Feedback
Table Of Contents
Basic System Management Commands
Basic System Management Commands
This chapter describes the commands used to perform basic system management tasks, such as naming the router and setting time services. This documentation is specific to Cisco IOS Release 12.2.
For basic system management configuration tasks and examples, refer to the "Performing Basic System Management" chapter in the Release 12.2 Cisco IOS Configuration Fundamentals Configuration Guide.
absolute
To specify an absolute time when a time range is in effect, use the absolute time-range configuration command. To remove the time limitation, use the no form of this command.
absolute [start time date] [end time date]
no absolute
Syntax Description
Defaults
There is no absolute time when the time range is in effect.
Command Modes
Time-range configuration
Command History
Usage Guidelines
Time ranges are used by IP and IPX extended access lists. For more information on using these functions, see the Release 12.2 Cisco IOS IP Configuration Guide and the Release 12.2 Cisco IOS AppleTalk and Novell IPX Configuration Guide. Time ranges are applied to the permit or deny statements found in these access lists.
The absolute command is one way to specify when a time range is in effect. Another way is to specify a periodic length of time with the periodic command. Use either of these commands after the time-range command, which enables time-range configuration mode and specifies a name for the time range. Only one absolute entry is allowed per time-range command.
If a time-range command has both absolute and periodic values specified, then the periodic items are evaluated only after the absolute start time is reached, and are not further evaluated after the absolute end time is reached.
Note
All time specifications are interpreted as local time. To ensure that the time range entries take effect at the desired times, the software clock should be synchronized using the Network Time Protocol (NTP), or some other authoritative time source. For more information, refer to the "Performing Basic System Management" chapter of the Release 12.2 Cisco IOS Configuration Fundamentals Configuration Guide.
Examples
The following example configures an access list named northeast, which references a time range named xyz. The access list and time range together permit traffic on Ethernet interface 0 starting at noon on January 1, 2001 and going forever.
time-range xyzabsolute start 12:00 1 January 2001!ip access-list extended northeastpermit ip any any time-range xyz!interface ethernet 0ip access-group northeast inThe following example permits UDP traffic until noon on December 31, 2000. After that time, UDP traffic is no longer allowed out Ethernet interface 0.
time-range abcabsolute end 12:00 31 December 2000!ip access-list extended northeastpermit udp any any time-range abc!interface ethernet 0ip access-group northeast outThe following example permits UDP traffic out Ethernet interface 0 on weekends only, from 8:00 a.m. on January 1, 1999 to 6:00 p.m. on December 31, 2001:
time-range testabsolute start 8:00 1 January 1999 end 18:00 31 December 2001 periodic weekends 00:00 to 23:59!ip access-list extended northeastpermit udp any any time-range test!interface ethernet 0ip access-group northeast outRelated Commands
alias
To create a command alias, use the alias global configuration command. To delete all aliases in a command mode or to delete a specific alias, and to revert to the original command syntax, use the no form of this command.
alias mode command-alias original-command
no alias mode [command-alias]
Syntax Description
mode
Command mode of the original and alias commands.
command-alias
Command alias.
original-command
Original command syntax.
Defaults
A set of six basic EXEC mode aliases are enabled by default. See the "Usage Guidelines" section of this command for a list of default aliases.
Command Modes
Global configuration
Command History
Usage Guidelines
You can use simple words or abbreviations as command aliases.
Table 44 lists the basic EXEC mode aliases that are enabled by default.
Table 44 Default Command Aliases
h
help
lo
logout
p
ping
r
resume
s
show
w
where
The default aliases in Table 44 are predefined. These default aliases can be disabled with the no alias exec command.
Common keyword aliases (which can not be disabled) include running-config (keyword alias for system:running-config) and startup-config (keyword alias for nvram:startup-config). See the description of the copy command for more information about these keyword aliases.
Note that aliases can be configured for keywords instead of entire commands. You can create, for example, an alias for the first part of any command and still enter the additional keywords and arguments as normal.
To determine the value for the mode argument, enter the command mode in which you would issue the original command (and in which you will issue the alias) and enter the ? command. The name of the command mode should appear at the top of the list of commands. For example, the second line in the following sample output shows the name of the command mode as "Interface configuration":
Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface e0Router(config-if)#?Interface configuration commands:access-expression Build a bridge boolean access expression...To match the name of the command mode to the acceptable mode keyword for the alias command, issue the alias ? command. As shown in the following sample output, the keyword needed to create a command alias for the access-expression command is interface:
Router(config)# alias ?accept-dialin VPDN group accept dialin configuration modeaccept-dialout VPDN group accept dialout configuration modeaddress-family Address Family configuration modecall-discriminator Call Discriminator Configurationcascustom Cas custom configuration modeclid-group CLID group configuration modeconfigure Global configuration modecongestion Frame Relay congestion configuration modecontroller Controller configuration modecptone-set custom call progress tone configuration modecustomer-profile customer profile configuration modedhcp DHCP pool configuration modednis-group DNIS group configuration modeexec Exec modeflow-cache Flow aggregation cache config modefr-fr FR/FR connection configuration modeinterface Interface configuration mode...Router(config)# alias interface express access-expressionFor a list of command modes with descriptions and references to related documentation, refer to the "Cisco IOS Command Modes" appendix of the Release 12.2 Cisco IOS Configuration Fundamentals Configuration Guide.
When you use online help, command aliases are indicated by an asterisk (*), and displayed in the following format:
*command-alias=original-command
For example, the lo command alias is shown here along with other EXEC mode commands that start with "lo":
Router#lo?*lo=logout lock login logoutWhen you use online help, aliases that contain multiple keyword elements separated by spaces are displayed in quotes, as shown here:
Router(config)#alias exec device-mail telnet device.cisco.com 25Router(config)#endRouter#device-mail?*device-mail="telnet device.cisco.com 25"To list only commands and omit aliases, begin your input line with a space. In the following example, the alias td is not shown, because there is a space before the t? command line.
Router(config)#alias exec td telnet deviceRouter(config)#endRouter# t?telnet terminal test tn3270 traceTo circumvent command aliases, use a space before entering the command. In the following example, the command alias express is not recognized because a space is used before the command.
Router(config-if)#exp?*express=access-expressionRouter(config-if)# express ?% Unrecognized commandAs with commands, you can use online help to display the arguments and keywords that can follow a command alias. In the following example, the alias td is created to represent the command telnet device. The /debug and /line switches can be added to telnet device to modify the command:
Router(config)#alias exec td telnet deviceRouter(config)#endRouter#td ?/debug Enable telnet debugging mode/line Enable telnet line mode...whois Whois port<cr>Router# telnet deviceYou must enter the complete syntax for the command alias. Partial syntax for aliases is not accepted. In the following example, the parser does not recognize the command t as indicating the alias td:
Router#t% Ambiguous command: "t"Examples
In the following example, the alias fixmyrt is configured for the clear iproute 209.165.201.16 EXEC mode command:
Router(config)# alias exec fixmyrt clear ip route 209.165.201.16In the following example, the alias express is configured for the first part of the access-expression interface configuration command:
Router#configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)#interface e0Router(config-if)#?Interface configuration commands:access-expression Build a bridge boolean access expression...Router(config-if)#exitRouter(config)#alias ?accept-dialin VPDN group accept dialin configuration modeaccept-dialout VPDN group accept dialout configuration modeaddress-family Address Family configuration modecall-discriminator Call Discriminator Configurationcascustom Cas custom configuration modeclid-group CLID group configuration modeconfigure Global configuration modecongestion Frame Relay congestion configuration modecontroller Controller configuration modecptone-set custom call progress tone configuration modecustomer-profile customer profile configuration modedhcp DHCP pool configuration modednis-group DNIS group configuration modeexec Exec modeflow-cache Flow aggregation cache config modefr-fr FR/FR connection configuration modeinterface Interface configuration mode...Router(config)#alias interface express access-expressionRouter(config)#int e0Router(config-if)#exp?*express=access-expressionRouter(config-if)#express ?input Filter input packetsoutput Filter output packets!Note that the true form of the command/keyword alias appears on the screen after issuing!the express ? command.Router(config-if)#access-expression ?input Filter input packetsoutput Filter output packetsRouter(config-if)#ex?*express=access-expression exit!Note that in the following line, a space is used before the ex? command!so the alias is not displayed.Router(config-if)# ex?exit!Note that in the following line, the alias can not be recognized because!a space is used before the command.Router(config-if)# express ?% Unrecognized commandRouter(config-if)#endRouter#show alias interfaceInterface configuration mode aliases:express access-expressionRelated Commands
buffers
To make adjustments to initial buffer pool settings and to the limits at which temporary buffers are created and destroyed, use the buffers global configuration command. To return the buffers to their default size, use the no form of this command.
buffers {small | middle | big | verybig | large | huge | type number} {permanent | max-free | min-free | initial} number-of-buffers
no buffers {small | middle | big | verybig | large | huge | type number} {permanent | max-free | min-free | initial} number-of-buffers
Syntax Description
Defaults
The default number of buffers in a pool is determined by the hardware configuration and can be displayed with the show buffers EXEC command.
Command Modes
Global configuration
Command History
Usage Guidelines
Normally you need not adjust these parameters; do so only after consulting with technical support personnel.
Note
You cannot configure FDDI buffers.
Examples
Examples of Public Buffer Pool Tuning
The following example keeps at least 50 small buffers free in the system:
Router(config)# buffers small min-free 50The following example increases the permanent buffer pool allocation for big buffers to 200:
Router(config)# buffers big permanent 200Example of Interface Buffer Pool Tuning
A general guideline is to display buffers with the show buffers command, observe which buffer pool is depleted, and increase that one.
The following example increases the permanent Ethernet interface 0 buffer pool on a Cisco 4000 router to 96 when the Ethernet 0 buffer pool is depleted:
Router(config)# buffers ethernet 0 permanent 96Related Commands
Changes the length of time for which data is used to compute load statistics.
Displays statistics for the buffer pools on the network server.
buffers huge size
To dynamically resize all huge buffers to the value you specify, use the buffers huge size global configuration command. To restore the default buffer values, use the no form of this command.
buffers huge size number-of-bytes
no buffers huge size number-of-bytes
Syntax Description
Defaults
18,024 bytes
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command only after consulting with technical support personnel. The buffer size cannot be lowered below the default.
Note
Examples
The following example resizes huge buffers to 20,000 bytes:
Router(config)# buffers huge size 20000Related Commands
Adjusts the initial buffer pool settings and the limits at which temporary buffers are created and destroyed.
Displays statistics for the buffer pools on the network server.
calendar set
To manually set the hardware clock (calendar), use one of the formats of the calendar set EXEC command.
calendar set hh:mm:ss day month year
calendar set hh:mm:ss month day year
Syntax Description
hh:mm:ss
Current time in hours (using 24-hour notation), minutes, and seconds.
day
Current day (by date) in the month.
month
Current month (by name).
year
Current year (no abbreviation).
Command Modes
EXEC
Command History
Usage Guidelines
Some platforms have a hardware clock that is separate from the software clock. In Cisco IOS software syntax, the hardware clock is called the "calendar." The hardware clock is a battery-powered chip that runs continuously, even if the router is powered off or rebooted. After you set the hardware clock, the software clock will be automatically set from the hardware clock when the system is restarted or when the clock read-calendar EXEC command is issued. The time specified in this command is relative to the configured time zone.
Examples
The following example manually sets the hardware clock to 1:32 p.m. on July 23, 1997:
Router# calendar set 13:32:00 23 July 1997Related Commands
clock calendar-valid
To configure a system as an authoritative time source for a network based on its hardware clock (calendar), use the clock calendar-valid global configuration command. To specify that the hardware clock is not an authoritative time source, use the no form of this command.
clock calendar-valid
no clock calendar-valid
Syntax Description
This command has no arguments or keywords.
Defaults
The router is not configured as a time source.
Command Modes
Global configuration
Command History
Usage Guidelines
Some platforms have a hardware clock that is separate from the software clock. The hardware clock runs continuously, even if the router is powered off or rebooted. If no outside time source is available on your network, use this command to make the hardware clock an authoritative time source.
Because the hardware clock is not as accurate as other time sources, you should configure this command only when a more accurate time source (such as NTP) is not available.
Examples
The following example configures a router as the time source for a network based on its hardware clock:
Router(config)# clock calendar-validRelated Commands
clock read-calendar
To manually read the hardware clock (calendar) settings into the software clock, use the clock read-calendar EXEC command.
clock read-calendar
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Usage Guidelines
Some platforms have a hardware clock that is separate from the software clock. The hardware clock runs continuously, even if the router is powered off or rebooted. When the router is rebooted, the hardware clock is automatically read into the software clock. However, you may use this command to manually read the hardware clock setting into the software clock. This command is useful if the calendar set command has been used to change the setting of the hardware clock.
Examples
The following example configures the software clock to set its date and time by the hardware clock setting:
Router> clock read-calendarRelated Commands
clock set
To manually set the system software clock, use one of the formats of the clock set command in privileged EXEC mode.
clock set hh:mm:ss day month year
clock set hh:mm:ss month day year
Syntax Description
hh:mm:ss
Current time in hours (military format), minutes, and seconds.
day
Current day (by date) in the month.
month
Current month (by name).
year
Current year (no abbreviation).
Command Modes
Privileged EXEC mode
Command History
Usage Guidelines
Generally, if the system is synchronized by a valid outside timing mechanism, such as a Network Time Protocol (NTP) or VINES clock source, or if you have a router with hardware clock, you need not set the software clock. Use this command if no other time sources are available. The time specified in this command is relative to the configured time zone.
Examples
The following example manually sets the software clock to 1:32 p.m. on July 23, 1997:
Router# clock set 13:32:00 23 July 1997Related Commands
clock summer-time
To configure the system to automatically switch to summer time (daylight saving time), use one of the formats of the clock summer-time global configuration command. To configure the Cisco IOS software not to automatically switch to summer time, use the no form of this command.
clock summer-time zone recurring [week day month hh:mm week day month hh:mm [offset]]
clock summer-time zone date date month year hh:mm date month year hh:mm [offset]
clock summer-time zone date month date year hh:mm month date year hh:mm [offset]
no clock summer-time
Syntax Description
Defaults
Summer time is disabled. If the clock summer-time zone recurring command is specified without parameters, the summer time rules default to United States rules. Default of the offset argument is 60.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command if you want to automatically switch to summer time (for display purposes only). Use the recurring form of the command if the local summer time rules are of this form. Use the date form to specify a start and end date for summer time if you cannot use the recurring form.
In both the date and recurring forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is chronologically after the ending month, the system assumes that you are in the southern hemisphere.
Examples
The following example specifies that summer time starts on the first Sunday in April at 2 a.m. and ends on the last Sunday in October at 2 a.m.:
Router(config)# clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00If you live in a place where summer time does not follow the pattern in the first example, you can specify the exact date and times. In the following example, daylight saving time (summer time) is configured to start on October 12, 1997 at 2 a.m., and end on April 26, 1998 at 2 a.m.:
Router(config)# clock summer-time date 12 October 1997 2:00 26 April 1998 2:00Related Commands
clock timezone
To set the time zone for display purposes, use the clock timezone global configuration command. To set the time to Coordinated Universal Time (UTC), use the no form of this command.
clock timezone zone hours-offset [minutes-offset]
no clock timezone
Syntax Description
zone
Name of the time zone to be displayed when standard time is in effect.
hours-offset
Hours difference from UTC.
minutes-offset
(Optional) Minutes difference from UTC.
Defaults
UTC
Command Modes
Global configuration
Command History
Usage Guidelines
The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set.
Table 45 lists common time zone acronyms used for the zone argument.
Table 46 lists an alternative method for referring to time zones, in which single letters are used to refer to the time zone difference from UTC. Using this method, the letter Z is used to indicate the zero meridian, equivalent to UTC, and the letter J (Juliet) is used to refer to the local time zone. Using this method, the International Date Line is between time zones M and Y.
The following example sets the time zone to Pacific Standard Time (PST), which is 8 hours behind UTC:
Router(config)# clock timezone PST -8The following example sets the time zone to Atlantic Time (AT) for Newfoundland, Canada, which is 3.5 hours behind UTC:
Router(config)# clock timezone AT -3 30Related Commands
Sets the hardware clock.
Manually set the software clock.
Configures the system to automatically switch to summer time (daylight saving time).
Displays the software clock.
clock update-calendar
To perform a one-time update of the hardware clock (calendar) from the software clock, use the clock update-calendar in user or privileged EXEC mode.
clock update-calendar
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Usage Guidelines
Some platforms have a hardware clock (calendar) in addition to a software clock. The hardware clock is battery operated, and runs continuously, even if the router is powered off or rebooted.
If the software clock and hardware clock are not synchronized, and the software clock is more accurate, use this command to update the hardware clock to the correct date and time.
Examples
The following example copies the current date and time from the software clock to the hardware clock:
Router> clock update-calendarRelated Commands
Performs a one-time update of the software clock from the hardware clock (calendar).
ntp update-calendar
Periodically updates the hardware clock from the software clock.
downward-compatible-config
To generate a configuration that is compatible with an earlier Cisco IOS release, use the downward-compatible-config global configuration command. To remove this feature, use the no form of this command.
downward-compatible-config version
no downward-compatible-config
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
In Cisco IOS Release 10.3, IP access lists changed format. Use the downward-compatible-config command to regenerate a configuration in a format prior to Release 10.3 if you are going to downgrade from your software version to version 10.2 or 10.3. The earliest version value this command accepts is 10.2.
When this command is configured, the router attempts to generate a configuration that is compatible with the specified version. Note that this command affects only IP access lists.
Under some circumstances, the software might not be able to generate a fully backward-compatible configuration. In such a case, the software issues a warning message.
Examples
The following example generates a configuration file compatible with Cisco IOS Release 10.2 access lists:
Router(config)# downward-compatible-config 10.2Related Commands
access-list (extended)
Provides extended access lists that allow more detailed access lists.
access-list (standard)
Defines a standard XNS access list.
hostname
To specify or modify the host name for the network server, use the hostname global configuration command.
hostname name
Syntax Description
Defaults
The factory-assigned default host name is Router.
Command Modes
Global configuration
Command History
Usage Guidelines
The host name is used in prompts and default configuration filenames.
Do not expect case to be preserved. Upper- and lowercase characters look the same to many internet software applications. It may seem appropriate to capitalize a name the same way you might do in English, but conventions dictate that computer names appear all lowercase. For more information, refer to RFC 1178, Choosing a Name for Your Computer.
The name must also follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. For more information, refer to RFC 1035, Domain Names—Implementation and Specification.
Examples
The following example changes the host name to "sandbox":
Router(config)# hostname sandboxRelated Commands
ip bootp server
To enable the BOOTP service on your routing device, use the ip bootp server global configuration command. To disable BOOTP services, use the no form of the command.
ip bootp server
no ip bootp server
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration
Command History
Usage Guidelines
By default, the BOOTP service is enabled. When disabled, the no ip bootp server command will appear in the configuration file.
The integrated Dynamic Host Configuration Protocol (DHCP) server was introduced in Cisco IOS Release 12.0(1)T. Because DHCP is based on BOOTP, both of these services share the "well-known" UDP server port of 67 (per RFC 951, RFC 1534, and RFC 2131). If both the BOOTP server and DHCP server are disabled, and a helper address is not configured, "ICMP port unreachable" messages will be sent in response to incoming requests on port 67, and the original incoming packet will be discarded.
Note
Any network device that has UDP, TCP, BOOTP, DHCP or Finger services should be protected by a firewall or have the services disabled to protect against Denial of Service attacks.Examples
In the following example, BOOTP and DHCP services are disabled on the router:
Router(config)# no ip bootp serverRouter(config)# no service dhcpRelated Commands
service dhcp
Enables the integrated Dynamic Host Configuration Protocol (DHCP) server and relay agent.
ip finger
To configure a system to accept Finger protocol requests (defined in RFC 742), use the ip finger global configuration command. To disable this service, use the no form of this command.
ip finger [rfc-compliant]
no ip finger
Syntax Description
rfc-compliant
(Optional) Configures the system to wait for "Return" or "/W" input when processing Finger requests. This keyword should not be used for those systems.
Defaults
Disabled
Command Modes
Global configuration
Command History
11.3
This command was introduced.
12.1(5), 12.1(5)T
This command was changed from being enabled by default to being disabled by default.
Usage Guidelines
The Finger service allows remote users to view the output equivalent to the show users [wide] command.
When ip finger is configured, the router will respond to a telnet a.b.c.d finger command from a remote host by immediately displaying the output of the show users command and then closing the connection.
When the ip finger rfc-compliant command is configured, the router will wait for input before displaying anything (as required by RFC 1288). The remote user can then enter the Return key to display the output of the show users EXEC command, or enter /W to display the output of the show users wide EXEC command. After this information is displayed, the connection is closed.
Note
Any network device that has UDP, TCP, BOOTP, or Finger services should be protected by a firewall or have the services disabled to protect against Denial of Service attacks.Because of the potential for hung lines, the rfc-compliant form of this command should not be configured for devices with more than 20 simultaneous users.
Examples
The following example disables the Finger protocol:
Router(config)# no ip fingerip telnet source-interface
To specify the IP address of an interface as the source address for Telnet connections, use the ip telnet source-interface global configuration command. To reset the source address to the default for each connection, use the no form of this command.
ip telnet source-interface interface
no ip telnet source-interface
Syntax Description
Defaults
The address of the closest interface to the destination as the source address.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to set the IP address of an interface as the source for all Telnet connections.
If the specified interface is not up, the Cisco IOS software selects the address of the interface closest to the destination as the source address.
Examples
The following example forces the IP address for Ethernet interface 1 as the source address for Telnet connections:
Router(config)# ip telnet source-interface Ethernet1Related Commands
ip radius source-interface
Forces RADIUS to use the IP address of a specified interface for all outgoing RADIUS packets.
ip tftp source-interface
To specify the IP address of an interface as the source address for TFTP connections, use the ip tftp source-interface global configuration command. To return to the default, use the no form of this command.
ip tftp source-interface interface
no ip tftp source-interface
Syntax Description
Defaults
The address of the closest interface to the destination as the source address.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to set the IP address of an interface as the source for all TFTP connections.
If the specified interface is not up, the Cisco IOS software selects the address of the interface closest to the destination as the source address.
Examples
In the following example, the IP address assigned to the Loopback0 interface will be used as the source address for TFTP connections:
Router(config)# ip tftp source-interface Loopback0Related Commands
load-interval
To change the length of time for which data is used to compute load statistics, use the load-interval interface configuration command. To revert to the default setting, use the no form of this command.
load-interval seconds
no load-interval seconds
Syntax Description
seconds
Length of time for which data is used to compute load statistics. A value that is a multiple of 30, from 30 to 600 (30, 60, 90, 120, and so on).
Defaults
300 seconds (5 minutes)
Command Modes
Interface configuration
Command History
Usage Guidelines
If you want load computations to be more reactive to short bursts of traffic, rather than averaged over 5-minute periods, you can shorten the length of time over which load averages are computed.
If the load interval is set to 30 seconds, new data is used for load calculations over a 30-second period. This data is used to compute load statistics, including input rate in bits and packets per second, output rate in bits and packets per second, load, and reliability.
Load data is gathered every 5 seconds. This data is used for a weighted average calculation in which more-recent load data has more weight in the computation than older load data. If the load interval is set to 30 seconds, the average is computed for the last 30 seconds of load data.
The load-interval command allows you to change the default interval of 5 minutes to a shorter or longer period of time. If you change it to a shorter period of time, the input and output statistics that are displayed when you use the show interface command will be more current, and based on more instantaneous data, rather than reflecting a more average load over a longer period of time.
This command is often used for dial backup purposes, to increase or decrease the likelihood of a backup interface being implemented, but it can be used on any interface.
Examples
In the following example, the default 5-minute average is set to a 30-second average. A burst in traffic that would not trigger a dial backup for an interface configured with the default 5-minute interval might trigger a dial backup for this interface that is set for a shorter, 30-second interval.
Router(config)# interface serial 0Router(config-if)# load-interval 30Related Commands
ntp access-group
To control access to the Network Time Protocol (NTP) services on the system, use the ntp access-group command in global configuration mode. To remove access control to the NTP services, use the no form of this command.
ntp access-group {query-only | serve-only | serve | peer} access-list-number
no ntp
Syntax Description
Defaults
No access control (full access granted to all systems)
Command Modes
Global configuration
Command History
Usage Guidelines
The access group options are scanned in the following order from least restrictive to most restrictive:
1.
2.
3.
4.
Access is granted for the first match that is found. If no access groups are specified, all access is granted to all sources. If any access groups are specified, only the specified access is granted. This facility provides minimal security for the time services of the system. However, it can be circumvented by a determined programmer. If tighter security is desired, use the NTP authentication facility.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp access-group command and you now want to remove not only the access group, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure a system to allow itself to be synchronized by a peer from access list 99. However, the system restricts access to allow only time requests from access list 42.
Router(config)# ntp access-group peer 99Router(config)# ntp access-group serve-only 42The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
access-list
Configures the access list mechanism for filtering frames by protocol type or vendor code.
ntp authenticate
To enable Network Time Protocol (NTP) authentication, use the ntp authenticate command in global configuration mode. To disable the function, use the no form of this command.
ntp authenticate
no ntp
Syntax Description
This command has no arguments or keywords.
Defaults
No authentication
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command if you want authentication. If this command is specified, the system will not synchronize to a system unless it carries one of the authentication keys specified in the ntp trusted-key global configuration command.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp authenticate command and you now want to disable not only the authentication, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure the system to synchronize only to systems that provide authentication key 42 in their NTP packets:
Router(config)# ntp authenticateRouter(config)# ntp authentication-key 42 md5 aNiceKeyRouter(config)# ntp trusted-key 42The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp authentication-key
Defines an authentication key for NTP.
ntp trusted-key
Authenticates the identity of a system to which NTP will synchronize.
ntp authentication-key
To define an authentication key for Network Time Protocol (NTP), use the ntp authentication-key command in global configuration mode. To remove the authentication key for NTP, use the no form of this command.
ntp authentication-key number md5 value
no ntp
Syntax Description
Defaults
No authentication key is defined for NTP.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command to define authentication keys for use with other NTP commands in order to provide a higher degree of security.
Note
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp authentication-key command and you now want to remove not only the authentication key, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in their NTP packets:
Router(config)# ntp authenticateRouter(config)# ntp authentication-key 42 md5 aNiceKeyRouter(config)# ntp trusted-key 42The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp broadcast client
To configure the system to receive Network Time Protocol (NTP) broadcast packets on a specified interface, use the ntp broadcast client command in interface configuration mode. To disable this capability, use the no form of this command.
ntp broadcast client
no ntp
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp broadcast client command and you now want to remove not only the broadcast client capability, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
In the following example, the system is configured to receive (listen to) NTP broadcasts on Ethernet interface 1:
Router(config)# interface ethernet 1Router(config-if)# ntp broadcast clientThe following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp broadcast
To configure the system to send Network Time Protocol (NTP) broadcast packets on a specified interface, use the ntp broadcast command in interface configuration mode. To disable this capability, use the no form of this command.
ntp broadcast [version number]
no ntp
Syntax Description
version
(Optional) Indicates that a version is specified.
number
(Optional) Number from 1 to 3 indicating the NTP version.
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp broadcast command and you now want to remove not only the broadcast capability, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configures Ethernet interface 0 to send NTP version 2 broadcasts:
Router(config)# interface ethernet 0Router(config-if)# ntp broadcast version 2The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp broadcastdelay
To set the estimated round-trip delay between the Cisco IOS software and a Network Time Protocol (NTP) broadcast server, use the ntp broadcastdelay command in global configuration mode. To revert to the default value, use the no form of this command.
ntp broadcastdelay microseconds
no ntp
Syntax Description
microseconds
Estimated round-trip time (in microseconds) for NTP broadcasts. The range is from 1 to 999999.
Defaults
3000 microseconds
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command when the router is configured as a broadcast client and the round-trip delay on the network is other than 3000 microseconds.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp broadcastdelay command and you now want to remove not only the delay setting, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to set the estimated round-trip delay between a router and the broadcast client to 5000 microseconds:
Router(config)# ntp broadcastdelay 5000The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp broadcast
Configures the specified interface to send NTP broadcast packets.
ntp broadcast client
Configures the specified interface to receive NTP broadcast packets.
ntp clock-period
Caution
As NTP compensates for the error in the software clock, it keeps track of the correction factor for this error. The system automatically saves this value into the system configuration when the ntp clock-period command is issued in global configuration mode. To revert to the default, use the no form of this command.
ntp clock-period value
no ntp
Syntax Description
value
Amount of time to add to the software clock for each clock hardware tick (this value is multiplied by 2-32).
Defaults
17179869 2-32 seconds (4 milliseconds)
Command Modes
Global configuration
Command History
Usage Guidelines
Do not manually set a value for the NTP clock-period.
If a copy running-config startup-config command is entered to save the configuration to NVRAM, the ntp clock-period command will automatically be added to the startup configuration. We recommend saving the running configuration to the startup configuration after NTP has been running for a week or so specifically for the purpose of capturing the current setting for the clock-period; performing this task will help NTP synchronize more quickly if the system is restarted.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you want to remove not only the clock period, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows a typical difference between the values of the NTP clock-period setting in the running configuration and in the startup configuration:
Router# show startup-config | include clock-periodntp clock-period 17180239Router# show running-config | include clock-periodntp clock-period 17180255The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpntp disable
To prevent an interface from receiving Network Time Protocol (NTP) packets, use the ntp disable command in interface configuration mode. To enable receipt of NTP packets on an interface, use the no form of this command.
ntp disable
no ntp
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
This command provides a simple method of access control.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp disable command and you now want to remove not only this restriction, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to prevent Ethernet interface 0 from receiving NTP packets:
Router(config)# interface ethernet 0Router(config-if)# ntp disableThe following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpntp master
To configure the Cisco IOS software as a Network Time Protocol (NTP) master clock to which peers synchronize themselves when an external NTP source is not available, use the ntp master command in global configuration mode. To disable the master clock function, use the no form of this command.
ntp master [stratum]
no ntp
Caution
Syntax Description
stratum
(Optional) Number from 1 to 15. Indicates the NTP stratum number that the system will claim.
Defaults
By default, the master clock function is disabled. When enabled, the default stratum is 8.
Command Modes
Global configuration
Command History
Usage Guidelines
Because the Cisco implementation of NTP does not support directly attached radio or atomic clocks, the router is normally synchronized, directly or indirectly, to an external system that has such a clock. In a network without Internet connectivity, such a time source may not be available. The ntp master command is used in such cases.
If the system has ntp master configured, and it cannot reach any clock with a lower stratum number, the system will claim to be synchronized at the configured stratum number, and other systems will be willing to synchronize to it via NTP.
Note
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp master command and you now want to remove not only the master clock function, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure a router as an NTP master clock to which peers may synchronize:
Router(config)# ntp master 10The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
clock calendar-valid
Configures the system hardware clock an authoritative time source for the network.
ntp max-associations
To configure the maximum number of Network Time Protocol (NTP) peers and clients for the routing device, use the ntp max-associations command in global configuration mode. To return the maximum associations value to the default, use the no form of this command.
ntp max-associations number
no ntp
Syntax Description
Defaults
100 maximum associations.
Command Modes
Global configuration
Command History
Usage Guidelines
The router can be configured to define the maximum number of NTP peer and client associations that the router will serve. The ntp max-associations command is used to set this limit.
This command is useful for ensuring that that the router is not overwhelmed by huge numbers of NTP synchronization requests or, for an NTP master server, to allow large numbers of devices to sync to the router.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp max-associations command and you now want to remove not only that maximum value, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
In the following example, the router is configured to act as an NTP server to 200 clients:
Router(config)# ntp max-associations 200The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp multicast client
To configure the system to receive Network Time Protocol (NTP) multicast packets on a specified interface, use the ntp multicast client interface configuration command. To disable this capability, use the no form of this command.
ntp multicast client [ip-address]
no ntp
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
Use this command to allow the system to listen to multicast packets on an interface-by-interface basis.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp multicast client command and you now want to remove not only the multicast client capability, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
In the following example, the system is configured to receive (listen to) NTP multicast packets on Ethernet interface 1:
Router(config)# interface ethernet 1Router(config-if)# ntp multicast clientThe following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp multicast
To configure a system to send Network Time Protocol (NTP) multicast packets on a specified interface, use the ntp multicast interface configuration command. To disable this capability, use the no form of this command.
ntp multicast [ip-address] [key key-id] [ttl value] [version number]
no ntp
Syntax Description
Defaults
Disabled
Command Modes
Interface configuration
Command History
Usage Guidelines
The TTL value is used to limit the scope of an audience for multicast routing.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp multicast command and you now want to remove not only the multicast capability, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure Ethernet interface 0 to send NTP version 2 broadcasts:
Router(config)# interface ethernet 0Router(config-if)# ntp multicast version 2The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp authentication-key
Defines an authentication key for NTP.
ntp multicast client
Allows the system to receive NTP multicast packets on an interface.
ntp peer
To configure the software clock to synchronize a peer or to be synchronized by a peer, use the ntp peer command in global configuration mode. To disable this capability, use the no form of this command.
ntp peer ip-address [normal-sync] [version number] [key key-id] [source interface] [prefer]
no ntp
Syntax Description
Command Default
No peers are configured.
Command Modes
Global configuration
Command History
Usage Guidelines
When a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.
Use this command to allow a device to synchronize with a peer, or vice versa. Using the prefer keyword reduces switching between peers.
Tip
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp peer command and you now want to remove not only the peer, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure a router to allow its software clock to be synchronized with the clock of the peer (or vice versa) at IP address 192.168.22.33 using NTP version 2. The source IP address is the address of Ethernet 0.
Router(config)# ntp peer 192.168.22.33 version 2 source ethernet 0The following example shows how to disable rapid synchronization at startup:
Router(config)# ntp peer 192.168.22.33 normal-syncThe following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp refclock
To configure an external clock source for use with Network Time Protocol (NTP) services, use the ntp refclock command in line configuration mode. To disable support of the external time source, use the no form of this command.
ntp refclock {trimble | telecom-solutions} pps {cts | ri | none} [inverted] [pps-offset number] [stratum number] [timestamp-offset number]
no ntp
Syntax Description
Defaults
This command is disabled by default.
Command Modes
Line configuration
Command History
12.1
The trimble keyword was added to provide driver activation for a Trimble GPS time source on the Cisco 7200 series router.
Usage Guidelines
To configure a PPS signal as the source for NTP synchronization, use the following form of the ntp refclock command:
ntp refclock pps {cts | ri} [inverted] [pps-offset number] [stratum number] [timestamp-offset number]
To configure a Trimble Palisade NTP Synchronization Kit as the GPS clock source connected to the auxiliary port of a Cisco 7200 router, use the following form of the ntp refclock command:
ntp refclock trimble pps none [stratum number]
To configure a Telecom Solutions product as the GPS clock source, use the ntp refclock telecom-solutions form of the command:
ntp refclock telecom-solutions pps cts [stratum number]
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp refclock command and you now want to remove not only the external clock source, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows configuration of a Trimble Palisade GPS time source on a Cisco 7200 router:
Router(config)# ntp masterRouter(config)# ntp update-calendarRouter(config)# line aux 0Router(config-line)# ntp refclock trimble pps noneThe following example shows configuration of a Telecom Solutions GPS time source on a Catalyst switch platform:
Router(config)# ntp masterRouter(config)# ntp update-calendarRouter(config)# line aux 0Router(config-line)# ntp refclock telecom-solutions pps cts stratum 1The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
show ntp associations
Displays the status of NTP associations configured for your system.
ntp server
To allow the software clock to be synchronized by a Network Time Protocol (NTP) time server, use the ntp server command in global configuration mode. To disable this capability, use the no form of this command.
ntp server ip-address | hostname [version number] [key key-id] [source interface] [prefer]
no ntp
Syntax Description
Defaults
No peers are configured by default. If a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command if you want to allow the system to synchronize with the specified server. The server will not synchronize to this machine.
When you use the hostname option, the router does a domain name server (DNS) lookup on that name, and stores the IP address in the configuration. For example, if you enter the command ntp server host1 and then check the running configuration, the output shows "ntp server 172.16.0.4," assuming that the router is correctly configured as a DNS client.
Use the prefer keyword if you use this command multiple times, and you want to set a preferred server. Using the prefer keyword reduces switching between servers.
If you are using the default version of 3 and NTP synchronization does not occur, try NTP version 2. Some NTP servers on the Internet run version 2.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp server command and you now want to remove not only the server synchronization capability, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure a router to allow its software clock to be synchronized with the clock by the device at IP address 172.16.22.44 using NTP version 2:
Router(config)# ntp server 172.16.22.44 version 2The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp source
To use a particular source address in Network Time Protocol (NTP) packets, use the ntp source command in global configuration mode. To remove the specified source address, use the no form of this command.
ntp source type number
no ntp
Syntax Description
Defaults
Source address is determined by the outgoing interface.
Command Modes
Global configuration
Command History
Usage Guidelines
Use this command when you want to use a particular source IP address for all NTP packets. The address is taken from the named interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword is present on an ntp server or ntp peer global configuration command, that value overrides the global value set by this command.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp source command and you now want to remove not only the configured source address, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure a router to use the IP address of Ethernet 0 as the source address of all outgoing NTP packets:
Router(config)# ntp source ethernet 0The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp peer
Configures the software clock to synchronize a peer or to be synchronized by a peer.
ntp server
Allows the software clock to be synchronized by a time server.
ntp trusted-key
To authenticate the identity of a system to which Network Time Protocol (NTP) will synchronize, use the ntp trusted-key command in global configuration mode. To disable authentication of the identity of the system, use the no form of this command.
ntp trusted-key key-number
no ntp
Syntax Description
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
If authentication is enabled, use this command to define one or more key numbers (corresponding to the keys defined with the ntp authentication-key command) that a peer NTP system must provide in its NTP packets, in order for this system to synchronize to it. This function provides protection against accidentally synchronizing the system to a system that is not trusted, because the other system must know the correct authentication key.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp trusted-key command and you now want to remove not only the authentication, but all NTP functions from the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in its NTP packets:
Router(config)# ntp authenticateRouter(config)# ntp authentication-key 42 md5 aNiceKeyRouter(config)# ntp trusted-key 42The following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
ntp authenticate
Enables NTP authentication.
ntp authentication-key
Defines an authentication key for NTP.
ntp update-calendar
To periodically update the hardware clock (calendar) from a Network Time Protocol (NTP) time source, use the ntp update-calendar command in global configuration mode. To disable the periodic updates, use the no form of this command.
ntp update-calendar
no ntp
Syntax Description
This command has no arguments or keywords.
Defaults
The hardware clock (calendar) is not updated.
Command Modes
Global configuration
Command History
Usage Guidelines
Some platforms have a battery-powered hardware clock, referred to in the command-line interface (CLI) as the "calendar," in addition to the software based system clock. The hardware clock runs continuously, even if the router is powered off or rebooted.
If the software clock is synchronized to an outside time source via NTP, it is a good practice to periodically update the hardware clock with the time learned from NTP. Otherwise, the hardware clock will tend to gradually lose or gain time (drift), and the software clock and hardware clock may become out of synchronization with each other. The ntp update-calendar command will enable the hardware clock to be periodically updated with the time specified by the NTP source. The hardware clock will be updated only if NTP has synchronized to an authoritative time server.
Many lower-end routers (for example, the Cisco 2500 series or the Cisco 2600 series) do not have hardware clocks, so this command is not available on those platforms.
To force a single update of the hardware clock from the software clock, use the clock update-calendar EXEC command.
When you configure NTP, you must include at least one of the available keywords; the NTP service is activated and the keyword takes effect.
In the no form of ntp commands, all the keywords are optional. When you enter the no ntp command followed by one or more of its keywords, only the functions activated by those keywords are removed from the NTP service. The NTP service itself remains active, along with all functions you have not specified in the no ntp command.
To terminate NTP service on a device, you must enter the no ntp command without keywords.
For example, if you previously issued the ntp update-calendar command and you now want to disable not only the periodic updates, but all NTP functions running on the device, use the no ntp command without any keywords. This ensures that all NTP functions are removed and that the NTP service is also terminated.
Examples
The following example shows how to configure the system to periodically update the hardware clock from the NTP time source:
Router(config)# ntp update-calendarThe following example shows how to remove all the configured NTP options and disable the ntp server:
Router(config)# no ntpRelated Commands
periodic
To specify a recurring (weekly) time range for functions that support the time-range feature, use the periodic time-range configuration command. To remove the time limitation, use the no form of this command.
periodic days-of-the-week hh:mm to [days-of-the-week] hh:mm
no periodic days-of-the-week hh:mm to [days-of-the-week] hh:mm
Syntax Description
Defaults
No recurring time range is defined.
Command Modes
Time-range configuration
Command History
Usage Guidelines
For Cisco IOS Release 12.2, IP and Internetwork Packet Exchange (IPX) extended access lists are the only functions that can use time ranges. For further information on using these functions, refer to the Release 12.2 Cisco IOS IP Configuration Guide and the Release 12.2 Cisco IOS AppleTalk and Novell IPX Configuration Guide.
The periodic command is one way to specify when a time range is in effect. Another way is to specify an absolute time period with the absolute command. Use either of these commands after the time-range global configuration command, which specifies the name of the time range. Multiple periodic entries are allowed per time-range command.
If the end days-of-the-week value is the same as the start value, they can be omitted.
If a time-range command has both absolute and periodic values specified, then the periodic items are evaluated only after the absolute start time is reached, and are not further evaluated after the absolute end time is reached.
Note
Table 47 lists some typical settings for your convenience:
Examples
The following example denies HTTP traffic on Monday through Friday from 8:00 a.m. to 6:00 p.m.:
time-range no-httpperiodic weekdays 8:00 to 18:00!ip access-list extended strictdeny tcp any any eq http time-range no-http!interface ethernet 0ip access-group strict inThe following example permits Telnet traffic on Mondays, Tuesdays, and Fridays from 9:00 a.m. to
5:00 p.m.:time-range testingperiodic Monday Tuesday Friday 9:00 to 17:00!ip access-list extended legalpermit tcp any any eq telnet time-range testing!interface ethernet 0ip access-group legal inRelated Commands
process-max-time
To configure the amount of time after which a process should voluntarily yield to another process, use the process-max-time command in global configuration mode. To reset this value to the system default, use the no form of this command.
process-max-time milliseconds
no process-max-time [milliseconds]
Syntax Description
milliseconds
Maximum duration (in milliseconds) that a process can run before suspension. The range is from 20-200 milliseconds.
Defaults
Default maximum process time is 200 milliseconds.
Command Modes
Global configuration
Command History
Usage Guidelines
Lowering the maximum time a process can run is useful in some circumstances to ensure equitable division of CPU time among different tasks.
Only use this command if recommended to do so by the Cisco Technical Assistance Center (TAC).
Examples
The following example limits the time to 100 milliseconds that a process can run without suspending:
process-max-time 100prompt
To customize the CLI prompt, use the prompt global configuration command. To revert to the default prompt, use the no form of this command.
prompt string
no prompt [string]
Syntax Description
string
Text that will be diplayed on screen as the CLI prompt, including any desired prompt variables.
Defaults
The default prompt is either Router or the name defined with the hostname global configuration command, followed by an angle bracket (>) for user EXEC mode or a pound sign (#) for privileged EXEC mode.
Command Modes
Global configuration
Command History
Usage Guidelines
You can include customized variables when specifying the prompt. All prompt variables are preceded by a percent sign (%). Table 48 lists the availble prompt variables.
Issuing the prompt %h command has the same effect as issuing the no prompt command.
Examples
The following example changes the EXEC prompt to include the tty number, followed by the name and a space:
Router(config)# prompt TTY%n@%h%s%pThe following are examples of user and privileged EXEC prompts that result from the previous command:
TTY17@Router1 > enableTTY17@Router1 #Related Commands
scheduler allocate
To guarantee CPU time for processes, use the scheduler allocate global configuration command on the Cisco 7200 series and Cisco 7500 series routers. To restore the default, use the no form of this command.
scheduler allocate interrupt-time process-time
no scheduler allocate
Syntax Description
Defaults
Approximately 5 percent of the CPU is available for process tasks.
Command Modes
Global configuration
Command History
Usage Guidelines
This command applies to the Cisco 7200 series and Cisco 7500 series routers.
Note
Examples
The following example makes 20 percent of the CPU available for process tasks:
Router(config)# scheduler allocate 2000 500Related Commands
Controls the maximum amount of time that can elapse without running system processes.
scheduler interval
To control the maximum amount of time that can elapse without running system processes, use the scheduler interval global configuration command. To restore the default, use the no form of this command.
scheduler interval milliseconds
no scheduler interval
Syntax Description
milliseconds
Integer that specifies the interval (in milliseconds). The minimum interval that you can specify is 500 milliseconds; there is no maximum value.
Defaults
High-priority operations are allowed to use as much of the CPU as needed.
Command Modes
Global configuration
Command History
Usage Guidelines
The normal operation of the network server allows the switching operations to use as much of the central processor as is required. If the network is running unusually heavy loads that do not allow the processor the time to handle the routing protocols, give priority to the system process scheduler. High-priority operations are allowed to use as much of the CPU as needed.
Note
On the Cisco 7200 series and Cisco 7500 series, use the scheduler allocate global configuration command instead of the scheduler interval command.
Examples
The following example changes the low-priority process schedule to an interval of 750 milliseconds:
Router(config)# scheduler interval 750Related Commands
service decimal-tty
To specify that line numbers be displayed and interpreted as decimal numbers rather than octal numbers, use the service decimal-tty global configuration command. To display octal numbers, use the no form of this command.
service decimal-tty
no service decimal-tty
Syntax Description
This command has no arguments or keywords.
Defaults
Decimal numbers are displayed.
Command Modes
Global configuration
Command History
Examples
The following example displays decimal rather than octal line numbers:
Router(config)# service decimal-ttyservice exec-wait
To delay the startup of the EXEC on noisy lines, use the service exec-wait global configuration command. To disable the delay function, use the no form of this command.
service exec-wait
no service exec-wait
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
This command delays startup of the EXEC until the line has been idle (no traffic seen) for 3 seconds. The default is to enable the line immediately on modem activation.
This command is useful on noisy modem lines or when a modem attached to the line is configured to ignore MNP/V.42 negotiations, and MNP/V.42 modems may be dialing in. In these cases, noise or MNP/V.42 packets may be interpreted as usernames and passwords, causing authentication failure before the user has a chance to type a username or password. The command is not useful on nonmodem lines or lines without some kind of login configured.
Examples
The following example delays the startup of the EXEC:
Router(config)# service exec-waitservice finger
The service finger command has been replaced by the ip finger command. However, the service finger and no service finger commands continue to function to maintain backward compatibility with older versions of Cisco IOS software. Support for this command may be removed in a future release. See the description of the ip finger command in this chapter for more information.
service hide-telnet-address
To hide addresses while trying to establish a Telnet session, use the service hide-telnet-address global configuration command. To remove this service, use the no form of this command.
service hide-telnet-address
no service hide-telnet-address
Syntax Description
This command has no arguments or keywords.
Defaults
Addresses are displayed.
Command Modes
Global configuration
Command History
Usage Guidelines
When you attempt to connect to a device, the router displays addresses and other messages (for example, "Trying router1 (171.69.1.154, 2008)...)." With the hide feature, the router suppresses the display of the address (for example, "Trying router1 address #1..."). The router continues to display all other messages that would normally be displayed during a connection attempt, such as detailed error messages if the connection was not successful.
The hide feature improves the functionality of the busy-message feature. When you configure only the busy-message command, the normal messages generated during a connection attempt are not displayed; only the busy-message is displayed. When you use the hide and busy features together you can customize the information displayed during Telnet connection attempts. When you configure the service hide-telnet-address command and the busy-message command, the router suppresses the address and displays the message specified with the busy-message command if the connection attempt is not successful.
Examples
The following example hides Telnet addresses:
Router(config)# service hide-telnet-addressRelated Commands
busy-message
Creates a "host failed" message that is displayed when a connection fails.
service nagle
To enable the Nagle congestion control algorithm, use the service nagle global configuration command. To to disable the algorithm, use the no form of this command.
service nagle
no service nagle
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
When using a standard TCP implementation to send keystrokes between machines, TCP tends to send one packet for each keystroke typed. On larger networks, many small packets use up bandwidth and contribute to congestion.
The algorithm developed by John Nagle (RFC 896) helps alleviate the small-packet problem in TCP. In general, it works this way: The first character typed after connection establishment is sent in a single packet, but TCP holds any additional characters typed until the receiver acknowledges the previous packet. Then the second, larger packet is sent, and additional typed characters are saved until the acknowledgment comes back. The effect is to accumulate characters into larger chunks, and pace them out to the network at a rate matching the round-trip time of the given connection. This method is usually effective for all TCP-based traffic. However, do not use the service nagle command if you have XRemote users on X Window system sessions.
Examples
The following example enables the Nagle algorithm:
Router(config)# service nagleservice prompt config
To display the configuration prompt (config), use the service prompt config global configuration command. To remove the configuration prompt, use the no form of this command.
service prompt config
no service prompt config
Syntax Description
This command has no arguments or keywords.
Defaults
The configuration prompts appear in all configuration modes.
Command Modes
Global configuration
Command History
Examples
In the following example, the no service prompt config command prevents the configuration prompt from being displayed. The prompt is still displayed in EXEC mode. When the service prompt config command is entered, the configuration mode prompt reappears.
Router# configure terminalEnter configuration commands, one per line. End with CNTL/Z.Router(config)# no service prompt confighostname newnameendnewname# configure terminalEnter configuration commands, one per line. End with CNTL/Z.service prompt confignewname(config)# hostname RouterRouter(config)# endRouter#Related Commands
Specifies or modifies the host name for the network server.
Customizes the prompt.
service tcp-small-servers
To access minor TCP/IP services available from hosts on the network, use the service tcp-small-servers command in global configuration mode. To disable these services, use the no form of the command.
service tcp-small-servers
no service tcp-small-servers
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
By default, the TCP servers for Echo, Discard, Chargen, and Daytime services are disabled.
When the minor TCP/IP servers are disabled, access to the Echo, Discard, Chargen, and Daytime ports cause the Cisco IOS software to send a TCP RESET packet to the sender and discard the original incoming packet.
Examples
The following example enables minor TCP/ IP services available from the network:
Router(config)# service tcp-small-serversservice telnet-zero-idle
To set the TCP window to zero (0) when the Telnet connection is idle, use the service telnet-zero-idle global configuration command. To disable this service, use the no form of this command.
service telnet-zero-idle
no service telnet-zero-idle
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
Normally, data sent to noncurrent Telnet connections is accepted and discarded. When the service telnet-zero-idle command is enabled, if a session is suspended (that is, some other connection is made active or the EXEC is sitting in command mode), the TCP window is set to zero. This action prevents the remote host from sending any more data until the connection is resumed. Use this command when it is important that all messages sent by the host be seen by the users and the users are likely to use multiple sessions.
Do not use this command if your host will eventually time out and log out a TCP user whose window is zero.
Examples
The following example sets the TCP window to zero when the Telnet connection is idle:
Router(config)# service telnet-zero-idleRelated Commands
service udp-small-servers
To access minor User Datagram Protocol (UDP) services available from hosts on the network, use the service udp-small-servers global configuration command. To disable these services, use the no form of this command.
service udp-small-servers
no service udp-small-servers
Syntax Description
This command has no arguments or keywords.
Defaults
Disabled
Command Modes
Global configuration
Command History
Usage Guidelines
By default the UPD servers for Echo, Discard, and Chargen services are disabled.
When the servers are disabled, access to Echo, Discard, and Chargen ports causes the Cisco IOS software to send an "ICMP port unreachable" message to the sender and discard the original incoming packet.
Examples
In the following example minor UDP services are enabled on the router:
Router(config)# service udp-small-serversshow aliases
To display all alias commands, or the alias commands in a specified mode, use the show aliases EXEC command.
show aliases [mode]
Syntax Description
Command Modes
EXEC
Command History
Usage Guidelines
When used without the mode argument, this command will display all aliases currently configured on the system. Use the mode argument to display only the aliases configured for the specified command mode.
To display a list of the command mode keywords available for your system, use the show aliases ? command. For a list of command modes, refer to the "Cisco IOS Command Modes" appendix in the Release 12.2 Cisco IOS Configuration Fundamentals Configuration Guide.
Examples
The following is sample output from the show aliases exec commands. The aliases configured for commands in EXEC mode are displayed.
Router> show aliases execExec mode aliases:h helplo logoutp pingr resumes showw whereRelated Commands
show buffers
To display statistics for the buffer pools on the network server, use the show buffers EXEC command.
show buffers [address hex-addr |[all | assigned | failures | free | old [dump | header | packet]]
| input-interface interface-type identifier | pool pool-name]Syntax Description
Command Modes
EXEC
Command History
Usage Guidelines
The peak field in the output of the show buffers command shows the maximum number of buffers created (highest total) and the time when that peak occurred relative to when you issued the show buffers command. Formats include weeks, days, hours, minutes, and seconds. Not all systems report a peak value, which means this field may not display in output.
Examples
The following is sample output from the show buffers command with no arguments, showing all buffer pool information:
Router> show buffersBuffer elements:398 in free list (500 max allowed)1266 hits, 0 misses, 0 createdPublic buffer pools:Small buffers, 104 bytes (total 50, permanent 50):50 in free list (20 min, 150 max allowed)551 hits, 0 misses, 0 trims, 0 createdMiddle buffers, 600 bytes (total 25, permanent 25):25 in free list (10 min, 150 max allowed)39 hits, 0 misses, 0 trims, 0 createdBig buffers, 1524 bytes (total 50, permanent 50):49 in free list (5 min, 150 max allowed)27 hits, 0 misses, 0 trims, 0 createdVeryBig buffers, 4520 bytes (total 10, permanent 10):10 in free list (0 min, 100 max allowed)0 hits, 0 misses, 0 trims, 0 createdLarge buffers, 5024 bytes (total 0, permanent 0):0 in free list (0 min, 10 max allowed)0 hits, 0 misses, 0 trims, 0 createdHuge buffers, 18024 bytes (total 0, permanent 0):0 in free list (0 min, 4 max allowed)0 hits, 0 misses, 0 trims, 0 createdInterface buffer pools:Ethernet0 buffers, 1524 bytes (total 64, permanent 64):16 in free list (0 min, 64 max allowed)48 hits, 0 fallbacks16 max cache size, 16 in cacheEthernet1 buffers, 1524 bytes (total 64, permanent 64):16 in free list (0 min, 64 max allowed)48 hits, 0 fallbacks16 max cache size, 16 in cacheSerial0 buffers, 1524 bytes (total 64, permanent 64):16 in free list (0 min, 64 max allowed)48 hits, 0 fallbacks16 max cache size, 16 in cacheSerial1 buffers, 1524 bytes (total 64, permanent 64):16 in free list (0 min, 64 max allowed)48 hits, 0 fallbacks16 max cache size, 16 in cacheTokenRing0 buffers, 4516 bytes (total 48, permanent 48):0 in free list (0 min, 48 max allowed)48 hits, 0 fallbacks16 max cache size, 16 in cacheTokenRing1 buffers, 4516 bytes (total 32, permanent 32):32 in free list (0 min, 48 max allowed)16 hits, 0 fallbacks0 failures (0 no memory)The following is sample output from the show buffers command with no arguments, showing onlybuffer pool information for Huge buffers. This output shows a highest total of five Huge buffers created five days and 18 hours before the command was issued.
Router> show buffersHuge buffers, 18024 bytes (total 5, permanent 0, peak 5 @ 5d18h): 4 in free list (3 min, 104 max allowed) 0 hits, 1 misses, 101 trims, 106 created 0 failures (0 no memory)The following is sample output from the show buffers command with no arguments, showing only buffer pool information for Huge buffers. This output shows a highest total of 184 Huge buffers created one hour, one minute, and 15 seconds before the command was issued.
Router> show buffersHuge buffers, 65280 bytes (total 4, permanent 2, peak 184 @ 01:01:15):4 in free list (0 min, 4 max allowed)32521 hits, 143636 misses, 14668 trims, 14670 created143554 failures (0 no memory)The following is sample output from the show buffers command with an interface type and interface number:
Router> show buffers Ethernet 0Ethernet0 buffers, 1524 bytes (total 64, permanent 64):16 in free list (0 min, 64 max allowed)48 hits, 0 fallbacks16 max cache size, 16 in cache
Table 49 describes significant fields shown in the display.
show calendar
To display the current time and date setting for the hardware clock, use the show calendar EXEC command:
show calendar
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Usage Guidelines
Some platforms have a hardware clock (calendar) which is separate from the software clock. The hardware clock is battery operated, and runs continuously, even if the router is powered off or rebooted.
You can compare the time and date shown with this command with the time and date listed via the show clock EXEC command to verify that the hardware clock and software clock are synchronized with each other. The time displayed is relative to the configured time zone.
Examples
In the following sample display, the hardware clock indicates the time stamp of 12:13:44 p.m. on Friday, July 19, 1996:
Router> show calendar12:13:44 PST Fri Jul 19 1996Related Commands
show clock
To display the time and date from the system software clock, use the show clock EXEC command.
show clock [detail]
Syntax Description
detail
(Optional) Indicates the clock source (NTP, VINES, hardware clock, and so on) and the current summer-time setting (if any).
Command Modes
EXEC
Command History
Usage Guidelines
The software clock keeps an "authoritative" flag that indicates whether the time is authoritative (believed to be accurate). If the software clock has been set by a timing source (for example, via NTP), the flag is set. If the time is not authoritative, it will be used only for display purposes. Until the clock is authoritative and the "authoritative" flag is set, the flag prevents peers from synchronizing to the software clock.
The symbol that precedes the show clock display indicates the following:
*
Time is not authoritative.
(blank)
Time is authoritative.
.
Time is authoritative, but NTP is not synchronized.
Note
Examples
The following sample output shows that the current clock is authoritative and that the time source is NTP:
Router> show clock detail15:29:03.158 PST Mon Mar 3 1999Time source is NTPThe following example shows the current clock is authoritative, but NTP is not yet synchronized:
Router> show clock.16:42:35.597 UTC Wed Nov 1 1999Related Commands
Manually sets the software clock.
Displays the current time and date setting of the system hardware clock.
show idb
To display information about the status of interface descriptor blocks (IDBs), use the show idb command in privileged EXEC mode.
show idb
Syntax Description
This command has nor arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Privileged EXEC
Command History
12.1
This command was introduced.
12.2(15)T
The output of this command was changed to show additional information.
Examples
The following is sample output from the show idb command:
Router# show idbMaximum number of Software IDBs 8192. In use 17.HWIDBs SWIDBsActive 5 14Inactive 10 3Total IDBs 15 17Size each (bytes) 5784 2576Total bytes 86760 43792HWIDB#1 1 2 GigabitEthernet0/0 0 5, HW IFINDEX, Ether)HWIDB#2 2 3 GigabitEthernet9/0 0 5, HW IFINDEX, Ether)HWIDB#3 3 4 GigabitEthernet9/1 6 5, HW IFINDEX, Ether)HWIDB#4 4 5 GigabitEthernet9/2 6 5, HW IFINDEX, Ether)HWIDB#5 13 1 Ethernet0 4 5, HW IFINDEX, Ether)Table 50 describes the significant fields shown in the display.
show ntp associations
To show the status of Network Time Protocol (NTP) associations, use the show ntp associations EXEC command.
show ntp associations [detail]
Syntax Description
Command Modes
EXEC
Command History
Examples
Detailed descriptions of the information displayed by this command can be found in the NTP specification (RFC 1305).
The following is sample output from the show ntp associations command:
Router> show ntp associationsaddress ref clock st when poll reach delay offset disp~172.31.32.2 172.31.32.1 5 29 1024 377 4.2 -8.59 1.6+~192.168.13.33 192.168.1.111 3 69 128 377 4.1 3.48 2.3*~192.168.13.57 192.168.1.111 3 32 128 377 7.9 11.18 3.6* master (synced), # master (unsynced), + selected, - candidate, ~ configuredTable 51 describes the significant fields shown in the display.
The following is sample output of the show ntp associations detail command:
Router> show ntp associations detail172.31.32.2 configured, insane, invalid, stratum 5ref ID 172.31.32.1, time AFE252C1.6DBDDFF2 (00:12:01.428 PDT Mon Jul 5 1993)our mode active, peer mode active, our poll intvl 1024, peer poll intvl 64root delay 137.77 msec, root disp 142.75, reach 376, sync dist 215.363delay 4.23 msec, offset -8.587 msec, dispersion 1.62precision 2**19, version 3org time AFE252E2.3AC0E887 (00:12:34.229 PDT Mon Jul 5 1993)rcv time AFE252E2.3D7E464D (00:12:34.240 PDT Mon Jul 5 1993)xmt time AFE25301.6F83E753 (00:13:05.435 PDT Mon Jul 5 1993)filtdelay = 4.23 4.14 2.41 5.95 2.37 2.33 4.26 4.33filtoffset = -8.59 -8.82 -9.91 -8.42 -10.51 -10.77 -10.13 -10.11filterror = 0.50 1.48 2.46 3.43 4.41 5.39 6.36 7.34192.168.13.33 configured, selected, sane, valid, stratum 3ref ID 192.168.1.111, time AFE24F0E.14283000 (23:56:14.078 PDT Sun Jul 4 1993)our mode client, peer mode server, our poll intvl 128, peer poll intvl 128root delay 83.72 msec, root disp 217.77, reach 377, sync dist 264.633delay 4.07 msec, offset 3.483 msec, dispersion 2.33precision 2**6, version 3org time AFE252B9.713E9000 (00:11:53.442 PDT Mon Jul 5 1993)rcv time AFE252B9.7124E14A (00:11:53.441 PDT Mon Jul 5 1993)xmt time AFE252B9.6F625195 (00:11:53.435 PDT Mon Jul 5 1993)filtdelay = 6.47 4.07 3.94 3.86 7.31 7.20 9.52 8.71filtoffset = 3.63 3.48 3.06 2.82 4.51 4.57 4.28 4.59filterror = 0.00 1.95 3.91 4.88 5.84 6.82 7.80 8.77192.168.13.57 configured, our_master, sane, valid, stratum 3ref ID 192.168.1.111, time AFE252DC.1F2B3000 (00:12:28.121 PDT Mon Jul 5 1993)our mode client, peer mode server, our poll intvl 128, peer poll intvl 128root delay 125.50 msec, root disp 115.80, reach 377, sync dist 186.157delay 7.86 msec, offset 11.176 msec, dispersion 3.62precision 2**6, version 2org time AFE252DE.77C29000 (00:12:30.467 PDT Mon Jul 5 1993)rcv time AFE252DE.7B2AE40B (00:12:30.481 PDT Mon Jul 5 1993)xmt time AFE252DE.6E6D12E4 (00:12:30.431 PDT Mon Jul 5 1993)filtdelay = 49.21 7.86 8.18 8.80 4.30 4.24 7.58 6.42filtoffset = 11.30 11.18 11.13 11.28 8.91 9.09 9.27 9.57filterror = 0.00 1.95 3.91 4.88 5.78 6.76 7.74 8.71Table 52 describes the significant fields shown in the display.
Related Commands
show ntp status
To show the status of the Network Time Protocol (NTP), use the show ntp status EXEC command.
show ntp status
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output from the show ntp status command:
Router> show ntp statusClock is synchronized, stratum 4, reference is 192.168.13.57nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19reference time is AFE2525E.70597B34 (00:10:22.438 PDT Mon Jul 5 1993)clock offset is 7.33 msec, root delay is 133.36 msecroot dispersion is 126.28 msec, peer dispersion is 5.98 msecTable 53 describes the significant fields shown in the display.
Related Commands
show registry
To show the function registry information, use the show registry EXEC command.
show registry [registry-name [registry-num]] [brief | statistics]
Syntax Description
Defaults
brief
Command Modes
EXEC
Command History
Examples
The following example is sample output of the show registry command using the brief argument:
Switch> show registry atm 3/0/0 briefRegistry objects: 1799 bytes: 213412--Registry 23: ATM RegistryService 23/0:Service 23/1:Service 23/2:Service 23/3:Service 23/4:Service 23/5:Service 23/6:Service 23/7:Service 23/8:Service 23/9:Service 23/10:Service 23/11:Service 23/12:Service 23/13:Service 23/14:--RegistrY 25: ATM routing RegistryService 25/0:show sntp
To show information about the Simple Network Time Protocol (SNTP), use the show sntp EXEC command on a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720, or Cisco 1750 router.
show sntp
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following is sample output from the show sntp command:
Router> show sntpSNTP server Stratum Version Last Receive171.69.118.9 5 3 00:01:02172.21.28.34 4 3 00:00:36 Synced BcastBroadcast client mode is enabled.Table 54 describes the significant fields shown in the display.
Related Commands
sntp broadcast client
To use the Simple Network Time Protocol (SNTP) to accept Network Time Protocol (NTP) traffic from any broadcast server, use the sntp broadcast client global configuration command to configure a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720, or Cisco 1750 router. To prevent the router from accepting broadcast traffic, use the no form of this command.
sntp broadcast client
no sntp broadcast client
Syntax Description
This command has no arguments or keywords.
Defaults
The router does not accept SNTP traffic from broadcast servers.
Command Modes
Global configuration
Command History
Usage Guidelines
SNTP is a compact, client-only version of the NTP. SNMP can only receive the time from NTP servers; it cannot be used to provide time services to other systems.
SNTP typically provides time within 100 milliseconds of the accurate time, but it does not provide the complex filtering and statistical mechanisms of NTP. In addition, SNTP does not authenticate traffic, although you can configure extended access lists to provide some protection.
You must configure the router with either this command or the sntp server global configuration command to enable SNTP.
Examples
The following example enables the router to accept broadcast NTP packets and shows sample show sntp command output:
Router(config)# sntp broadcast clientRouter(config)# endRouter#%SYS-5-CONFIG: Configured from console by consoleRouter# show sntpSNTP server Stratum Version Last Receive172.21.28.34 4 3 00:00:36 Synced BcastBroadcast client mode is enabled.Related Commands
sntp server
To configure a Cisco 1003, Cisco 1004, Cisco 1005, Cisco 1600, Cisco 1720, Cisco 1750, or Cisco 800 router to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from a stratum 1 time server, use the sntp server global configuration command. To remove a server from the list of NTP servers, use the no form of this command.
sntp server {address | hostname} [version number]
no sntp server {address | hostname}
Syntax Description
address
IP address of the time server.
hostname
Host name of the time server.
version number
(Optional) Version of NTP to use. The default is 1.
Defaults
The router does not accept SNTP traffic from a time server.
Command Modes
Global configuration
Command History
Usage Guidelines
SNTP is a compact, client-only version of the NTP. SNMP can only receive the time from NTP servers; it cannot be used to provide time services to other systems.
SNTP typically provides time within 100 milliseconds of the accurate time, but it does not provide the complex filtering and statistical mechanisms of NTP. In addition, SNTP does not authenticate traffic, although you can configure extended access lists to provide some protection.
Enter this command once for each NTP server.
You must configure the router with either this command or the sntp broadcast client global configuration command in order to enable SNTP.
SNTP time servers should operate only at the root (stratum 1) of the subnet, and then only in configurations where no other source of synchronization other than a reliable radio or modem time service is available. A stratum 2 server cannot be used as an SNTP time server. The use of SNTP rather than NTP in primary servers should be carefully considered.
Examples
The following example enables the router to request and accept NTP packets from the server at 172.21.118.9 and displays sample show sntp command output:
Router(config)# sntp server 172.21.118.9Router(config)# endRouter#%SYS-5-CONFIG: Configured from console by consoleRouter# show sntpSNTP server Stratum Version Last Receive172.21.118.9 5 3 00:01:02 SyncedRelated Commands
time-range
To enable time-range configuration mode and define time ranges for functions (such as extended access lists), use the time-range global configuration command. To remove the time limitation, use the no form of this command.
time-range time-range-name
no time-range time-range-name
Syntax Description
time-range-name
Desired name for the time range. The name cannot contain a space or quotation mark, and must begin with a letter.
Defaults
None
Command Modes
Global configuration
Command History
Usage Guidelines
The time-range entries are identified by a name, which is referred to by one or more other configuration commands. Multiple time ranges can occur in a single access list or other feature.
Note
After the time-range command, use the periodic time-range configuration command, the absolute time-range configuration command, or some combination of them to define when the feature is in effect. Multiple periodic commands are allowed in a time range; only one absolute command is allowed.
Tip
Examples
The following example denies HTTP traffic on Monday through Friday from 8:00 a.m. to 6:00 p.m. The example allows UDP traffic on Saturday and Sunday from noon to midnight only.
time-range no-httpperiodic weekdays 8:00 to 18:00!time-range udp-yesperiodic weekend 12:00 to 24:00!ip access-list extended strictdeny tcp any any eq http time-range no-httppermit udp any any time-range udp-yes!interface ethernet 0ip access-group strict inRelated Commands
