Network Time Protocol Commands

access-group (NTP)

To control access to Network Time Protocol (NTP) services for an IPv4 or IPv6 access list, use the access-group command in one of the NTP configuration modes. To remove the access-group command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.

access-group [vrf vrf-name] [ipv4 | ipv6] {peer | query-only | serve | serve-only} access-list-name

no access-group [vrf vrf-name] [ipv4 | ipv6] {peer | query-only | serve | serve-only}

Syntax Description

vrf vrf-name

(Optional) Applies the access control configuration to a specified nondefault VRF. If not specified, the configuration is applied to the default VRF.

ipv4

(Optional) Specifies an IPv4 access list (default).

ipv6

(Optional) Specifies an IPv6 access list.

peer

Allows time requests and NTP control queries and allows a networking device to synchronize to the remote system.

query-only

Allows only NTP control queries. Cisco IOS XR software uses NTP Version 4, but the RFC for Version 3 (RFC 1305: Network Time Protocol (Version 3)—Specification, Implementation and Analysis) still applies.

serve

Allows time requests and NTP control queries, but does not allow the networking device to synchronize to the remote system.

serve-only

Allows only time requests.

access-list-name

Name of an IPv4 or IPv6 access list.

Command Default

No NTP access control is configured.

Command Modes

NTP configuration

VRF-specific NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

The access group options are scanned in the following order from least restrictive to most restrictive:

  1. peer—Allows time requests and NTP control queries and allows the router to synchronize itself to a system whose address passes the access list criteria.

  2. serve—Allows time requests and NTP control queries, but does not allow the router to synchronize itself to a system whose address passes the access list criteria.

  3. serve-only—Allows only time requests from a system whose address passes the access list criteria.

  4. query-only—Allows only NTP control queries from a system whose address passes the access list criteria.

Access is granted for the first match that is found. If no access groups are specified, all access is granted to all sources. If any access groups are specified, only the specified access is granted. This facility provides minimal security for the time services of the system. However, it can be circumvented by a determined programmer. If tighter security is desired, use the NTP authentication facility.

If you use the access-group command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure the router to allow itself to be synchronized by a peer from an IPv4 access list named access1 and to restrict access to allow only time requests from an IPv4 access list named access2: 


RP/0/RP0/CPU0:router(config-ntp)# access-group peer access1
RP/0/RP0/CPU0:router(config-ntp)# access-group serve-only access2

The following example shows how to configure the router to allow itself to be synchronized by peers from the IPv6 access list named access20 that route through the vrf10 VRF: 


RP/0/RP0/CPU0:router(config-ntp)# access-group vrf vrf10 ipv6 peer access20

Related Commands

Command

Description

ipv4 access-list

Defines an IPv4 access list by name.

ipv6 access-list

Defines an IPv6 access list by name.

vrf

Configures a VRF instance for a routing protocol.

authenticate (NTP)

To enable Network Time Protocol (NTP) authentication, use the authenticate command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.

authenticate

Syntax Description

This command has no keywords or arguments.

Command Default

NTP authentication is enabled by default.

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

This feature is enabled by default to prevent an exploitable condition when passive , broadcast client or multicast client is configured.

If the system has been configured with the broadcast client or multicast client command in NTP configuration mode, and when the system receives an incoming symmetric active NTP packet, or if the system receives a broadcast or multicast mode NTP packet, it can set up an ephemeral peer association in order to synchronize with the sender. The system will then synchronize to the peer when a symmetric active, broadcast, or multicast NTP packet is received and the packet carries one of the authentication keys specified in the trusted-key command.

Even though NTP authentication is enabled by default, it does not force the authentication of peer associations that are created using the server and peer commands in NTP configuration mode. It only enforces authentication when remote systems attempt to create new ephemeral associations.

Use the no authenticate command to allow synchronizing with unauthenticated and unconfigured network peers.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure the system to synchronize only to a system that provides an authentication key 42 in its NTP packets: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# authenticate
RP/0/RP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1 
RP/0/RP0/CPU0:router(config-ntp)# trusted-key 42

authentication-key (NTP)

To define an authentication key for a trusted Network Time Protocol (NTP) time source, use the authentication-key command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.

authentication-key key-number md5 [clear | encrypted] key-name

no authentication-key key-number

Syntax Description

key-number

Authentication key. A number in the range from 1 to 65535.

md5

Provides message authentication support using the Message Digest 5 (MD5) algorithm.

clear

(Optional) Specifies that the key value entered after this keyword is unencrypted.

encrypted

(Optional) Specifies that the key value entered after this keyword is encrypted.

key-name

Key value. The maximum length is 32 characters.

Command Default

No authentication key is defined for NTP.

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the authentication-key command to define authentication keys for use with trusted NTP time sources.


Note

When this command is written to NVRAM, the key is encrypted so that it is not displayed when the configuration is displayed.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in their NTP packets: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# authenticate
RP/0/RP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1
RP/0/RP0/CPU0:router(config-ntp)# trusted-key 42

broadcast

To create a Network Time Protocol (NTP) broadcast server on a specified NTP interface, use the broadcast command in NTP interface configuration mode. To remove the command from the configuration file and restore the system to its default condition, use the no form of this command.

broadcast [destination ip-address] [key key-id] [version number]

no broadcast [destination ip-address] [key key-id] [version number]

Syntax Description

destination ip-address

(Optional) Specifies the host IPv4 address.

key key-id

(Optional) Defines the authentication key, where key-id is the authentication key to use when sending packets to this peer. The key identified by the key-id value is also used for packets received from the peer.

version number

(Optional) Specifies a number from 1 to 4, indicating the NTP version.

Command Default

No NTP broadcast servers are configured.

Command Modes

NTP interface configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the broadcast command to create an NTP broadcast server on an NTP interface to send NTP broadcast packets.

Use the broadcast client command to set a specific interface to receive NTP broadcast packets.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure interface 0/0/0/1 to send NTP packets to destination host IP address 10.0.0.0: 


RP/0/RP0/CPU0:router(config)# ntp 
RP/0/RP0/CPU0:router(config-ntp)# interface tengige 0/0/0/1
RP/0/RP0/CPU0:router(config-ntp-int)# broadcast destination 10.0.0.0

broadcast client

To allow a networking device to receive Network Time Protocol (NTP) broadcast packets on an interface, use the broadcast client command in NTP interface configuration mode. To remove the configuration and restore the system to its default condition, use the no form of this command.

broadcast client

no broadcast client

Syntax Description

This command has no keywords or arguments.

Command Default

No NTP broadcast clients are configured.

Command Modes

NTP interface configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the broadcast client command to configure and create an NTP broadcast client and to associate the client with an interface to receive and handle NTP broadcast packets. If no NTP client has been created for an interface, the received NTP broadcast packets are dropped. Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis.

To prevent synchronization with unauthorized systems, whenever this command is specified, authentication must be enabled using the authenticate (NTP) command or access must be restricted to authorized systems using the access-group (NTP) command. See the documentation of the respective commands for more information.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure interface 0/0/0/1 to send NTP packets: 


RP/0/RP0/CPU0:router(config)# ntp interface tengige 0/0/0/1
RP/0/RP0/CPU0:router(config-ntp-int)# broadcast client

broadcastdelay

To set the estimated round-trip delay between a Network Time Protocol (NTP) client and an NTP broadcast server, use the broadcastdelay command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.

broadcastdelay microseconds

no broadcastdelay microseconds

Syntax Description

microseconds

Estimated round-trip time for NTP broadcasts, in microseconds. The range is from 1 to 999999. The default is 3000.

Command Default

microseconds : 3000

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the broadcastdelay command to change the default round-trip delay time on a networking device that is configured as a broadcast client.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to set the estimated round-trip delay between a networking device and the broadcast client to 5000 microseconds: 


RP/0/RP0/CPU0:router(config-ntp)# broadcastdelay 5000

interface (NTP)

To enter a Network Time Protocol (NTP) interface mode and run NTP interface configuration commands, use the interface command in one of the NTP configuration modes. To remove an NTP interface configuration, use the no form of this command.

interface type interface-path-id [vrf vrf-name] [disable]

no interface type interface-path-id [disable]

Syntax Description

type

Interface type. For more information, use the question mark (? ) online help function.

interface-path-id

Physical interface or virtual interface.

Note

 

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark (? ) online help function.

vrf vrf-name

(Optional) Applies the interface configuration to a specific nondefault VRF.

disable

(Optional) Disables NTP on the specified interface.

Command Default

No NTP interfaces are configured.

Command Modes

NTP configuration mode

VRF-specific NTP configuration mode

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the interface command to place the router in NTP interface configuration mode, from which NTP broadcast and multicast servers and clients can be configured. By default, after the NTP process is started, NTP features become available for all interfaces. To exit NTP interface configuration mode, use the exit command.

If you use the interface command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.

By default, NTP is enabled on every interface. To disable NTP on a specific interface, use the interface command with the disable keyword. To reenable NTP on an interface, use the no form of the interface command with the disable keyword.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to enter NTP configuration mode, specify an NTP interface to be configured, and enter NTP interface configuration mode: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# interface POS 0/1/0/0
RP/0/RP0/CPU0:router(config-ntp-int)#

The following example shows how to enter a VRF-specific NTP interface configuration mode: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# interface TenGiGE 0/1/1/0 vrf vrf_10
RP/0/RP0/CPU0:router(config-ntp-int)#

The following example shows a different way to enter a VRF-specific NTP interface configuration mode: 


RP/0/RP0/CPU0:router(config)# ntp vrf vrf_10 
RP/0/RP0/CPU0:router(config-ntp-vrf)# interface TenGigE 0/1/1/0 
RP/0/RP0/CPU0:router(config-ntp-int)#

master

To configure the router to use its own Network Time Protocol (NTP) master clock to synchronize with peers when an external NTP source becomes unavailable, use the master command in NTP configuration mode. To restore the system to its default condition, use the no form of this command.

master [stratum]

no master [stratum]

Syntax Description

stratum

(Optional) NTP stratum number that the system claims. Range is from 1 to 15. The default is 8.

Command Default

By default, the master clock function is disabled. When the function is enabled, the default stratum is 8.

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

NTP uses the concept of a “stratum” to describe how many NTP “hops” away a machine is from an authoritative time source. A stratum 1 time server has a radio or atomic clock attached directly. A stratum  2 time server receives its time through NTP from a stratum 1 time server, a stratum 3 from a stratum 2, and so on.


Caution

Use the master command with extreme caution. It is easy to override other valid time sources using this command, especially if a low-stratum number is configured. Configuring multiple machines in the same network with the master command can lead to instability in time-keeping if the machines do not agree on the time.

The networking device is normally synchronized, directly or indirectly, with an external system that has a clock. Cisco IOS XR software does not support directly attached radio or atomic clocks. The master command should be used only when there is a temporary disruption in a reliable time service. It should not be employed as an alternative source by itself in the absence of a real-time service.

If the system has the master command configured and it cannot reach any clock that has a lower stratum number, the system claims to be synchronized at the configured stratum number. Other systems synchronize with it through NTP.


Note

The system clock must have been manually set from some source before the master command has an effect. This precaution protects against the distribution of erroneous time after the system is restarted.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure a networking device as an NTP master clock to which peers may synchronize:


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# master 9

master primary-reference-clock

To configure the router to use PTP and external timing sources, such as such as PTP grandmaster, Data over Cable Service Interface Specification (DOCSIS) Timing Interface [DTI] or global positioning system (GPS) clock, as the time-of-day source for NTP and operating system time, use the master primary-reference-clock command in NTP configuration mode. To remove the PTP configuration, use the no form of this command.

master primary-reference-clock

no master primary-reference-clock

Syntax Description

This command has no keywords or arguments.

Command Default

PTP is not used as the time-of-day source for NTP.

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

PTP must be enabled on the router before this command can be used. If PTP is not enabled, you receive an error message similar to the following when you try to commit the configuration: 


RP/0/RP0/CPU0:router(config)# ntp master primary-reference-clock
RP/0/RP0/CPU0:router(config)# commit

% Failed to commit one or more configuration items. Please issue 
'show configuration failed' from this session to view the errors

RP/0/RP0/CPU0:router(config)# show configuration failed
[:::]
ntp
 master primary-reference-clock
!!% 'ip-ntp' detected the 'fatal' condition 'PTP is not supported on this platform'
!
end

To verify that PTP is used as the reference clock, use the show ntp association command. 


RP/0/RP0/CPU0:router# show ntp association   

  address           ref clock        st   when  poll reach  delay  offset  disp
*~127.127.45.1     .PTP.             0    54    64   377    0.00   6.533   1.905

* sys_peer, # selected, + candidate, - outlayer, x falseticker, ~ configured

Task ID

Task ID Operation

ip-services

read, write

Examples

This example shows how to configure PTP as the reference clock for NTP:


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# master primary-reference-clock

max-associations

To set the maximum number of Network Time Protocol (NTP) associations, use the max-associations command in NTP configuration mode. To restore the default setting, use the no form of this command.

max-associations number

no max-associations number

Syntax Description

number

Maximum number of NTP associations. Range is from 0 to 4294967295. The default is 100.

Command Default

The default setting for the maximum number of NTP associations is 100.

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the max-associations command to specify the maximum number of associations for an NTP server.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to set the maximum number of associations to 200:


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# max-associations 200

multicast client

To configure an NTP interface as an NTP multicast client, use the multicast client command in NTP interface configuration mode. To remove the NTP multicast client configuration from an interface, use the no form of this command.

multicast client [ip-address]

no multicast client [ip-address]

Syntax Description

ip-address

IPv4 or IPv6 IP address of the multicast group to join. The default is the IPv4 address 224.0.1.1.

Command Default

The interface is not configured as an NTP multicast client.

Command Modes

NTP interface configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the multicast client command to configure an NTP interface to receive multicast packets that are sent to an IPv4 or IPv6 multicast group IP address. If you do not specify an IP address, the interface is configured to receive multicast packets sent to the IPv4 multicast group address 224.0.1.1. You can configure multiple multicast groups on the same interface.

To prevent synchronization with unauthorized systems, whenever this command is specified, authentication must be enabled using the authenticate (NTP) command or access must be restricted to authorized systems using the access-group (NTP) command. See the documentation of the respective commands for more information.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure the router to receive NTP multicast packets to the multicast group address of 224.0.1.1: 


RP/0/RP0/CPU0:router(config)# ntp interface TenGigE 0/1/1/0
RP/0/RP0/CPU0:router(config-ntp-int)# multicast client

multicast destination

To configure an NTP interface as an NTP multicast server, use the multicast destination command in NTP interface configuration mode. To remove the NTP multicast server configuration from an interface, use the no form of this command.

multicast destination ip-address [key key-id] [ttl ttl] [version number]

no multicast destination ip-address [key key-id] [ttl ttl] [version number]

Syntax Description

ip-address

The IPv4 or IPv6 multicast group IP address to which to send NTP multicast packets.

key key-id  

(Optional) Specifies an authentication key, where the value of the key-id argument is the authentication key to use when sending multicast packets to the specified multicast group.

ttl ttl

(Optional) Specifies the time to live (TTL) of a multicast packet.

version number

(Optional) Specifies the NTP version number.

Command Default

The interface is not configured as an NTP multicast server.

Command Modes

NTP interface configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure the router to send NTP multicast packets to the multicast group address of 224.0.1.1: 


RP/0/RP0/CPU0:router(config)# ntp interface TenGigE 0/1/1/0
RP/0/RP0/CPU0:router(config-ntp-int)# multicast destination 224.0.1.1

ntp

To enter Network Time Protocol (NTP) configuration mode and run NTP configuration commands, use the ntp command in

global

configuration mode.

ntp [vrf vrf-name]

Syntax Description

vrf vrf-name

(Optional) Enters a VRF-specific NTP configuration mode.

Command Default

No defaults behavior or values

Command Modes

Global configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

NTP configuration commands can also be run from global configuration mode by preceding the command string with the ntp keyword. From NTP configuration mode, the following NTP configuration commands are available: 


RP/0/RP0/CPU0:router(config-ntp)# ?
  
    access-group        Control NTP access
    authenticate        Authenticate time sources
    authentication-key  Authentication key for trusted time sources
    broadcastdelay      Estimated round-trip delay
    commit              Commit the configuration changes to running
    default             Set a command to its defaults
    describe            Describe a command without taking real actions
    do                  Run an exec command
    exit                Exit from this submode
    interface           Configure NTP on an interface
    master              Act as NTP master clock
    max-associations    Set maximum number of associations
    no                  Negate a command or set its defaults
    peer                Configure NTP peer
    port                Enable NTP port
    server              Configure NTP server
    show                Show contents of configuration
    source              Configure interface for source address
    trusted-key         Key numbers for trusted time sources
    update-calendar     Periodically update calendar with NTP time

Use the ntp command with the vrf vrf-name keyword and argument to enter an NTP configuration mode specific to the specified VRF.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to enter NTP configuration mode: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)#

The following example shows how to enter an NTP configuration mode for a VRF called VRF1: 


RP/0/RP0/CPU0:router(config)# ntp vrf vrf1               
RP/0/RP0/CPU0:router(config-ntp-vrf)#

ntp clear

To clear all Network Time Protocol (NTP) peers or a specific NTP peer, use the ntp clear command in EXEC

mode.

ntp clear {peer | all | vrf vrf-name ip-address}

Syntax Description

peer

IPv4 address or hostname of the NTP peer to be cleared.

all

Clears all NTP peers.

vrf vrf-name

Clears a peer on the specified nondefault VRF.

ip-address

IPv4 or IPv6 IP address of the peer.

Command Default

No defaults behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to clear all NTP peers: 


RP/0/RP0/CPU0:router# ntp clear all

ntp reset drift

To reset the NTP drift and loopfilter state, use the ntp reset drift command in

EXEC

mode.

ntp reset drift

Syntax Description

This command has no keywords or arguments.

Command Default

No defaults behavior or values

Command Modes

EXEC

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the ntp reset drift command to set the loopfilter state to NSET (never set) and reset the drift. Resetting the loopfilter state and drift enables the router to relearn the frequency of the NTP server clock. This is necessary if there is a synchronization error caused by a large frequency error. This can arise, for example, if the router switches from synchronizing with one NTP server to synchronizing with another NTP server with a different frequency.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to reset the NTP drift and loopfilter state: 


RP/0/RP0/CPU0:router# ntp reset drift              

Thu Nov 13 11:21:04.381 JST

The following example shows NTP status before and after resetting NTP drift and loopfilter state: 


RP/0/RP0/CPU0:router# show ntp status 

Thu Nov 13 11:20:53.122 JST 

Clock is synchronized, stratum 3, reference is 192.168.128.5
nominal freq is 1000.0000 Hz, actual freq is 1000.2787 Hz, precision is 2**24
reference time is CCC60CBE.9F836478 (11:17:34.623 JST Thu Nov 13 2008)
clock offset is -3.172 msec, root delay is 189.289 msec
root dispersion is 70.03 msec, peer dispersion is 0.11 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.0002785891 s/s
system poll interval is 128, last update was 199 sec ago

RP/0/RP0/CPU0:router# ntp reset drift
Thu Nov 13 11:21:04.381 JST 

RP/0/RP0/CPU0:router# show ntp status
Thu Nov 13 11:21:10.595 JST 

Clock is unsynchronized, stratum 16, no reference clock
nominal freq is 1000.0000 Hz, actual freq is 1000.0000 Hz, precision is 2**24
reference time is CCC60CBE.9F836478 (11:17:34.623 JST Thu Nov 13 2008)
clock offset is -3.172 msec, root delay is 0.000 msec
root dispersion is 0.09 msec, peer dispersion is 0.00 msec
loopfilter state is 'NSET' (Never set), drift is 0.0000000000 s/s
system poll interval is 64, last update was 216 sec ago

peer (NTP)

To configure the system clock to synchronize a peer or to be synchronized by a peer, use the peer command in one of the NTP configuration modes. To remove the peer command from the configuration file and restore the system to its default condition with respect to the command, use the no form of this command.

peer [vrf vrf-name] [ipv4 | ipv6] ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer] [burst] [iburst]

no peer [vrf vrf-name] [ipv4 | ipv6] ip-address

Syntax Description

vrf vrf-name

(Optional) Applies the peer configuration to the specified nondefault VRF.

ipv4

(Optional) Specifies an IPv4 IP address.

ipv6

(Optional) Specifies an IPv6 IP address.

ip-address

IPv4 or IPv6 address of the peer providing or being provided with the clock synchronization.

version number

(Optional) Defines the Network Time Protocol (NTP) version number, where the number argument is a value from 1 to 4. The default is 4.

key key-id

(Optional) Defines the authentication key, where the key-id argument is the authentication key to use when packets are sent to this peer. The authentication key is also used for packets received from the peer. By default, no authentication key is used.

minpoll interval

(Optional) Defines the shortest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 6.

maxpoll interval

(Optional) Defines the longest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 10.

source

(Optional) IP source address. The default is the outgoing interface.

type

(Optional) Interface type. For more information, use the question mark (? ) online help function.

interface-path-id

(Optional) Physical interface or virtual interface.

Note

 

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark (? ) online help function.

prefer

(Optional) Makes this peer the preferred peer that provides synchronization.

burst

(Optional) Sends a series of packets instead of a single packet within each synchronization interval to achieve faster synchronization.

iburst

(Optional) Sends a series of packets instead of a single packet within the initial synchronization interval to achieve faster initial synchronization.

Command Default

No peers are configured by default.

Command Modes

NTP configuration

VRF-specific NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the peer command to allow this machine to synchronize with the peer, or conversely.


Caution

Although using the prefer keyword can help reduce the switching among peers, you should avoid using the keyword because it interferes with the source selection mechanism of NTP and can result in a degradation in performance.

The value for the minpoll keyword must be less than or equal to the value for the maxpoll keyword. If this is not the case, the system issues an error message.

To provide peer-level service (as opposed to client/server-level service), it may be necessary to explicitly specify the NTP version for the peer if it is not version 4.

If you use the peer command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.


Note

To change the configuration of a specific IP address from peer to server or from server to peer, use the no form of the peer or server command to remove the current configuration before you perform the new configuration. If you do not remove the old configuration before performing the new configuration, the new configuration does not overwrite the old configuration.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure a networking device to allow its system clock to be synchronized with the clock of the peer (or conversely) at IP address 10.0.0.0 using NTP. The source IP address is the address of interface 0/0/0/1. 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# peer 10.0.0.0 minpoll 8 maxpoll 12 source tengige 0/0/0/1

server (NTP)

To allow the system clock to be synchronized by a time server, use the server command in one of the NTP configuration modes. To remove the server command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.

server [vrf vrf-name] [ipv4 | ipv6] ip-address [version number] [key key-id] [minpoll interval] [maxpoll interval] [source type interface-path-id] [prefer] [burst] [iburst]

no server [vrf vrf-name] [ipv4 | ipv6] ip-address

Syntax Description

vrf vrf-name

(Optional) Applies the server configuration to the specified nondefault VRF.

ipv4

(Optional) Specifies an IPv4 IP address.

ipv6

(Optional) Specifies an IPv6 IP address.

ip-address

IPv4 or IPv6 address of the time server providing the clock synchronization.

version number

(Optional) Defines the Network Time Protocol (NTP) version number, where the number argument is a value from 1 to 4. The default is 4.

key key-id

(Optional) Defines the authentication key, where the key-id argument is the authentication key to use when packets are sent to this peer. By default, no authentication key is used.

minpoll interval

(Optional) Defines the shortest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 6.

maxpoll interval

(Optional) Defines the longest polling interval, where the interval argument is specified in powers of two seconds. Range is from 4 to 17. The default value is 10.

source

(Optional) Specifies the IP source address. The default is the outgoing interface.

type

(Optional) Interface type. For more information, use the question mark ( ? ) online help function.

interface-path-id

(Optional) Physical interface or virtual interface.

Note

 

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark (? ) online help function.

prefer

(Optional) Makes this peer the preferred server that provides synchronization.

burst

(Optional) Sends a series of packets instead of a single packet within each synchronization interval to achieve faster synchronization.

iburst

(Optional) Sends a series of packets instead of a single packet within the initial synchronization interval to achieve faster initial synchronization.

Command Default

No servers are configured by default.

Command Modes

NTP configuration

VRF-specific NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

The value for the minpoll keyword must be less than or equal to the value for the maxpoll keyword. If this is not the case, the system issues an error message.

Using the prefer keyword reduces switching back and forth among servers.

If you use the server command in a VRF-specific NTP configuration mode, the command is applied to the specific VRF. If you are not in a VRF-specific NTP configuration mode, the command is applied to the default VRF unless you use the vrf vrf-name keyword and argument to specify a VRF.


Note

To change the configuration of a specific IP address from peer to server or from server to peer, use the no form of the peer or server command to remove the current configuration before you perform the new configuration. If you do not remove the old configuration before performing the new configuration, the new configuration does not overwrite the old configuration.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure a router to allow its system clock to be synchronized with the clock of the peer at IP address 209.165.201.1 using NTP: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# server 209.165.201.1 minpoll 8 maxpoll 12

show calendar

To display the system time and date, use the show calendar command in the EXEC mode.

show calendar

Syntax Description

This command has no keywords or arguments.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

The time format of the show calendar output depends on the time format set using the clock timezone command.

Task ID

Task ID

Operations

basic-services

read

Examples

The following example shows sample output from the show calendar command: 


RP/0/RP0/CPU0:router# show calendar
  
01:29:28 UTC Thu Apr 01 2004

show ntp associations

To display the status of Network Time Protocol (NTP) associations, use the show ntp associations command in privileged EXEC mode.

show ntp associations [detail] [location node-id]

Syntax Description

detail

(Optional) Displays detailed information about each NTP association.

location node-id

(Optional) Displays the status of NTP associations from the designated node. The node-id argument is entered in the rack/ slot notation.

Command Default

None

Command Modes

EXEC

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Output for the show ntp associations command is displayed only if NTP is configured on the router.

Task ID

Task ID

Operations

ip-services

read

Examples

This example shows sample output from the show ntp associations command: 


RP/0/RP0/CPU0:router# show ntp associations
  
Wed Jul 30 04:03:13.471 PST DST
  
     address         ref clock     st  when  poll reach  delay  offset    disp
~172.19.69.1      172.24.114.33     3    25    64    3    2.89  57550122  39377
~2001:db8::feed   .INIT.           16     -    64    0    0.00   0.000   15937
~2001:db8::beef vrf vrf_1
                  .INIT.           16     -    64    0    0.00   0.000   16000
* sys_peer, # selected, + candidate, - outlayer, x falseticker, ~ configured
Table 1. show ntp associations Field Descriptions

Field

Description

Peer has been declared the system peer and lends its variables to the system variables.

#

Peer is a survivor, but not among the first six peers sorted by synchronization distance. If the association is ephemeral, it may be demobilized to conserve resources.

+

Peer is a survivor and a candidate for the combining algorithm.

-

Peer is discarded by the clustering algorithm as an outlier.

x

Peer is discarded by the intersection algorithm as a falseticker.

~

Indicates peer is statically configured.

address

IPv4 or IPv6 address of the peer. If a nondefault VRF is configured for the peer, the VRF follows the address.

ref clock

Reference clock type or address for the peer.

st

Stratum setting for the peer.

when

Time since last NTP packet was received from peer, in milliseconds.

poll

Polling interval, in seconds.

reach

Peer reachability (bit string, in octal).

delay

Round-trip delay to peer, in milliseconds.

offset

Relative time difference between a peer clock and a local clock, in milliseconds.

disp

Dispersion.

This example shows sample output from the show ntp associations command with the detail keyword: 

RP/0/RP0/CPU0:router# show ntp associations detail
  
172.19.69.1 configured, our_master, sane, valid, stratum 2
ref ID 171.68.10.150, time C4143AAE.00FCF396 (18:27:58.003 UTC Tue Mar 30 2004)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 5.23 msec, root disp 4.07, reach 3, sync dist 0.0077
delay 1.9829 msec, offset -3.7899 msec, dispersion 0.0358
precision 2**18, version 4
org time C4143B8D.7EBD5FEF (18:31:41.495 UTC Tue Mar 30 2004)
rcv time C4143B8D.801DFA44 (18:31:41.500 UTC Tue Mar 30 2004)
xmt time C4143B8D.7F595E44 (18:31:41.497 UTC Tue Mar 30 2004)
filtdelay =     2.99    1.98    1.98    1.99    1.99    1.99    2.98    1.98
filtoffset =   -3.89   -3.74   -3.78   -3.81   -3.76   -3.73   -4.08   -3.64
filterror =     0.00    0.02    0.03    0.05    0.06    0.08    0.09    0.32
  
2001:0DB8::FEED vrf xxx configured, candidate, sane, valid, stratum 2
ref ID 64.103.34.14, time CB0C8C66.38285D84 (14:00:22.219 JST Fri Dec 14 2007)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 181.17 msec, root disp 3.19, reach 377, sync dist 0.1463
delay 104.9158 msec, offset -15.4552 msec, dispersion 0.0439
precision 2**16, version 4
org time CB0C8D0A.70282853 (14:03:06.438 JST Fri Dec 14 2007)
rcv time CB0C8D0A.81CA0E2B (14:03:06.506 JST Fri Dec 14 2007)
xmt time CB0C8D0A.66AAB677 (14:03:06.401 JST Fri Dec 14 2007)
filtdelay =   105.90  104.92  104.91  104.91  105.90  105.85  105.90  104.91
filtoffset =  -15.92  -15.67  -15.54  -15.59  -15.58  -15.54  -15.41  -14.36
filterror =     0.02    0.03    0.05    0.06    0.08    0.09    0.11    1.05
  
2001:0DB8::BEEF vrf yyy configured, our_master, sane, valid, stratum 2
ref ID 64.104.193.12, time CB0C8CC1.2C14CED1 (14:01:53.172 JST Fri Dec 14 2007)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 160.83 msec, root disp 4.35, reach 377, sync dist 0.1372
delay 104.9302 msec, offset -14.6327 msec, dispersion 0.0183
precision 2**18, version 4
org time CB0C8CCB.684619D8 (14:02:03.407 JST Fri Dec 14 2007)
rcv time CB0C8CCB.79782B09 (14:02:03.474 JST Fri Dec 14 2007)
xmt time CB0C8CCB.5E9A5429 (14:02:03.369 JST Fri Dec 14 2007)
filtdelay =   104.93  104.93  104.93  104.93  104.93  104.93  104.93  104.93
filtoffset =  -14.71  -14.53  -14.78  -14.73  -14.70  -14.52  -14.59  -14.50
filterror =     0.00    0.02    0.03    0.05    0.06    0.08    0.09    0.11
Table 2. show ntp associations detail Field Descriptions

Field

Descriptions

vrf

Nondefault VRF, if specified for this peer.

configured

Statically configured peer.

dynamic

Dynamically discovered peer.

our_master

Synchronization of the local machine to this peer.

sane

Passing of basic sanity checks by this peer.

ref ID

Address of machine to which the peer is synchronized.

time

Last time stamp that the peer received from its master.

our mode

Mode relative to peer (active/passive/client/server/bdcast/bdcast client).

peer mode

Mode of peer relative.

our poll intvl

Poll interval to peer.

peer poll intvl

Poll interval of interval.

root delay

Delay along path to root (ultimate stratum 1 time source).

root disp

Dispersion of path to root.

reach

Peer reachability (bit string in octal).

sync dist

Peer synchronization distance.

delay

Round-trip delay to peer.

offset

Offset of peer clock relative to this clock.

dispersion

Dispersion of peer clock.

precision

Precision of peer clock in (Hertz) Hz.

version

NTP version number that peer is using.

org time

Originate time stamp.

rcv time

Receive time stamp.

xmt time

Transmit time stamp.

filtdelay

Round-trip delay of each sample, in milliseconds.

filtoffset

Clock offset of each sample, in milliseconds.

filterror

Approximate error of each sample.

show ntp status

To display the status of Network Time Protocol (NTP), use the show ntp status command in XR EXEC mode.

show ntp status [ location node-id ]

Syntax Description

location node-id

(Optional) Displays the status of NTP from the designated node. The node-id argument is entered in the rack/ slot notation.

Command Default

None

Command Modes

XR EXEC mode

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

No specific guidelines impact the use of this command.

Task ID

Task ID

Operations

ip-services

read

Examples

This example shows sample output from the show ntp status command: 


Router# show ntp status  

Clock is synchronized, stratum 3, reference is 192.168.128.5
nominal freq is 1000.0000 Hz, actual freq is 1000.0021 Hz, precision is 2**24
reference time is CC38EC6A.8FCCA1C4 (10:10:02.561 JST Tue Jul 29 2008)
clock offset is -124.051 msec, root delay is 174.060 msec
root dispersion is 172.37 msec, peer dispersion is 0.10 msec
loopfilter state is 'CTRL' (Normal Controlled Loop), drift is -0.0000021106 s/s
system poll interval is 32, last update was 19 sec ago
Table 3. show ntp status Field Descriptions

Field

Description

synchronized

Synchronized system to an NTP peer.

stratum

NTP stratum of this system.

reference

IPv4 address or first 32 bits of the MD5 hash of the IPv6 address of the peer to which clock is synchronized.

nominal freq

Nominal frequency in Hertz (Hz) of the system hardware clock.

actual freq

Measured frequency in Hz of the system hardware clock.

precision

Precision of the clock of this system in Hz.

reference time

Reference time stamp.

clock offset

Offset of clock to synchronized peer, in milliseconds.

root delay

Total delay along path to root clock, in milliseconds.

root dispersion

Dispersion of root path.

peer dispersion

Dispersion of synchronized peer.

loopfilter state

The state of the clock state machine transition function.

drift

Drift of the hardware clock.

system poll interval

Poll interval of the peer.

last update

Time the router last updated its NTP information.

source (NTP)

To use a particular source address in Network Time Protocol (NTP) packets, use the source command in one of the NTP configuration modes. To remove the source command from the configuration file and restore the system to its default condition, use the no form of this command.

source [vrf vrf-name] type interface-path-id

no source

Syntax Description

vrf vrf-name

(Optional) Applies the source address configuration to the specified nondefault VRF.

type

(Optional) Interface type. For more information, use the question mark (?) online help function.

interface-path-id

(Optional) Physical interface or virtual interface.

Note

 

Use the show interfaces command to see a list of all interfaces currently configured on the router.

For more information about the syntax for the router, use the question mark (? ) online help function.

Command Default

The source address is determined by the outgoing interface.

Command Modes

NTP configuration

VRF-specific NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Use the source command to use a particular source IP address for all NTP packets. The address is taken from the named interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword has been configured with the server (NTP) or peer (NTP) command, that value overrides the global value.

Use the source command in a VRF-specific NTP configuration mode or use the vrf vrf-name keyword and argument to configure the source address for a specific nondefault VRF. Otherwise, the configuration is applied to the default VRF.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This example shows how to configure the router to use the IP address of interface 0/0/0/1 as the source address of all outgoing NTP packets: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# source tengige 0/0/0/1

trusted-key

To designate a Network Time Protocol (NTP) trusted key, use the trusted-key command in NTP configuration mode. To remove the trusted-key command from the configuration file and restore the system to its default condition with respect to this command, use the no form of this command.

trusted-key key-number

no trusted-key key-number

Syntax Description

key-number

Authentication key number to be trusted. Range is from 1 to 65535.

Command Default

No NTP trusted key is designated.

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

If authentication is enabled, use the trusted-key command to define one or more key numbers (corresponding to the keys defined with the authentication-key [NTP] command) that a NTP system must provide in its NTP packets for this system to synchronize to it. Because the other system must know the correct authentication key, this precaution provides protection against accidentally synchronizing the system to a system that is not trusted.

Task ID

Task ID

Operations

ip-services

read, write

Examples

The following example shows how to configure the system to synchronize only to systems providing authentication key 42 in its NTP packets: 


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# authenticate
RP/0/RP0/CPU0:router(config-ntp)# authentication-key 42 md5 clear key1
RP/0/RP0/CPU0:router(config-ntp)# trusted-key 42

update-calendar

To update the calendar periodically from Network Time Protocol (NTP), use the update-calendar command in NTP configuration mode. To remove the update-calendar command from the configuration file and restore the system to its default condition with respect to the command, use the no form of this command.

update-calendar

no update-calendar

Syntax Description

This command has no keywords or arguments.

Command Default

This command is disabled.

Command Modes

NTP configuration

Command History

Release

Modification

Release 7.0.12

This command was introduced.

Usage Guidelines

Your router has a calendar that is separate from the software clock. This calendar runs continuously, even if the router is powered off or rebooted.

If a router is synchronized to an outside time source through NTP, it is a good idea to update the router’s calendar with the time learned from NTP. Otherwise, the calendar may gradually lose or gain time.

After you configure the update-calendar command, NTP updates the calendar with the software clock every hour.

Task ID

Task ID

Operations

ip-services

read, write

Examples

This example shows how to configure the router to update the calendar periodically from the software clock:


RP/0/RP0/CPU0:router(config)# ntp
RP/0/RP0/CPU0:router(config-ntp)# update-calendar