast messages to.
key	(Optional) Configures a broadcast authentication key.
broadcast-key	(Optional) Integer from 1 to 4294967295 that is the key number. In the Cisco IOS Release 12.2SX train, the range is from 0 to 4294967295.
version	(Optional) Indicates that an NTP version is configured.
number	(Optional) Integer from 2 to 4 indicating the NTP version. In the Cisco IOS Release 12.2SX train, the range is from 1 to 4.

Command Default

NTP broadcasting is disabled.

Command Modes

Interface configuration (config-if)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20T	This command was modified. Support for NTPv4 and IPv6 was added.
12.2(33)SXJ	This command was modified. Support for NTPv4 and IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

The NTP service can be activated by entering any ntp command. When you use the ntp broadcastcommand, the NTP service is activated (if it has not already been activated) and the options are configured for sending NTP traffic simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp broadcastcommand, only the configuration to send NTP broadcast packets on a specified interface is removed from the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without keywords. For example, if you previously issued the ntp broadcast command and you now want to remove not only the broadcast capability, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to configures Ethernet interface 0 to send NTP version 2 broadcasts:

Router(config)# interface ethernet 0
Router(config-if)# ntp broadcast version 2

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
ntp broadcast client	Allows the system to receive NTP broadcast packets on an interface.
ntp broadcastdelay	Sets the estimated round-trip delay between the Cisco IOS software and an NTP broadcast server.

ntp broadcast client

To configure a device to receive Network Time Protocol (NTP) broadcast messages on a specified interface, use the ntp broadcast client command in interface configuration mode. To disable this capability, use the no form of this command.

ntp broadcast client

no ntp [ broadcast [client] ]

Syntax Description

This command has no arguments or keywords.

Command Default

By default, an interface is not configured to receive NTP broadcast messages.

Command Modes

Interface configuration (config-if)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for NTPv4 and IPv6 was added. The novolley keyword was added.
12.2(33)SXJ	This command was modified. Support for NTPv4 and IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
Cisco IOS XE Release 3.5S	This command was integrated into Cisco IOS XE Release 3.5S. The novolley keyword was removed.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis.

The NTP service can be activated by entering any ntp command. When you use the ntp broadcast clientcommand, the NTP service is activated (if it has not already been activated) and the device is configured to receive NTP broadcast packets on a specified interface simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp broadcast clientcommand, only the broadcast client configuration is removed from the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without any keywords. For example, if you previously issued the ntp broadcast clientcommand and you now want to remove not only the broadcast client capability, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

In IPv6 configuration, the ntp broadcastdelay command is used when the ntp broadcast client or ntp multicast client command is configured with the novolley keyword.

Examples

In the following example, the system is configured to receive (listen to) NTP broadcasts on Ethernet interface 1:

Router(config)# interface ethernet 1
Router(config-if)# ntp broadcast client

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
ntp broadcastdelay	Sets the estimated round-trip delay between the system and an NTP broadcast server.
ntp multicast client	Configures the system to receive NTP multicast packets on a specified interface.

ntp broadcastdelay

To set the estimated round-trip delay between the Cisco IOS software and a Network Time Protocol (NTP) broadcast server, use the ntp broadcastdelay command in global configuration mode. To revert to the default value, use the no form of this command.

ntp broadcastdelay microseconds

no ntp [broadcastdelay]

Syntax Description

microseconds

Estimated round-trip time (in microseconds) for NTP broadcasts. The range is from 1 to 999999.

Command Default

By default, the round-trip delay between the Cisco IOS software and an NTP broadcast server is 3000 microseconds.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for NTPv4 and IPv6 was added.
12.2(33)SXJ	This command was modified. Support for NTPv4 and IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S

Usage Guidelines

Use the ntp broadcastdelay command when the router is configured as a broadcast client and the round-trip delay on the network is other than 3000 microseconds. In IPv6, the value set by this command should be used only when the ntp broadcast client and ntp multicast client commands have the novolley keyword enabled.

The NTP service can be activated by entering any ntp command. When you use the ntp broadcastdelaycommand, the NTP service is activated (if it has not already been activated) and the estimated round-trip delay between the Cisco IOS software and an NTP broadcast server is set simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp broadcastdelaycommand, only the estimated round-trip delay between the Cisco IOS software and an NTP broadcast server is removed from the NTP service. The NTP service itself remains active, along with any other functions you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without any keywords in global configuration mode. For example, if you previously issued the ntp broadcastdelay command and you now want to remove not only the delay setting, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to set the estimated round-trip delay between a router and the broadcast client to 5000 microseconds:

Router(config)# ntp broadcastdelay 5000

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
ntp broadcast client	Configures the specified interface to receive NTP broadcast packets.
ntp multicast client	Configures the system to receive NTP multicast packets on a specified interface.

ntp clear drift

To reset the drift value stored in the persistent data file, use the ntp clear driftcommand in privileged EXEC mode.

ntp clear drift

Syntax Description

This command has no arguments or keywords.

Command Default

The drift value stored in the persistent data file is not reset.

Command Modes

Privileged EXEC (#)

Command History

Release	Modification
12.4(20)T	This command was introduced.
12.2(33)SXJ	This command was integrated into Cisco IOS Release 12.2(33)SXJ.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

The ntp clear driftcommand is used to reset the local clock drift value in the persistent data file. The drift is the frequency offset between the local clock hardware and the authoritative time from the Network Time Protocol version 4 (NTPv4) servers. NTPv4 automatically computes this drift and uses it to compensate permanently for local clock imperfections.

This command is available only when the NTP service is activated using any ntp command in global configuration mode.

Examples

The following example shows how to reset the drift value in the persistent data file:

Router# ntp clear drift

Related Commands

Command	Description
ntp	Activates the NTP service.

ntp clock-period

Caution

Do not use this command; it is documented for informational purposes only. The system automatically generates this command as Network Time Protocol (NTP) determines the clock error and compensates.

Note	Effective with Cisco IOS Release 15.0(1)M, the ntp clock-period command is not available in Cisco IOS software.

As NTP compensates for the error in the software clock, it keeps track of the correction factor for this error. When the value for the clock period needs to be adjusted, the system automatically enters the correct value into the running configuration. To remove the automatically generated value for the clock period, use the no form of this command.

ntp clock-period value

no ntp [clock-period]

Syntax Description

value

Amount of time to add to the software clock for each clock hardware tick (this value is multiplied by 2 -32 ). The default value is 17179869 2 -32 seconds (4 milliseconds).

Command Default

The clock period value is automatically generated.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
15.0(1)M	This command was removed.

Usage Guidelines

Do not manually set a value for the NTP clock period.

If the system has automatically entered a value for the clock period into the running configuration, NTP synchronizes faster after the system is restarted when the copy running-config startup-config command has been entered to save the configuration to NVRAM.

The NTP service can be activated by entering any ntp command. In the no form of any ntp command, all the keywords are optional. When you enter the no ntp clock-periodcommand, only the automatically generated value is removed. You should remove this command line when copying configuration files to other devices.The NTP service itself remains active, along with any other functions you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without keywords in global configuration mode. For example, if you want to remove not only the clock period, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

If the system has automatically entered a value for the clock period into the running configuration, NTP synchronizes faster after the system is restarted when the copy running-config startup-config command has been entered to save the configuration to NVRAM. The following example shows a typical difference between the values of the NTP clock-period setting in the running configuration and in the startup configuration:

Router# show startup-config | include clock-period
ntp clock-period 17180239
Router# show running-config | include clock-period
ntp clock-period 17180255

The following example shows how to remove the automatically generated value for the clock period from the running configuration:

Router(config)# no ntp clock-period

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

ntp disable

To prevent an interface from receiving Network Time Protocol (NTP) packets, use the ntp disable command in interface configuration mode. To enable the receipt of NTP packets on an interface, use the no form of this command.

ntp disable [ ip | ipv6 ]

no ntp disable [ ip | ipv6 ]

Syntax Description

ip	(Optional) Disables IP-based NTP traffic.
ipv6	(Optional) Disables IPv6-based NTP traffic.

Command Default

By default, interfaces receive NTP packets.

Command Modes

Interface configuration (config-if)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 was added. The optional ip and ipv6 keywords were added.
12.2(33)SXJ	This command was modified. Support for IPv6 was added. The optional ip and ipv6 keywords were added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

This command provides a simple method of access control.

Use the ntp disable command in interface configuration mode to configure an interface to reject NTP packets. If the ntp disable command is configured on an interface that does not have any NTP service running, the interface remains disabled even after the NTP service is started by another NTP configuration. When you use the ntp disable command without the ip or ipv6 keyword, NTP is disabled on the interface for all the address families.

When you enter the no ntp disablecommand in interface configuration mode, the interface that was configured to reject NTP packets is enabled to receive NTP packets.

Note	Remove all NTP commands from an interface before entering the ntp disable command on that interface.

Configuring the ntp disable command on an interface does not stop the NTP service. To disable the NTP service on a device, use the no ntp command without keywords in global configuration mode. For example, if you had previously issued the ntp disable command and you now want to remove not only this restriction, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to prevent Ethernet interface 0 from receiving NTP packets:

Router(config)# interface ethernet 0
Router(config-if)# ntp disable

The following example shows the message displayed when you try to execute the ntp disable command on an interface that has other NTP commands configured on it:

Router(config-if)# ntp disable
%NTP: Unconfigure other NTP commands on this interface before executing 'ntp disable'

If you had previously issued the ntp disable command and you now want to remove not only this restriction, but also all NTP functions from the device, use the no ntp command without keywords in global configuration mode. The following example shows how to disable the NTP service on a device:

Router(config)# no ntp

Related Commands

Command	Description
ntp	Activates the NTP service.

ntp logging

To enable Network Time Protocol (NTP) message logging, use the ntp logging command in global configuration mode. To disable NTP logging, use the no form of this command.

ntp logging

no ntp [logging]

Syntax Description

This command has no arguments or keywords.

Command Default

NTP message logging is disabled.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.3(7)T	This command was introduced.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 was added.
12.2(33)SXJ	This command was modified. Support for IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Use the ntp logging command to control the display of NTP logging messages.

The NTP service can be activated by entering any ntp command. When you use the ntp loggingcommand, the NTP service is activated (if it has not already been activated) and message logging is enabled simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp loggingcommand, only message logging is disabled in the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without keywords. For example, if you previously issued the ntp logging command and you now want to disable not only the message logging, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to enable NTP message logging and verify that it is enabled:

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# ntp logging
Router(config)# end
Router# show running-config | include ntp
ntp logging
ntp clock-period 17180152
ntp peer 10.0.0.1
ntp server 192.168.166.3

The following example shows how to disable NTP message logging and verify to that it is disabled:

Router# configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)# no
 ntp logging
Router# end
Router(config)# show running-config | include ntp
ntp clock-period 17180152
ntp peer 10.0.0.1
ntp server 192.168.166.3

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
ntp peer	Configures the software clock to synchronize a peer or to be synchronized by a peer.
ntp server	Allows the software clock to be synchronized by an NTP time server.

ntp master

To configure the Cisco IOS software as a Network Time Protocol (NTP) master clock to which peers synchronize themselves when an external NTP source is not available, use the ntp master command in global configuration mode. To disable the master clock function, use the noform of this command.

ntp master [stratum]

no ntp [master]

Syntax Description

stratum

(Optional) Number from 1 to 15. Indicates the NTP stratum number that the system will claim.

Command Default

By default, the master clock function is disabled. When enabled, the default stratum is 8.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 was added.
12.2(33)SXJ	This command was modified. Support for IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Caution

Use this command with caution. Valid time sources can be easily overridden using this command, especially if a low stratum number is configured. Configuring multiple devices in the same network with the ntp master command can cause instability in keeping time if the devices do not agree on the time.

Because the Cisco implementation of NTP does not support directly attached radio or atomic clocks, the router is normally synchronized, directly or indirectly, to an external system that has such a clock. In a network without Internet connectivity, such a time source may not be available. The ntp master command is used in such cases.

A system with the ntp master command configured that cannot reach any clock with a lower stratum number will claim to be synchronized at the configured stratum number, and other systems will be willing to synchronize to it via NTP.

Note	The software clock must have been set from some source, including manual setting, before the ntp master command will have any effect. This protects against distributing erroneous time after the system is restarted.

The NTP service can be activated by entering any ntp command. When you use the ntp mastercommand, the NTP service is activated (if it has not already been activated) and the Cisco IOS software is configured as an NTP master clock simultaneously. When you enter the no ntp mastercommand, only the NTP master clock configuration is removed from the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without any keywords in global configuration mode. For example, if you had previously issued the ntp mastercommand and you now want to remove not only the master clock function, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to configure a router as an NTP master clock to which peers may synchronize:

Router(config)# ntp master 10

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
clock calendar-valid	Configures the system hardware clock that is an authoritative time source for the network.

ntp max-associations

To configure the maximum number of Network Time Protocol (NTP) peers and clients for a routing device, use the ntp max-associations command in global configuration mode. To return the maximum associations value to the default, use the no form of this command.

ntp max-associations number

no ntp [max-associations]

Syntax Description

number

Number of NTP associations. The range is from 1 to 4294967295. The default is 100. In the Cisco IOS Release 12.2SX train, the range is from 0 to 4294967295.

Command Default

The maximum association value of NTP peers and clients is 100.

Command Modes

Global configuration (config)

Command History

Release	Modification
12.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 was added.
12.2(33)SXJ	This command was modified. Support for IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

The router can be configured to define the maximum number of NTP peer and client associations that the router will serve. Use the ntp max-associations command to set the maximum number of NTP peer and client associations that the router will serve.

The ntp max-associationscommand is useful for ensuring that the router is not overwhelmed by NTP synchronization requests. For an NTP master server, this command is useful for allowing numerous devices to synchronize to a router.

The NTP service can be activated by entering any ntp command. When you use the ntp max-associationscommand, the NTP service is activated (if it has not already been activated) and the maximum number of NTP peers and clients is configured simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp max-associationscommand, only the maximum number value is removed from the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without any keywords in global configuration mode. For example, if you previously issued the ntp max-associationscommand and you now want to remove not only that maximum value, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Note

By default, the previous configuration values are retained when the last valid configuration (configuration for which the NTP service needs to run) is removed. Only the configuration values related to the maximum number of NTP peer and client associations are reset to the default value when the NTP process is disabled.

Examples

In the following example, the router is configured to act as an NTP server to 200 clients:

Router(config)# ntp max-associations 200

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
show ntp associations	Displays all current NTP associations for the device.

ntp multicast

To configure a system to send Network Time Protocol (NTP) multicast packets on a specified interface, use the ntp multicast command in interface configuration mode. To disable this capability, use the no form of this command.

ntp multicast [ ip-address | ipv6-address ] [ key key-id ] [ ttl value ] [ version number ]

no ntp [ multicast [ ip-address | ipv6-address ] [ key key-id ] [ ttl value ] [ version number ] ]

Syntax Description

ip-address	(Optional) IPv4 address of the multicast group. Default address is 224.0.1.1.
ipv6-address	(Optional) IPv6 address of the multicast group. The address can be the all-nodes IPv6 address (FF02::1) or any other IPv6 multicast address.
key	(Optional) Defines a multicast authentication key.
key-id	(Optional) Authentication key number in the range from 1 to 4294967295. In the Cisco IOS Release 12.2SX train, the range is from 0 to 4294967295.
ttl	(Optional) Defines the time-to-live (TTL) value of a multicast NTP packet.
value	(Optional) TTL value in the range from 1 to 255. Default TTL value is 16.
version	(Optional) Defines the NTP version number.
number	(Optional) NTP version number in the range from 2 to 4. Default version number for IPv4 is 3, and default number for IPv6 is 4. In the Cisco IOS Release 12.2SX train, the range is from 1 to 4.

Command Default

NTP multicast capability is disabled.

Command Modes

Interface configuration (config-if)

Command History

Release	Modification
12.1	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for NTPv4 and IPv6 was added. The ipv6-addressargument was added.
12.2(33)SXJ	This command was modified. Support for NTPv4 and IPv6 was added. The ipv6-addressargument was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

The TTL value is used to limit the scope of an audience for multicast routing.

The NTP service can be activated by entering any ntp command. When you use the ntp multicastcommand, the NTP service is activated (if it has not already been activated) and the interface on which to send multicast packets is configured simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp multicast command, only the multicast capability is removed from the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command in global configuration mode without keywords. For example, if you had previously issued the ntp multicast command and you now want to remove not only the multicast capability, but also all NTP functions from the device, use the no ntp command in global configuration mode without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to configure Ethernet interface 0 to send NTP version 2 broadcasts:

Router(config)# interface ethernet 0
Router(config-if)# ntp multicast version 2

If you had previously issued the ntp multicast command and you now want to remove not only the multicast capability, but also all NTP functions from the device, use the no ntp command in global configuration mode without any keywords. The following example shows how to remove the ntp multicast command along with all the other configured NTP options and to disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
ntp authentication-key	Defines an authentication key for NTP.
ntp multicast client	Allows the system to receive NTP multicast packets on an interface.

ntp peer

To configure a router to allow its software clock to be synchronized with the software clock of a Network Time Protocol (NTP) peer or to allow the software clock of a NTP peer to be synchronized with the software clock of the router, use the ntp peer command in global configuration mode. To disable this capability, use the no form of this command.

ntp peer [ vrf vrf-name ] { ip-address | ipv6-address | [ ip | ipv6 ] hostname } [normal-sync] [ version number ] [ key key-id ] [ source interface-type interface-number ] [prefer] [ maxpoll number ] [ minpoll number ] [burst] [iburst]

no ntp [ peer [ vrf vrf-name ] { ip-address | ipv6-address | [ ip | ipv6 ] hostname } ]

Syntax Description

vrf vrf-name	(Optional) Specifies the VPN routing and forwarding (VRF) instance that the NTP peer should use for routing to the destination server instead of using the global routing table.
ip-address	IPv4 address of the NTP peer providing or being provided the software clock synchronization.
ipv6-address	IPv6 address of the NTP peer providing or being provided the clock synchronization.
ip	(Optional) Forces Domain Name System (DNS) resolution to be performed in the IPv4 address space.
ipv6	(Optional) Forces DNS resolution to be performed in the IPv6 address space.
hostname	Hostname of the NTP peer that is providing or being provided the clock synchronization.
normal-sync	(Optional) Disables the rapid synchronization of the NTP peer with the software clock startup.
version	(Optional) Specifies the NTP version number.
number	(Optional) NTP version number. The range is from 2 to 4. Note    In Cisco IOS Release 12.2(33)SX. The range is from 1 to 4.
key	(Optional) Specifies the authentication key.
key-id	(Optional) Authentication key to use when sending packets to this NTP peer.
source	(Optional) Specifies that the source address of the server must be taken from the specified interface.
interface-type	(Optional) Name of the interface from which to pick the IPv4 or IPv6 source address. For more information, use the question mark (?) online help function.
interface- number	(Optional) Interface or subinterface number. For more information about the numbering syntax for your networking device, use the question mark (?) online help function.
prefer	(Optional) Makes this NTP peer the preferred peer that provides the clock synchronization.
maxpoll number	(Optional) Configures the maximum time intervals, in seconds, between client requests sent to the server. The range is from 4 to 17. The default is 10.
minpoll number	(Optional) Configures the minimum time intervals, in seconds, between client requests sent to the server. The range is from 4 to 17. The default is 6.
burst	(Optional) Enables burst mode. The burst mode allows the exchange of eight NTP messages (instead of two) during each poll interval to reduce the effects of network jitter. Note    Effective with Cisco IOS Release 15.2(1)S1 the burst mode is enabled by default. However, the burst keyword is retained in the command.
iburst	(Optional) Enables initial burst (iburst) mode. The iburst mode triggers the immediate exchange of eight NTP messages (instead of two) when an association is first initialized. This keyword allows rapid time setting at system startup or when an association is configured. Note    Effective with Cisco IOS Release 15.2(1)S1 and 15.2(2)T1, the iburst mode is enabled by default. However, the iburst keyword is retained in the command.

Command Default

The software clock on a router is not configured to synchronize with the NTP peer.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.3(14)T	This command was modified. The normal-sync keyword was added.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command was integrated into Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 and NTPv4 was added. The ip, ipv6, maxpoll, minpoll, burst, and iburst keywords and the ipv6-address and number arguments were added.
12.2(33)SXJ	This command was modified. Support for IPv6 and NTPv4 was added. The ip, ipv6, maxpoll, minpoll, burst, and iburst keywords and the ipv6-address and number arguments were added. The command behavior was modified to display a message when an unsupported NTP version is selected.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
12.2(50)SY	This command was integrated into Cisco IOS Release 12.2(50)SY.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

When a peer is configured, the default NTP version number is 4, no authentication key is used, and the source address is taken from the outgoing interface.

Use this command to allow a device software clock to synchronize with a peer software clock or vice versa. Use the prefer keyword to reduce switching between peers.

If you are using the NTP version 3 (NTPv3) and NTP synchronization does not occur, try using NTP version 2 (NTPv2). For IPv6, use NTP version 4 (NTPv4).

If you select an NTP version that is not supported, a message is displayed.

If you are using NTPv4, the NTP synchronization takes more time to complete when compared to NTPv3, which synchronizes in seconds or within 1 to 2 minutes. The acceptable time for synchronization in NTPv4 is 15 to 20 minutes. The exact time span required for the NTP synchronization while using NTPv4 cannot be derived accurately. It depends on the network topology and complexity. To achieve faster NTP synchronization, enable the burst or iburst mode by using the burst or iburst keyword, respectively. With the burst or iburst mode configured, NTP synchronization takes about 1 to 2 minutes.

Multiple configurations are not allowed for the same peer or server. If a configuration exists for a peer and you use the ntp peer command to configure the same peer, the new configuration will replace the old one.

The NTP service can be activated by entering any ntp command. When you use the ntp peer command, the NTP service is activated (if it has not already been activated) and the NTP peer is configured simultaneously.

When you enter the no ntp peer command, only the NTP peer configuration is removed from the NTP service. The NTP service itself remains active, along with any other previously configured NTP functions.

If you had issued the ntp peer command and you now want to remove not only this restriction, but also all NTP functions from the device, use the no ntp command without any keywords or arguments.

Note	If you use the no ntp command without keywords or arguments in global configuration mode, all NTP configurations are removed and the NTP service on the device is disabled.

Examples

The following example shows how to configure a router to allow its software clock to be synchronized with the software clock of a peer (or vice versa) at the IPv4 address 192.168.22.33 using NTPv2. The source IPv4 address is the address of Ethernet 0:

Router(config)# ntp peer 192.168.22.33 version 2 source ethernet 0

The following example shows how to configure a router to allow its software clock to be synchronized with the software clock of a peer (or vice versa) at IPv6 address 2001:0DB8:0:0:8:800:200C:417A using NTPv4:

Router(config)# ntp peer 2001:0DB8:0:0:8:800:200C:417A version 4

The following example shows how to disable rapid software clock synchronization at startup:

Router(config)# ntp peer 192.168.22.33 normal-sync

The following example shows the message displayed when you try to configure an unsupported NTP version:

Router(config)# ntp peer 192.168.22.33 version 1
NTP version 4 supports backward compatibility to only version 2 and 3
 Please re-enter version[2-4]
 Setting NTP version 4 as default

The following example shows how to remove all the configured NTP options and disable the NTP service:

Router(config)# no ntp

Related Commands

Command	Description
ntp authentication-key	Defines an authentication key for NTP.
ntp server	Allows the software clock to be synchronized by an NTP time server.
ntp source	Uses a particular source address in NTP packets.

ntp refclock

To configure an external clock source for use with Network Time Protocol (NTP) services, use the ntp refclock command in line configuration mode. To disable support of the external clock source, use the no form of this command.

ntp refclock { trimble | telecom-solutions } pps { cts | ri | none } [inverted] [ pps-offset milliseconds ] [ stratum number ] [ timestamp-offset number ]

no ntp [refclock]

Syntax Description

trimble	Enables the reference clock driver for the Trimble Palisade NTP Synchronization Kit (Cisco 7200 series routers only).
telecom-solutions	Enables the reference clock driver for a Telecom Solutions Global Positioning System (GPS) device. Note    Effective with Cisco IOS Release 15.2(2)T, this keyword is deprecated.
pps	Enables a pulse per second (PPS) signal line. Indicates PPS pulse reference clock support. The options are cts, ri, or none.
cts	Enables PPS on the Clear To Send (CTS) line.
ri	Enables PPS on the Ring Indicator (RI) line.
none	Specifies that no PPS signal is available.
inverted	(Optional) Specifies that the PPS signal is inverted.
pps-offset milliseconds	(Optional) Specifies the offset of the PPS pulse. The number is the offset (in milliseconds).
stratum number	(Optional) Indicates the NTP stratum number that the system will claim. The number range is from 0 to 14.
timestamp-offset number	(Optional) Specifies the offset of time stamp. The number is the offset (in milliseconds).

Command Default

By default, an external clock source for use with NTP services is not configured.

Command Modes

Line configuration (config-line)

Command History

Release	Modification
12.1	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 was added.
12.2(33)SXJ	This command was modified. Support for IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(2)T	This command was modified. The telecom-solutions keyword was deprecated.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

To configure a PPS signal as the source for NTP synchronization, use the following form of the ntp refclock command:

ntp refclock trimble pps {cts | ri} [inverted] [pps-offset milliseconds] [stratum number] [timestamp-offset number]

To configure a Trimble Palisade NTP Synchronization Kit as the GPS clock source connected to the auxiliary port of a Cisco 7200 router, use the following form of the ntp refclock command:

ntp refclock trimble pps none [stratum number]

To configure a Telecom Solutions product as the GPS clock source, use the ntp refclock telecom-solutions form of the command:

ntp refclock telecom-solutions pps cts [stratum number]

When two or more servers are configured with the same stratum number, the client will never synchronize with any of the servers. This is because the client is not able to identify the device with which to synchronize. When two or more servers are configured with the same stratum number, and if the client is in synchronization with one of the servers, the synchronization is lost if the settings on one server are changed.

The NTP service can be activated by entering any ntp command. When you use the ntp refclock command, the NTP service is activated (if it has not already been activated) and the external clock source is configured simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp refclock command, only the external clock source is removed from the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To terminate the NTP service on a device, you must enter the no ntp command without keywords in global configuration mode. For example, if you had previously issued the ntp refclock command and you now want to remove not only the external clock source, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.

Examples

The following example shows how to configure a Trimble Palisade GPS time source on a Cisco 7200 router:

Router(config)# ntp master
Router(config)# ntp update-calendar
Router(config)# line aux 0
Router(config-line)# ntp refclock trimble pps none

The following example shows how to configure a Telecom Solutions GPS time source on a Catalyst switch platform:

Router(config)# ntp master
Router(config)# ntp update-calendar
Router(config)# line aux 0
Router(config-line)# ntp refclock telecom-solutions pps cts stratum 1

If you had previously issued the ntp refclock command and you now want to remove not only the external clock source, but also all NTP functions from the device, use the no ntp command without any keywords in global configuration mode. The following example shows how to remove the ntp reflcock command along with all the configured NTP options and how to disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
show ntp associations	Displays the status of NTP associations configured for your system.

ntp server

To configure a router to allow its software clock to be synchronized with the software clock of a Network Time Protocol (NTP) time server, use the ntp server command in global configuration mode. To disable this capability, use the no form of this command.

ntp server [ vrf vrf-name ] { ip-address | ipv6-address | [ ip | ipv6 ] hostname } [normal-sync] [ version number ] [ key key-id ] [ source interface-type interface-number ] [prefer] [ maxpoll number ] [ minpoll number ] [burst] [iburst]

no ntp [ server [ vrf vrf-name ] { ip-address | ipv6-address | [ ip | ipv6 ] hostname } ]

Syntax Description

vrf vrf-name	(Optional) Specifies the VPN routing and forwarding (VRF) instance that the NTP peer should use for routing to the destination server instead of using the global routing table.
ip-address	IPv4 address of the NTP peer providing or being provided the software clock synchronization.
ipv6-address	IPv6 address of the NTP peer providing or being provided the software clock synchronization.
ip	(Optional) Forces domain name server (DNS) resolution to be performed in the IPv4 address space.
ipv6	(Optional) Forces DNS resolution to be performed in the IPv6 address space.
hostname	Hostname of the NTP peer providing or being provided the clock synchronization.
normal-sync	(Optional) Disables the rapid synchronization of the NTP peer with the software clock at startup.
version	(Optional) Defines the NTP version number.
number	(Optional) NTP version number. The range is from 2 to 4. Note    In Cisco IOS Release 12.2SX, the number range is from 1 to 4.
key	(Optional) Specifies the authentication key.
key-id	(Optional) Authentication key to use when sending packets to this NTP peer.
source	(Optional) Specifies that the source address must be taken from the specified interface.
interface-type	(Optional) Name of the interface from which to pick the IPv4 or IPv6 source address. For more information, use the question mark (?) online help function.
interface-number	(Optional) Interface or subinterface number. For more information about the numbering syntax for your networking device, use the question mark (?) online help function.
prefer	(Optional) Makes this NTP peer the preferred peer that provides the clock synchronization.
maxpoll number	(Optional) Configures the maximum time intervals, in seconds, between client requests sent to the server. The range is from 4 to 17. The default is 10.
minpoll number	(Optional) Configures the minimum timing intervals, in seconds, between client requests sent to the server. The range is from 4 to 17. The default is 6.
burst	(Optional) Enables burst mode. The burst mode allows the exchange of eight NTP messages (instead of two) during each poll interval in order to reduce the effects of network jitter. Note    Effective with Cisco IOS Release 15.2(1)S1, the burst keywords is enabled by default.
iburst	(Optional) Enables initial burst (iburst) mode. The iburst mode triggers the immediate exchange of eight NTP messages (instead of two) when an association is first initialized. This keyword allows rapid time setting at system startup or when an association is configured. Note    Effective with Cisco IOS Release 15.2(1)S1, the iburst keyword is enabled by default.

Command Default

No servers are configured by default. When a server is configured, the default NTP version number is 3, an authentication key is not used, and the source IPv4 or IPv6 address is taken from the outgoing interface. Effective with Cisco IOS Release 15.2(1)S1, the burst and the iburst keywords are enabled by default.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command was integrated into the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 was added to NTP version 4. Theburst ip, ipv6, maxpoll, minpoll, burst, and iburst keywords and the number and ipv6-address arguments were added.
12.2(33)SXJ	This command was modified. Support for IPv6 was added to NTP version 4. The ip, ipv6, maxpoll, minpoll, burst, and iburst keywords and the number and ipv6-address arguments were added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
12.2(50)SY	This command was integrated into Cisco IOS Release 12.2(50)SY.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Use this command if you want to allow the system to synchronize the system software clock with the specified NTP server.

When you use the hostname argument, the router performs a DNS lookup on that name and stores the IPv4 or IPv6 address in the configuration. For example, if you enter the ntp server hostname command and then check the running configuration, the output shows �ntp server a.b.c.d,� where a.b.c.d is the IP address of the host, assuming that the router is correctly configured as a DNS client.

Use the prefer keyword if you need to use this command multiple times and you want to set a preferred server. Using the prefer keyword reduces switching between servers.

If you are using the default NTP version 3 and NTP synchronization does not occur, try Network TimeProtocol version 2 (NTPv2). Some NTP servers on the Internet run version 2. For IPv6, use NTP version 4 (NTPv4).

If you are using NTPv4, the NTP synchronization takes more time to complete when compared to NTPv3, which synchronizes in seconds or within of 1 to 2 minutes. The acceptable time for synchronization in NTPv4 is 15 to 20 minutes. The exact time span required for the NTP synchronization while using NTPv4 cannot be derived accurately. It depends on the network topology and complexity. To achieve faster NTP synchronization, enable the burst or iburst mode by using the burst or iburst keyword, respectively. With the burst or iburst mode configured, NTP synchronization takes about 1 to 2 minutes.

Note	Effective with Cisco IOS Release 15.2(1)S1, the burst and iburst modes are enabled by default. However, the burst and iburst keywords are retained in the command.

The NTP service can be activated by entering any ntp command. When you use the ntp server command, the NTP service is activated (if it has not already been activated) and software clock synchronization is configured simultaneously.

When you enter the no ntp server command, only the server synchronization capability is removed from the NTP service. The NTP service itself remains active, along with any other previously configured NTP functions.

If you had issued the ntp server command and you now want to remove not only server synchronization capability, but also all NTP functions from the device, use the no ntp command without any keywords or arguments.

Note	If you use the no ntp command without keywords or arguments in global configuration mode, all NTP configurations are removed and the NTP service on the device is disabled.

If you want to disable an NTP server or a peer configured with a particular source interface, you must specify the interface type and number in the no form of the command.

Examples

The following example shows how to configure a router to allow its software clock to be synchronized with the software clock of an NTP server by using the device at the IPv4 address 172.16.22.44 using NTPv2:

Router(config)# ntp server 172.16.22.44 version 2

The following example shows how to configure a router to allow its software clock to be synchronized with the software clock of an NTP server by using the device at the IPv6 address 2001:0DB8:0:0:8:800:200C:417A using NTPv4:

Router(config)# ntp server 2001:0DB8:0:0:8:800:200C:417A version 4

The following example shows how to configure software clock synchronization with an NTP server with a particular source interface:

Router(config)# ntp server 209.165.200.231 source ethernet 0/1

Related Commands

Command	Description
ntp authentication-key	Defines an authentication key for NTP.
ntp peer	Configures the software clock to synchronize a peer or to be synchronized by a peer.
ntp source	Uses a particular source address in NTP packets.

ntp source

To use a particular source address in Network Time Protocol (NTP) packets, use the ntp source command in global configuration mode. To remove the specified source address, use the no form of this command.

ntp source interface-type interface-number

no ntp [source]

Syntax Description

interface-type	Type of interface.
interface-number	Number of the interface.

Command Default

Source address is determined by the outgoing interface.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support was added to allow a specified interface to be configured with IPv6 addresses.
12.2(33)SXJ	This command was modified. Support was added to allow a specified interface to be configured with IPv6 addresses.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Use this command when you want to use a particular source IPv4 or IPv6 address for all NTP packets. The address is taken from the named interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword is present on an ntp server or ntp peer global configuration command, that value overrides the global value set by this command.

The NTP service can be activated by entering any ntp command. When you use the ntp source command, the NTP service is activated (if it has not already been activated) and the source address is configured simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp source command, only the source address is removed from the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without any keywords in global configuration mode. For example, if you had previously issued the ntp sourcecommand and you now want to remove not only the configured source address, but also all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

If the NTP source is not set explicitly, and a link fails or an interface state changes, the NTP packets are sourced from the next best interface and the momentarily lost synchronization is regained.

Examples

The following example shows how to configure a router to use the IPv4 or IPv6 address of Ethernet interface 0 as the source address of all outgoing NTP packets:

Router(config)# ntp source ethernet 0

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
ntp peer	Configures the software clock to synchronize a peer or to be synchronized by a peer.
ntp server	Allows the software clock to be synchronized by a time server.

ntp update-calendar

To periodically update the hardware clock (calendar) from a Network Time Protocol (NTP) time source, use the ntp update-calendar command in global configuration mode. To disable the periodic updates, use the no form of this command.

ntp update-calendar

no ntp [update-calendar]

Syntax Description

This command has no arguments or keywords.

Command Default

The hardware clock (calendar) is not updated.

Command Modes

Global configuration (config)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	This command was modified. Support for IPv6 was added.
12.2(33)SXJ	This command was modified. Support for IPv6 was added.
Cisco IOS XE Release 3.3S	This command was integrated into Cisco IOS XE Release 3.3S. Support for IPv6 was added.
15.1(4)M	This command was integrated into Cisco IOS Release 15.1(4)M.
15.2(1)S	This command was integrated into Cisco IOS Release 15.2(1)S.

Usage Guidelines

Some platforms have a battery-powered hardware clock, referred to in the CLI as the calendar, in addition to the software-based system clock. The hardware clock runs continuously, even if the router is powered off or rebooted.

If the software clock is synchronized to an outside time source via NTP, it is a good practice to periodically update the hardware clock with the time learned from NTP. Otherwise, the hardware clock will tend to gradually lose or gain time (drift), and the software clock and hardware clock may lose synchronization with each other. The ntp update-calendar command will enable the hardware clock to be periodically updated with the time specified by the NTP source. The hardware clock will be updated only if NTP has synchronized to an authoritative time server.

Many lower-end routers (for example, the Cisco 2500 series or the Cisco 2600 series) do not have hardware clocks, so this command is not available on those platforms.

To force a single update of the hardware clock from the software clock, use the clock update-calendar command in user EXEC mode.

The NTP service can be activated by entering any ntp command. When you use the ntp update-calendar command, the NTP service is activated (if it has not already been activated) and the hardware clock is updated simultaneously.

In the no form of any ntp command, all the keywords are optional. When you enter the no ntp update-calendar command, only the clock updates are stopped in the NTP service. The NTP service itself remains active, along with any other functions that you previously configured.

To disable the NTP service on a device, you must enter the no ntp command without any keywords in global configuration mode. For example, if you had previously issued the ntp update-calendar command and you now want to disable not only the periodic updates, but also all NTP functions running on the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also disabled.

Examples

The following example shows how to configure the system to periodically update the hardware clock from the NTP time source:

Router(config)# ntp update-calendar

The following example shows how to remove all the configured NTP options and disable the NTP server:

Router(config)# no ntp

Related Commands

Command	Description
clock read-calendar	Performs a one-time update of the software clock from the hardware clock (calendar).
clock update-calendar	Performs a one-time update of the hardware clock (calendar) from the software clock.

show calendar

To display the current time and date setting for the hardware clock, use the show calendar command in EXEC mode:

show calendar

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Usage Guidelines

Some platforms have a hardware clock (calendar) which is separate from the software clock. The hardware clock is battery operated, and runs continuously, even if the router is powered off or rebooted.

You can compare the time and date shown with this command with the time and date listed via the show clock EXEC command to verify that the hardware clock and software clock are synchronized with each other. The time displayed is relative to the configured time zone.

Examples

In the following sample display, the hardware clock indicates the time stamp of 12:13:44 p.m. on Friday, July 19, 1996:

Router> show calendar
12:13:44 PST Fri Jul 19 1996

Related Commands

Command	Description
show clock	Displays the time and date from the system software clock.

show clock

To display the time and date from the system software clock, use the show clock command in user EXEC or privileged EXEC mode.

show clock [detail]

Syntax Description

detail

(Optional) Indicates the clock source (NTP, VINES, hardware clock, and so on) and the current summer-time setting (if any).

Command Modes

User EXEC
Privileged EXEC

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	Support for IPv6 was added.
15.2(1)S	This command is supported in the Cisco IOS Release 15.2(1)S.
Cisco IOS XE Release 3.5S	This command was integrated into Cisco IOS XE Release 3.5S.

Usage Guidelines

The software clock keeps an “authoritative” flag that indicates whether the time is authoritative (believed to be accurate). If the software clock has been set by a timing source (for example, via NTP), the flag is set. If the time is not authoritative, it will be used only for display purposes. Until the clock is authoritative and the “authoritative” flag is set, the flag prevents peers from synchronizing to the software clock.

The symbol that precedes the show clock display indicates the following:

Symbol	Description	Example
*	Time is not authoritative: the software clock is not in sync or has never been set.	*15:29:03.158 UTC Tue Feb 25 2003:
(blank)	Time is authoritative: the software clock is in sync or has just been set manually	15:29:03.158 UTC Tue Feb 25 2003:
.	Time is authoritative, but NTP is not synchronized: the software clock was in sync, but has since lost contact with all configured NTP servers	.15:29:03.158 UTC Tue Feb 25 2003:

These symbols are also used in NTP-based timestamping, such as for syslog (SEM) messages.

Note	In general, NTP synchronization takes approximately 15 to 20 minutes.

Examples

The following sample output shows that the current clock is authoritative and that the time source is NTP:

Router> show clock detail
15:29:03.158 PST Tue Feb 25 2003
Time source is NTP

The following example shows the current clock is authoritative, but NTP is not yet synchronized:

Router> show clock
.16:42:35.597 UTC Tue Feb 25 2003

Related Commands

Command	Description
clock set	Manually sets the software clock.
show calendar	Displays the current time and date setting of the system hardware clock.

show ntp status

To display the status of the Network Time Protocol (NTP), use the show ntp status command in user EXEC or privileged EXEC mode.

show ntp status

Syntax Description

This command has no arguments or keywords.

Command Modes

User EXEC (>)

Privileged EXEC (#)

Command History

Release	Modification
10.0	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.
12.4(20)T	Support for IPv6 was added.
Cisco IOS XE Release 3.2S	This command was integrated into Cisco IOS XE Release 3.2S.
15.1(2)S	This command was integrated into Cisco IOS Release 15.1(2)S.
Cisco IOS XE Release 3.7S	This command was modified. The output of the command was enhanced to include reference assoc ID, time resolution, ntp uptime, system time, leap time, and leap direction fields.

Examples

The following is sample output from the show ntp status command:

Device> show ntp status

Clock is synchronized, stratum 2, reference assoc id 1, reference is 192.0.2.1	
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**7
reference time is D2352258.243DDF14 (06:12:40.141 IST Tue Oct 4 2011)
clock offset is 0.0000 msec, root delay is 0.00 msec, time resolution 1000 (1 msec), 
root dispersion is 15.91 msec, peer dispersion is 8.01 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is 0.000000000 s/s
system poll interval is 16, last update was 6 sec ago.
ntp uptime (00:00:00.000) UTC,
system time is D2352258.243DDF14 (06:12:40.141 IST Tue Oct 4 2011) 
leap time is D2352258.243DDF14 (24:00:00.000 IST Tue Dec 31 2011)
leap direction is 1

The following table describes the significant fields shown in the display.

Table 1 show ntp status Field Descriptions

Field	Description
synchronized	System is synchronized with an NTP peer.
reference assoc id	Reference association identity.
stratum	NTP stratum of this system.
reference	Address of the peer that the system is synchronized with.
nominal freq	Nominal frequency of the system hardware clock (in Hertz).
actual freq	Measured frequency of the system hardware clock (in Hertz).
precision	Precision of the clock of this system (in Hertz).
reference time	Reference time stamp.
clock offset	Offset of the system clock to the synchronized peer (in milliseconds).
root delay	Total delay along the path to the root clock (in milliseconds).
time resolution	Time resolution of the underlying operating system (in milliseconds).
root dispersion	Dispersion of the root path.
peer dispersion	Dispersion of the synchronized peer.
ntp uptime	Uptime of the NTP entity.
system time	Current date and time of the system.
leap time	Date on which the next known leap second will occur.
leap direction	Direction of next known leap second.

Related Commands

Command	Description
show ntp status	Displays the status of NTP.

show sntp

To show information about the Simple Network Time Protocol (SNTP), use the show sntpcommand in EXEC mode on a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720, or Cisco 1750 router.

show sntp

Syntax Description

This command has no arguments or keywords.

Command Modes

EXEC

Command History

Release	Modification
11.2	This command was introduced.
12.2(33)SRA	This command was integrated into Cisco IOS Release 12.2(33)SRA.
12.2SX	This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware.

Examples

The following is sample output from the show sntp command:

Router> show sntp
SNTP server     Stratum   Version    Last Receive
171.69.118.9       5         3        00:01:02 
172.21.28.34       4         3        00:00:36    Synced  Bcast
Broadcast client mode is enabled.

The table below describes the significant fields shown in the display.

Table 2 show sntp Field Descriptions

Field	Description
SNTP server	Address of the configured or broadcast NTP server.
Stratum	NTP stratum of the server. The stratum indicates how far away from an authoritative time source the server is.
Version	NTP version of the server.
Last Receive	Time since the last NTP packet was received from the server.
Synced	Indicates the server chosen for synchronization.
Bcast	Indicates a broadcast server.

Related Commands

Command	Description
sntp broadcast client	Configures a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720, or Cisco 1750 router to use SNTP to accept NTP traffic from any broadcast server.
sntp server	Configures a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720, or Cisco 1750 router to use SNTP to request and accept NTP traffic from a time server.