- Bulk Content Downloader (BCDL) Commands
- Call Home Commands
- Boot Commands
- CDP Commands
- Clock Commands
- Configuration Management Commands
- Distributed Route Processor Commands
- File System Commands
- Hardware Redundancy and Node Administration Commands
- Manageability Commands
- NTP Commands
- Object Tracking Commands
- Process and Memory Management Commands
- Secure Domain Router Commands
- SNMP Server Commands
- Software Entitlement Commands
- Software Package Management Commands
- Terminal Services Commands
- Utility Commands
- Index
- access-group (NTP)
- authenticate (NTP)
- authentication-key (NTP)
- broadcast
- broadcast client
- broadcastdelay
- interface (NTP)
- master
- max-associations
- multicast client
- multicast destination
- ntp
- ntp clear
- ntp reset drift
- peer (NTP)
- server (NTP)
- show calendar
- show ntp associations
- show ntp status
- source (NTP)
- trusted-key
- update-calendar
NTP Commands
This chapter describes the Cisco IOS XR Network Time Protocol (NTP) commands used to perform basic network time management tasks, including synchronizing time settings and coordinating time distribution over the network.
When an NTP server or client is configured, NTP features are available on all router interfaces. NTP features can be disabled for any specified interface, local or remote, to the route processor (RP).
For detailed information about NTP concepts, configuration tasks, and examples, see the Implementing NTP on Cisco IOS XR Software configuration module in Cisco IOS XR System Management Configuration Guide for the Cisco CRS Router.
- access-group (NTP)
- authenticate (NTP)
- authentication-key (NTP)
- broadcast
- broadcast client
- broadcastdelay
- interface (NTP)
- master
- max-associations
- multicast client
- multicast destination
- ntp
- ntp clear
- ntp reset drift
- peer (NTP)
- server (NTP)
- show calendar
- show ntp associations
- show ntp status
- source (NTP)
- trusted-key
- update-calendar
access-group (NTP)
To control access to Network Time Protocol (NTP) services for an IPv4 or IPv6 access list, use the access-group command in one of the NTP configuration modes. To remove the access-group command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.
access-group [ vrf vrf-name ] [ ipv4 | ipv6 ] { peer | query-only | serve | serve-only } access-list-name
no access-group [ vrf vrf-name ] [ ipv4 | ipv6 ] { peer | query-only | serve | serve-only }
Syntax Description
vrf vrf-name |
(Optional) Applies the access control configuration to a specified nondefault VRF. If not specified, the configuration is applied to the default VRF. |
ipv4 |
(Optional) Specifies an IPv4 access list (default). |
ipv6 |
(Optional) Specifies an IPv6 access list. |
peer |
Allows time requests and NTP control queries and allows a networking device to synchronize to the remote system. |
query-only |
Allows only NTP control queries. Cisco IOS XR software uses NTP Version 4, but the RFC for Version 3 (RFC 1305: Network Time Protocol (Version 3)—Specification, Implementation and Analysis) still applies. |
serve |
Allows time requests and NTP control queries, but does not allow the networking device to synchronize to the remote system. |
serve-only |
Allows only time requests. |
access-list-name |
Name of an IPv4 or IPv6 access list. |
Command Default
No NTP access control is configured.
Command Modes
NTP configuration
VRF-specific NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
Support was added for: |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The access group options are scanned in the following order from least restrictive to most restrictive:
-
peer—Allows time requests and NTP control queries and allows the router to synchronize itself to a system whose address passes the access list criteria.
-
serve—Allows time requests and NTP control queries, but does not allow the router to synchronize itself to a system whose address passes the access list criteria.
-
serve-only—Allows only time requests from a system whose address passes the access list criteria.
-
query-only—Allows only NTP control queries from a system whose address passes the access list criteria.
Access is granted for the first match that is found. If no access groups are specified, all access is granted to all sources. If any access groups are specified, only the specified access is granted. This facility provides minimal security for the time services of the system. However, it can be circumvented by a determined programmer. If tighter security is desired, use the NTP authentication facility.
If you use the access-group command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure the router to allow itself to be synchronized by a peer from an IPv4 access list named access1 and to restrict access to allow only time requests from an IPv4 access list named access2:
RP/0/RP0/CPU0:router(config-ntp)# access-group peer access1 RP/0/RP0/CPU0:router(config-ntp)# access-group serve-only access2
The following example shows how to configure the router to allow itself to be synchronized by peers from the IPv6 access list named access20 that route through the vrf10 VRF:
RP/0/RP0/CPU0:router(config-ntp)# access-group vrf vrf10 ipv6 peer access20
Related Commands
Command |
Description |
---|---|
ipv4 access-list |
Defines an IPv4 access list by name. |
ipv6 access-list |
Defines an IPv6 access list by name. |
vrf |
Configures a VRF instance for a routing protocol. |
authenticate (NTP)
To enable Network Time Protocol (NTP) authentication, use the authenticate command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.
authenticate
no authenticate
Syntax Description
This command has no keywords or arguments.
Command Default
No NTP authentication is configured.
Command Modes
NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the authenticate command to prevent the system from synchronizing with unauthenticated and unconfigured network peers.
If the system has been configured with the broadcast client or multicast client command in NTP configuration mode, and when the system receives an incoming symmetric active NTP packet, or if the system receives a broadcast or multicast mode NTP packet, it can set up an ephemeral peer association in order to synchronize with the sender.
If the authenticate command is specified, and when a symmetric active, broadcast, or multicast NTP packet is received, the system will not synchronize to the peer unless the packet carries one of the authentication keys specified in the trusted-key command.
You must enable authenticate when enabling broadcast client or multicast client command in NTP configuration mode unless you have other measures (such as using the access-group command in NTP configuration mode) to prevent unauthorized hosts from communicating with the NTP service on the device.
Use the no authenticate command to allow synchronizing with unauthenticated and unconfigured network peers.
The authenticate command does not ensure authentication of peer associations that are created using the server and peer commands in NTP configuration mode. When creating associations using the server and peer commands in NTP configuration mode, specify the key keyword to ensure the authentication of packets that move to and from the remote peer. See the documentation of the respective commands for more information.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure the system to synchronize only to a system that provides an authentication key 42 in its NTP packets:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# authenticate RP/0/RP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1 RP/0/RP0/CPU0:router(config-ntp)# trusted-key 42
Related Commands
Command | Description |
Defines an authentication key for a trusted Network Time Protocol (NTP) time source. | |
Designates a Network Time Protocol (NTP) trusted key. |
authentication-key (NTP)
To define an authentication key for a trusted Network Time Protocol (NTP) time source, use the authentication-key command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.
authentication-key key-number md5 [ clear | encrypted ] key-name
no authentication-key key-number
Syntax Description
key-number |
Authentication key. A number in the range from 1 to 65535. |
md5 |
Provides message authentication support using the Message Digest 5 (MD5) algorithm. |
clear |
(Optional) Specifies that the key value entered after this keyword is unencrypted. |
encrypted |
(Optional) Specifies that the key value entered after this keyword is encrypted. |
key-name |
Key value. The maximum length is 32 characters. |
Command Default
No authentication key is defined for NTP.
Command Modes
NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the authentication-key command to define authentication keys for use with trusted NTP time sources.
Note | When this command is written to NVRAM, the key is encrypted so that it is not displayed when the configuration is displayed. |
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in their NTP packets:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# authenticate RP/0/RP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1 RP/0/RP0/CPU0:router(config-ntp)# trusted-key 42
Related Commands
Command | Description |
Enables Network Time Protocol (NTP) authentication. | |
Configures the system clock to synchronize a peer or to be synchronized by a peer. | |
Allows the system clock to be synchronized by a time server. | |
Designates a Network Time Protocol (NTP) trusted key. |
broadcast
To create a Network Time Protocol (NTP) broadcast server on a specified NTP interface, use the broadcast command in NTP interface configuration mode. To remove the command from the configuration file and restore the system to its default condition, use the no form of this command.
broadcast [ destination ip-address ] [ key key-id ] [ version number ]
no broadcast [ destination ip-address ] [ key key-id ] [ version number ]
Syntax Description
destination ip-address |
(Optional) Specifies the host IPv4 address. |
key key-id |
(Optional) Defines the authentication key, where key-id is the authentication key to use when sending packets to this peer. The key identified by the key-id value is also used for packets received from the peer. |
version number |
(Optional) Specifies a number from 1 to 4, indicating the NTP version. |
Command Default
No NTP broadcast servers are configured.
Command Modes
NTP interface configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the broadcast command to create an NTP broadcast server on an NTP interface to send NTP broadcast packets.
Use the broadcast client command to set a specific interface to receive NTP broadcast packets.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure interface 0/0/0/1 to send NTP packets to destination host IP address 10.0.0.0:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# interface tengige 0/0/0/1 RP/0/RP0/CPU0:router(config-ntp-int)# broadcast destination 10.0.0.0
Related Commands
Command | Description |
Allows a networking device to receive Network Time Protocol (NTP) broadcast packets on an interface. | |
Sets the estimated round-trip delay between a Network Time Protocol (NTP) client and an NTP broadcast server. |
broadcast client
To allow a networking device to receive Network Time Protocol (NTP) broadcast packets on an interface, use the broadcast client command in NTP interface configuration mode. To remove the configuration and restore the system to its default condition, use the no form of this command.
broadcast client
no broadcast client
Syntax Description
This command has no keywords or arguments.
Command Default
No NTP broadcast clients are configured.
Command Modes
NTP interface configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the broadcast client command to configure and create an NTP broadcast client and to associate the client with an interface to receive and handle NTP broadcast packets. If no NTP client has been created for an interface, the received NTP broadcast packets are dropped. Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis.
To prevent synchronization with unauthorized systems, whenever this command is specified, authentication must be enabled using the authenticate (NTP) command or access must be restricted to authorized systems using the access-group (NTP) command. See the documentation of the respective commands for more information.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure interface 0/0/0/1 to send NTP packets:
RP/0/RP0/CPU0:router(config)# ntp interface tengige 0/0/0/1 RP/0/RP0/CPU0:router(config-ntp-int)# broadcast client
Related Commands
Command | Description |
Creates a Network Time Protocol (NTP) broadcast server on a specified NTP interface. | |
Sets the estimated round-trip delay between a Network Time Protocol (NTP) client and an NTP broadcast server. |
broadcastdelay
To set the estimated round-trip delay between a Network Time Protocol (NTP) client and an NTP broadcast server, use the broadcastdelay command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.
broadcastdelay microseconds
no broadcastdelay microseconds
Syntax Description
microseconds |
Estimated round-trip time for NTP broadcasts, in microseconds. The range is from 1 to 999999. The default is 3000. |
Command Default
microseconds: 3000
Command Modes
NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the broadcastdelay command to change the default round-trip delay time on a networking device that is configured as a broadcast client.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to set the estimated round-trip delay between a networking device and the broadcast client to 5000 microseconds:
RP/0/RP0/CPU0:router(config-ntp)# broadcastdelay 5000
interface (NTP)
To enter a Network Time Protocol (NTP) interface mode and run NTP interface configuration commands, use the interface command in one of the NTP configuration modes. To remove an NTP interface configuration, use the no form of this command.
interface type interface-path-id [ vrf vrf-name ] [disable]
no interface type interface-path-id [disable]
Syntax Description
type |
Interface type. For more information, use the question mark (?) online help function. |
||
interface-path-id |
Physical interface or virtual interface.
For more information about the syntax for the router, use the question mark (?) online help function. |
||
vrf vrf-name |
(Optional) Applies the interface configuration to a specific nondefault VRF. |
||
disable |
(Optional) Disables NTP on the specified interface. |
Command Default
No NTP interfaces are configured.
Command Modes
NTP configuration mode
VRF-specific NTP configuration mode
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
Support was added for the vrf keyword and the vrf-name argument. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the interface command to place the router in NTP interface configuration mode, from which NTP broadcast and multicast servers and clients can be configured. By default, after the NTP process is started, NTP features become available for all interfaces. To exit NTP interface configuration mode, use the exit command.
If you use the interface command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.
By default, NTP is enabled on every interface. To disable NTP on a specific interface, use the interface command with the disable keyword. To reenable NTP on an interface, use the no form of the interface command with the disable keyword.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to enter NTP configuration mode, specify an NTP interface to be configured, and enter NTP interface configuration mode:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# interface POS 0/1/0/0 RP/0/RP0/CPU0:router(config-ntp-int)#
The following example shows how to enter a VRF-specific NTP interface configuration mode:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# interface TenGiGE 0/1/1/0 vrf vrf_10 RP/0/RP0/CPU0:router(config-ntp-int)#
The following example shows a different way to enter a VRF-specific NTP interface configuration mode:
RP/0/RP0/CPU0:router(config)# ntp vrf vrf_10 RP/0/RP0/CPU0:router(config-ntp-vrf)# interface TenGigE 0/1/1/0 RP/0/RP0/CPU0:router(config-ntp-int)#
master
To configure the router to use its own Network Time Protocol (NTP) master clock to synchronize with peers when an external NTP source becomes unavailable, use the master command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.
master [stratum]
no master [stratum]
Syntax Description
stratum |
(Optional) NTP stratum number that the system claims. Range is from 1 to 15. The default is 8. |
Command Default
By default, the master clock function is disabled. When the function is enabled, the default stratum is 8.
Command Modes
NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
NTP uses the concept of a “stratum” to describe how many NTP “hops” away a machine is from an authoritative time source. A stratum 1 time server has a radio or atomic clock attached directly. A stratum 2 time server receives its time through NTP from a stratum 1 time server, a stratum 3 from a stratum 2, and so on.
Caution | Use the master command with extreme caution. It is easy to override other valid time sources using this command, especially if a low-stratum number is configured. Configuring multiple machines in the same network with the master command can lead to instability in time-keeping if the machines do not agree on the time. |
The networking device is normally synchronized, directly or indirectly, with an external system that has a clock. Cisco IOS XR software does not support directly attached radio or atomic clocks. The master command should be used only when there is a temporary disruption in a reliable time service. It should not be employed as an alternative source by itself in the absence of a real-time service.
If the system has the master command configured and it cannot reach any clock that has a lower stratum number, the system claims to be synchronized at the configured stratum number. Other systems synchronize with it through NTP.
Note | The system clock must have been manually set from some source before the master command has an effect. This precaution protects against the distribution of erroneous time after the system is restarted. |
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure a networking device as an NTP master clock to which peers may synchronize:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# master 9
max-associations
To set the maximum number of Network Time Protocol (NTP) associations, use the max-associations command in NTP configuration mode. To restore the default setting, use the no form of this command.
max-associations number
no max-associations number
Syntax Description
number |
Maximum number of NTP associations. Range is from 0 to 4294967295. The default is 100. |
Command Default
The default setting for the maximum number of NTP associations is 100.
Command Modes
NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the max-associations command to specify the maximum number of associations for an NTP server.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to set the maximum number of associations to 200:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# max-associations 200
Related Commands
Command | Description |
Displays the status of Network Time Protocol associations. |
multicast client
To configure an NTP interface as an NTP multicast client, use the multicast client command in NTP interface configuration mode. To remove the NTP multicast client configuration from an interface, use the no form of this command.
multicast client [ip-address]
no multicast client [ip-address]
Syntax Description
ip-address |
IPv4 or IPv6 IP address of the multicast group to join. The default is the IPv4 address 224.0.1.1. |
Command Default
The interface is not configured as an NTP multicast client.
Command Modes
NTP interface configuration
Command History
Release |
Modification |
---|---|
Release 3.8.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the multicast client command to configure an NTP interface to receive multicast packets that are sent to an IPv4 or IPv6 multicast group IP address. If you do not specify an IP address, the interface is configured to receive multicast packets sent to the IPv4 multicast group address 224.0.1.1. You can configure multiple multicast groups on the same interface.
To prevent synchronization with unauthorized systems, whenever this command is specified, authentication must be enabled using the authenticate (NTP) command or access must be restricted to authorized systems using the access-group (NTP) command. See the documentation of the respective commands for more information.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure the router to receive NTP multicast packets to the multicast group address of 224.0.1.1:
RP/0/RP0/CPU0:router(config)# ntp interface TenGigE 0/1/1/0 RP/0/RP0/CPU0:router(config-ntp-int)# multicast client
Related Commands
Command | Description |
Configures an NTP interface as an NTP multicast server. |
multicast destination
To configure an NTP interface as an NTP multicast server, use the multicast destination command in NTP interface configuration mode. To remove the NTP multicast server configuration from an interface, use the no form of this command.
multicast destination ip-address [ key key-id ] [ ttl ttl ] [ version number ]
no multicast destination ip-address [ key key-id ] [ ttl ttl ] [ version number ]
Syntax Description
ip-address |
The IPv4 or IPv6 multicast group IP address to which to send NTP multicast packets. |
key key-id |
(Optional) Specifies an authentication key, where the value of the key-id argument is the authentication key to use when sending multicast packets to the specified multicast group. |
ttl ttl |
(Optional) Specifies the time to live (TTL) of a multicast packet. |
version number |
(Optional) Specifies the NTP version number. |
Command Default
The interface is not configured as an NTP multicast server.
Command Modes
NTP interface configuration
Command History
Release |
Modification |
---|---|
Release 3.8.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure the router to send NTP multicast packets to the multicast group address of 224.0.1.1:
RP/0/RP0/CPU0:router(config)# ntp interface TenGigE 0/1/1/0 RP/0/RP0/CPU0:router(config-ntp-int)# multicast destination 224.0.1.1
Related Commands
Command | Description |
Configures an NTP interface as an NTP multicast client. |
ntp
global
configuration mode.ntp [ vrf vrf-name ]
Syntax Description
vrf vrf-name |
(Optional) Enters a VRF-specific NTP configuration mode. |
Command Default
No defaults behavior or values
Command Modes
Global configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
Support was added for the vrf vrf-name ip-address keyword and arguments. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
NTP configuration commands can also be run from global configuration mode by preceding the command string with the ntp keyword. From NTP configuration mode, the following NTP configuration commands are available:
RP/0/RP0/CPU0:router(config-ntp)# ?
access-group Control NTP access
authenticate Authenticate time sources
authentication-key Authentication key for trusted time sources
broadcastdelay Estimated round-trip delay
commit Commit the configuration changes to running
default Set a command to its defaults
describe Describe a command without taking real actions
do Run an exec command
exit Exit from this submode
interface Configure NTP on an interface
master Act as NTP master clock
max-associations Set maximum number of associations
no Negate a command or set its defaults
peer Configure NTP peer
port Enable NTP port
server Configure NTP server
show Show contents of configuration
source Configure interface for source address
trusted-key Key numbers for trusted time sources
update-calendar Periodically update calendar with NTP time
Use the ntp command with the vrf vrf-name keyword and argument to enter an NTP configuration mode specific to the specified VRF.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to enter NTP configuration mode:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)#
The following example shows how to enter an NTP configuration mode for a VRF called VRF1:
RP/0/RP0/CPU0:router(config)# ntp vrf vrf1 RP/0/RP0/CPU0:router(config-ntp-vrf)#
ntp clear
To clear all Network Time Protocol (NTP) peers or a specific NTP peer, use the ntp clear command in EXEC mode.
ntp clear { peer | all | vrf vrf-name ip-address }
Syntax Description
peer |
IPv4 address or hostname of the NTP peer to be cleared. |
all |
Clears all NTP peers. |
vrf vrf-name |
Clears a peer on the specified nondefault VRF. |
ip-address |
IPv4 or IPv6 IP address of the peer. |
Command Default
No defaults behavior or values
Command Modes
EXEC
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
The * keyword was replaced by the all keyword. Support was added for the vrf vrf-name ip-address keyword and arguments. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to clear all NTP peers:
RP/0/RP0/CPU0:router# ntp clear all
ntp reset drift
EXEC
mode.ntp reset drift
Syntax Description
This command has no keywords or arguments.
Command Default
No defaults behavior or values
Command Modes
EXEC
Command History
Release |
Modification |
---|---|
Release 3.8.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the ntp reset drift command to set the loopfilter state to NSET (never set) and reset the drift. Resetting the loopfilter state and drift enables the router to relearn the frequency of the NTP server clock. This is necessary if there is a synchronization error caused by a large frequency error. This can arise, for example, if the router switches from synchronizing with one NTP server to synchronizing with another NTP server with a different frequency.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to reset the NTP drift and loopfilter state:
RP/0/RP0/CPU0:router# ntp reset drift
Thu Nov 13 11:21:04.381 JST
The following example shows NTP status before and after resetting NTP drift and loopfilter state:
RP/0/RP0/CPU0:router# show ntp status Thu Nov 13 11:20:53.122 JST Clock is synchronized, stratum 3, reference is 192.168.128.5 nominal freq is 1000.0000 Hz, actual freq is 1000.2787 Hz, precision is 2**24 reference time is CCC60CBE.9F836478 (11:17:34.623 JST Thu Nov 13 2008) clock offset is -3.172 msec, root delay is 189.289 msec root dispersion is 70.03 msec, peer dispersion is 0.11 msec loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.0002785891 s/s system poll interval is 128, last update was 199 sec ago RP/0/RP0/CPU0:router# ntp reset drift Thu Nov 13 11:21:04.381 JST RP/0/RP0/CPU0:router# show ntp status Thu Nov 13 11:21:10.595 JST Clock is unsynchronized, stratum 16, no reference clock nominal freq is 1000.0000 Hz, actual freq is 1000.0000 Hz, precision is 2**24 reference time is CCC60CBE.9F836478 (11:17:34.623 JST Thu Nov 13 2008) clock offset is -3.172 msec, root delay is 0.000 msec root dispersion is 0.09 msec, peer dispersion is 0.00 msec loopfilter state is 'NSET' (Never set), drift is 0.0000000000 s/s system poll interval is 64, last update was 216 sec ago
Related Commands
Command | Description |
Displays the status of NTP. |
peer (NTP)
To configure the system clock to synchronize a peer or to be synchronized by a peer, use the peer command in one of the NTP configuration modes. To remove the peer command from the configuration file and restore the system to its default condition with respect to the command, use the no form of this command.
peer [ vrf vrf-name ] [ ipv4 | ipv6 ] ip-address [ version number ] [ key key-id ] [ minpoll interval ] [ maxpoll interval ] [ source type interface-path-id ] [prefer] [burst] [iburst]
no peer [ vrf vrf-name ] [ ipv4 | ipv6 ] ip-address
Syntax Description
vrf vrf-name |
(Optional) Applies the peer configuration to the specified nondefault VRF. |
||
ipv4 |
(Optional) Specifies an IPv4 IP address. |
||
ipv6 |
(Optional) Specifies an IPv6 IP address. |
||
ip-address |
IPv4 or IPv6 address of the peer providing or being provided with the clock synchronization. |
||
version number |
(Optional) Defines the Network Time Protocol (NTP) version number, where the number argument is a value from 1 to 4. The default is 4. |
||
key key-id |
(Optional) Defines the authentication key, where the key-id argument is the authentication key to use when packets are sent to this peer. The authentication key is also used for packets received from the peer. By default, no authentication key is used. |
||
minpoll interval |
(Optional) Defines the shortest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 6. |
||
maxpoll interval |
(Optional) Defines the longest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 10. |
||
source |
(Optional) IP source address. The default is the outgoing interface. |
||
type |
(Optional) Interface type. For more information, use the question mark (?) online help function. |
||
interface-path-id |
(Optional) Physical interface or virtual interface.
For more information about the syntax for the router, use the question mark (?) online help function. |
||
prefer |
(Optional) Makes this peer the preferred peer that provides synchronization. |
||
burst |
(Optional) Sends a series of packets instead of a single packet within each synchronization interval to achieve faster synchronization. |
||
iburst |
(Optional) Sends a series of packets instead of a single packet within the initial synchronization interval to achieve faster initial synchronization. |
Command Default
No peers are configured by default.
Command Modes
NTP configuration
VRF-specific NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
Support was added for the following keywords and arguments: |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the peer command to allow this machine to synchronize with the peer, or conversely.
Caution | Although using the prefer keyword can help reduce the switching among peers, you should avoid using the keyword because it interferes with the source selection mechanism of NTP and can result in a degradation in performance. |
The value for the minpoll keyword must be less than or equal to the value for the maxpoll keyword. If this is not the case, the system issues an error message.
To provide peer-level service (as opposed to client/server-level service), it may be necessary to explicitly specify the NTP version for the peer if it is not version 4.
If you use the peer command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.
Note | To change the configuration of a specific IP address from peer to server or from server to peer, use the no form of the peer or server command to remove the current configuration before you perform the new configuration. If you do not remove the old configuration before performing the new configuration, the new configuration does not overwrite the old configuration. |
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure a networking device to allow its system clock to be synchronized with the clock of the peer (or conversely) at IP address 10.0.0.0 using NTP. The source IP address is the address of interface 0/0/0/1.
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# peer 10.0.0.0 minpoll 8 maxpoll 12 source tengige 0/0/0/1
Related Commands
Command | Description |
Defines an authentication key for a trusted Network Time Protocol (NTP) time source. | |
Allows the system clock to be synchronized by a time server. | |
Specifies a particular source address to use in Network Time Protocol (NTP) packets. |
server (NTP)
To allow the system clock to be synchronized by a time server, use the server command in one of the NTP configuration modes. To remove the server command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.
server [ vrf vrf-name ] [ ipv4 | ipv6 ] ip-address [ version number ] [ key key-id ] [ minpoll interval ] [ maxpoll interval ] [ source type interface-path-id ] [prefer] [burst] [iburst]
no server [ vrf vrf-name ] [ ipv4 | ipv6 ] ip-address
Syntax Description
vrf vrf-name |
(Optional) Applies the server configuration to the specified nondefault VRF. |
||
ipv4 |
(Optional) Specifies an IPv4 IP address. |
||
ipv6 |
(Optional) Specifies an IPv6 IP address. |
||
ip-address |
IPv4 or IPv6 address of the time server providing the clock synchronization. |
||
version number |
(Optional) Defines the Network Time Protocol (NTP) version number, where the number argument is a value from 1 to 4. The default is 4. |
||
key key-id |
(Optional) Defines the authentication key, where the key-id argument is the authentication key to use when packets are sent to this peer. By default, no authentication key is used. |
||
minpoll interval |
(Optional) Defines the shortest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 6. |
||
maxpoll interval |
(Optional) Defines the longest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 10. |
||
source |
(Optional) Specifies the IP source address. The default is the outgoing interface. |
||
type |
(Optional) Interface type. For more information, use the question mark ( ? ) online help function. |
||
interface-path-id |
(Optional) Physical interface or virtual interface.
For more information about the syntax for the router, use the question mark (?) online help function. |
||
prefer |
(Optional) Makes this peer the preferred server that provides synchronization. |
||
burst |
(Optional) Sends a series of packets instead of a single packet within each synchronization interval to achieve faster synchronization. |
||
iburst |
(Optional) Sends a series of packets instead of a single packet within the initial synchronization interval to achieve faster initial synchronization. |
Command Default
No servers are configured by default.
Command Modes
NTP configuration
VRF-specific NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
Support was added for the following keywords and arguments: |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
The value for the minpoll keyword must be less than or equal to the value for the maxpoll keyword. If this is not the case, the system issues an error message.
Using the prefer keyword reduces switching back and forth among servers.
If you use the server command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.
Note | To change the configuration of a specific IP address from peer to server or from server to peer, use the no form of the peer or server command to remove the current configuration before you perform the new configuration. If you do not remove the old configuration before performing the new configuration, the new configuration does not overwrite the old configuration. |
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure a router to allow its system clock to be synchronized with the clock of the peer at IP address 209.165.201.1 using NTP:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# server 209.165.201.1 minpoll 8 maxpoll 12
Related Commands
Command | Description |
Defines an authentication key for a trusted Network Time Protocol (NTP) time source. | |
Configures the system clock to synchronize a peer or to be synchronized by a peer. | |
Specifies a particular source address to use in Network Time Protocol (NTP) packets. |
show calendar
To display the system time and date, use the show calendar command in the EXEC .
show calendar
Syntax Description
This command has no keywords or arguments.
Command Default
None
Command Modes
EXEC
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
The time format of the show calendar output depends on the time format set using the clock timezone command.
Task ID
Task ID |
Operations |
---|---|
basic-services |
read |
Examples
The following example shows sample output from the show calendar command:
RP/0/RP0/CPU0:router# show calendar
01:29:28 UTC Thu Apr 01 2004
Related Commands
Command | Description |
Displays the system clock. |
show ntp associations
To display the status of Network Time Protocol (NTP) associations, use the show ntp associations command in privileged EXEC mode.
show ntp associations [detail] [ location node-id ]
Syntax Description
detail |
(Optional) Displays detailed information about each NTP association. |
location node-id |
(Optional) Displays the status of NTP associations from the designated node. The node-id argument is entered in the rack/slot/module notation. |
Command Default
None
Command Modes
EXEC
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
The output was modified to display nondefault VRF instances and to accommodate IPv6 addresses. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Output for the show ntp associations command is displayed only if NTP is configured on the router.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read |
Examples
This example shows sample output from the show ntp associations command:
RP/0/RP0/CPU0:router# show ntp associations
Wed Jul 30 04:03:13.471 PST DST
address ref clock st when poll reach delay offset disp
~172.19.69.1 172.24.114.33 3 25 64 3 2.89 57550122 39377
~2001:db8::feed .INIT. 16 - 64 0 0.00 0.000 15937
~2001:db8::beef vrf vrf_1
.INIT. 16 - 64 0 0.00 0.000 16000
* sys_peer, # selected, + candidate, - outlayer, x falseticker, ~ configured
Field |
Description |
---|---|
* |
Peer has been declared the system peer and lends its variables to the system variables. |
# |
Peer is a survivor, but not among the first six peers sorted by synchronization distance. If the association is ephemeral, it may be demobilized to conserve resources. |
+ |
Peer is a survivor and a candidate for the combining algorithm. |
- |
Peer is discarded by the clustering algorithm as an outlier. |
x |
Peer is discarded by the intersection algorithm as a falseticker. |
~ |
Indicates peer is statically configured. |
address |
IPv4 or IPv6 address of the peer. If a nondefault VRF is configured for the peer, the VRF follows the address. |
ref clock |
Reference clock type or address for the peer. |
st |
Stratum setting for the peer. |
when |
Time since last NTP packet was received from peer, in milliseconds. |
poll |
Polling interval, in seconds. |
reach |
Peer reachability (bit string, in octal). |
delay |
Round-trip delay to peer, in milliseconds. |
offset |
Relative time difference between a peer clock and a local clock, in milliseconds. |
disp |
Dispersion. |
RP/0/RP0/CPU0:router# show ntp associations detail
172.19.69.1 configured, our_master, sane, valid, stratum 2
ref ID 171.68.10.150, time C4143AAE.00FCF396 (18:27:58.003 UTC Tue Mar 30 2004)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 5.23 msec, root disp 4.07, reach 3, sync dist 0.0077
delay 1.9829 msec, offset -3.7899 msec, dispersion 0.0358
precision 2**18, version 4
org time C4143B8D.7EBD5FEF (18:31:41.495 UTC Tue Mar 30 2004)
rcv time C4143B8D.801DFA44 (18:31:41.500 UTC Tue Mar 30 2004)
xmt time C4143B8D.7F595E44 (18:31:41.497 UTC Tue Mar 30 2004)
filtdelay = 2.99 1.98 1.98 1.99 1.99 1.99 2.98 1.98
filtoffset = -3.89 -3.74 -3.78 -3.81 -3.76 -3.73 -4.08 -3.64
filterror = 0.00 0.02 0.03 0.05 0.06 0.08 0.09 0.32
2001:0DB8::FEED vrf xxx configured, candidate, sane, valid, stratum 2
ref ID 64.103.34.14, time CB0C8C66.38285D84 (14:00:22.219 JST Fri Dec 14 2007)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 181.17 msec, root disp 3.19, reach 377, sync dist 0.1463
delay 104.9158 msec, offset -15.4552 msec, dispersion 0.0439
precision 2**16, version 4
org time CB0C8D0A.70282853 (14:03:06.438 JST Fri Dec 14 2007)
rcv time CB0C8D0A.81CA0E2B (14:03:06.506 JST Fri Dec 14 2007)
xmt time CB0C8D0A.66AAB677 (14:03:06.401 JST Fri Dec 14 2007)
filtdelay = 105.90 104.92 104.91 104.91 105.90 105.85 105.90 104.91
filtoffset = -15.92 -15.67 -15.54 -15.59 -15.58 -15.54 -15.41 -14.36
filterror = 0.02 0.03 0.05 0.06 0.08 0.09 0.11 1.05
2001:0DB8::BEEF vrf yyy configured, our_master, sane, valid, stratum 2
ref ID 64.104.193.12, time CB0C8CC1.2C14CED1 (14:01:53.172 JST Fri Dec 14 2007)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 160.83 msec, root disp 4.35, reach 377, sync dist 0.1372
delay 104.9302 msec, offset -14.6327 msec, dispersion 0.0183
precision 2**18, version 4
org time CB0C8CCB.684619D8 (14:02:03.407 JST Fri Dec 14 2007)
rcv time CB0C8CCB.79782B09 (14:02:03.474 JST Fri Dec 14 2007)
xmt time CB0C8CCB.5E9A5429 (14:02:03.369 JST Fri Dec 14 2007)
filtdelay = 104.93 104.93 104.93 104.93 104.93 104.93 104.93 104.93
filtoffset = -14.71 -14.53 -14.78 -14.73 -14.70 -14.52 -14.59 -14.50
filterror = 0.00 0.02 0.03 0.05 0.06 0.08 0.09 0.11
Field |
Descriptions |
---|---|
vrf |
Nondefault VRF, if specified for this peer. |
configured |
Statically configured peer. |
dynamic |
Dynamically discovered peer. |
our_master |
Synchronization of the local machine to this peer. |
sane |
Passing of basic sanity checks by this peer. |
ref ID |
Address of machine to which the peer is synchronized. |
time |
Last time stamp that the peer received from its master. |
our mode |
Mode relative to peer (active/passive/client/server/bdcast/bdcast client). |
peer mode |
Mode of peer relative. |
our poll intvl |
Poll interval to peer. |
peer poll intvl |
Poll interval of interval. |
root delay |
Delay along path to root (ultimate stratum 1 time source). |
root disp |
Dispersion of path to root. |
reach |
Peer reachability (bit string in octal). |
sync dist |
Peer synchronization distance. |
delay |
Round-trip delay to peer. |
offset |
Offset of peer clock relative to this clock. |
dispersion |
Dispersion of peer clock. |
precision |
Precision of peer clock in (Hertz) Hz. |
version |
NTP version number that peer is using. |
org time |
Originate time stamp. |
rcv time |
Receive time stamp. |
xmt time |
Transmit time stamp. |
filtdelay |
Round-trip delay of each sample, in milliseconds. |
filtoffset |
Clock offset of each sample, in milliseconds. |
filterror |
Approximate error of each sample. |
Related Commands
Command | Description |
Displays the status of NTP. |
show ntp status
EXEC
mode.show ntp status [ location node-id ]
Syntax Description
location node-id |
(Optional) Displays the status of NTP from the designated node. The node-id argument is entered in the rack/slot/module notation. |
Command Default
No defaults behavior or values
Command Modes
EXEC
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
The output was modified to display nondefault VRF instances and IPv6 addresses. The loopfilter state, drift, system poll interval, and last update display fields were added to the output. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read |
Examples
This example shows sample output from the show ntp status command:
RP/0/RP0/CPU0:router# show ntp status
Clock is synchronized, stratum 3, reference is 192.168.128.5
nominal freq is 1000.0000 Hz, actual freq is 1000.0021 Hz, precision is 2**24
reference time is CC38EC6A.8FCCA1C4 (10:10:02.561 JST Tue Jul 29 2008)
clock offset is -124.051 msec, root delay is 174.060 msec
root dispersion is 172.37 msec, peer dispersion is 0.10 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.0000021106 s/s
system poll interval is 32, last update was 19 sec ago
Field |
Description |
---|---|
synchronized |
Synchronized system to an NTP peer. |
stratum |
NTP stratum of this system. |
reference |
IPv4 address or first 32 bits of the MD5 hash of the IPv6 address of the peer to which clock is synchronized. |
vrf |
VRF through which the peer routes. |
nominal freq |
Nominal frequency in Hertz (Hz) of the system hardware clock. |
actual freq |
Measured frequency in Hz of the system hardware clock. |
precision |
Precision of the clock of this system in Hz. |
reference time |
Reference time stamp. |
clock offset |
Offset of clock to synchronized peer, in milliseconds. |
root delay |
Total delay along path to root clock, in milliseconds. |
root dispersion |
Dispersion of root path. |
peer dispersion |
Dispersion of synchronized peer. |
loopfilter state |
The state of the clock state machine transition function. |
drift |
Drift of the hardware clock. |
system poll interval |
Poll interval of the peer. |
last update |
Time the router last updated its NTP information. |
Related Commands
Command | Description |
Displays the status of Network Time Protocol associations. |
source (NTP)
To use a particular source address in Network Time Protocol (NTP) packets, use the source command in one of the NTP configuration modes. To remove the source command from the configuration file and restore the system to its default condition, use the no form of this command.
source [ vrf vrf-name ] type interface-path-id
no source
Syntax Description
vrf vrf-name |
(Optional) Applies the source address configuration to the specified nondefault VRF. |
||
type |
(Optional) Interface type. For more information, use the question mark (?) online help function. |
||
interface-path-id |
(Optional) Physical interface or virtual interface.
For more information about the syntax for the router, use the question mark (?) online help function. |
Command Default
The source address is determined by the outgoing interface.
Command Modes
NTP configuration
VRF-specific NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Release 3.8.0 |
Support was added for the vrf vrf-name keyword and argument. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Use the source command to use a particular source IP address for all NTP packets. The address is taken from the named interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword has been configured with the server (NTP) or peer (NTP) command, that value overrides the global value.
Use the source command in a VRF-specific NTP configuration mode or use the vrf vrf-name keyword and argument to configure the source address for a specific nondefault VRF. Otherwise, the configuration is applied to the default VRF.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
This example shows how to configure the router to use the IP address of interface 0/0/0/1 as the source address of all outgoing NTP packets:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# source tengige 0/0/0/1
Related Commands
Command | Description |
Configures the system clock to synchronize a peer or to be synchronized by a peer. | |
Allows the system clock to be synchronized by a time server. |
trusted-key
To designate a Network Time Protocol (NTP) trusted key, use the trusted-key command in NTP configuration mode. To remove the trusted-key command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.
trusted-key key-number
no trusted-key key-number
Syntax Description
key-number |
Authentication key number to be trusted. Range is from 1 to 65535. |
Command Default
No NTP trusted key is designated.
Command Modes
NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
If authentication is enabled, use the trusted-key command to define one or more key numbers (corresponding to the keys defined with the authentication-key [NTP] command) that a NTP system must provide in its NTP packets for this system to synchronize to it. Because the other system must know the correct authentication key, this precaution provides protection against accidentally synchronizing the system to a system that is not trusted.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in its NTP packets:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# authenticate RP/0/RP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1 RP/0/RP0/CPU0:router(config-ntp)# trusted-key 42
Related Commands
Command | Description |
Enables Network Time Protocol (NTP) authentication. | |
Defines an authentication key for a trusted Network Time Protocol (NTP) time source. |
update-calendar
To update the calendar periodically from Network Time Protocol (NTP), use the update-calendar command in NTP configuration mode. To remove the update-calendar command from the configuration file and restore the system to its default condition with respect to the command, use the no form of this command.
update-calendar
no update-calendar
Syntax Description
This command has no keywords or arguments.
Command Default
This command is disabled.
Command Modes
NTP configuration
Command History
Release |
Modification |
---|---|
Release 2.0 |
This command was introduced. |
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes appropriate task IDs. If the user group assignment is preventing you from using a command, contact your AAA administrator for assistance.
Your router has a calendar that is separate from the software clock. This calendar runs continuously, even if the router is powered off or rebooted.
If a router is synchronized to an outside time source through NTP, it is a good idea to update the router’s calendar with the time learned from NTP. Otherwise, the calendar may gradually lose or gain time.
After you configure the update-calendar command, NTP updates the calendar with the software clock every hour.
Task ID
Task ID |
Operations |
---|---|
ip-services |
read, write |
Examples
This example shows how to configure the router to update the calendar periodically from the software clock:
RP/0/RP0/CPU0:router(config)# ntp RP/0/RP0/CPU0:router(config-ntp)# update-calendar
Related Commands
Command | Description |
Manually copies the hardware clock (calendar) settings into the software clock. | |
Copies the software clock settings to the hardware clock (calendar). |