Network Time Protocol
This chapter is a reference for Network Time Protocol (NTP) commands.
NTP synchronizes clocks between computer systems over packet-switched networks. NTP can synchronize all participating computers to within a few milliseconds of Coordinated Universal Time (UTC).
NTP uses a hierarchical, layered system of time sources. Each level of this hierarchy is called a “stratum” and is assigned a number starting with zero at the top. The number represents the distance from the reference clock and is used to prevent cyclical dependencies in the hierarchy.
Note: The default time-to-live value for the unicast packets is 64.
This chapter contains these commands:
clear ntp statistics
Use this command to reset NTP statistics.
Command Syntax
clear ntp statistics (all-peers | io | local | memory)
Parameters
all-peers
Counters associated with all peers
io
Counters maintained in the input-output module
local
Counters maintained in the local protocol module
memory
Counters related to memory allocation
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#clear ntp statistics all-peers
debug ntp
Use this command to display NTP debugging messages.
Use the no form of this command to stop displaying NTP debugging messages.
Command Syntax
debug ntp
no debug ntp
Parameters
None
Command Mode
Exec mode and Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#debug ntp
(config)#no debug ntp
feature ntp
Use this command to enable to NTP feature.
Use the no form of this command to disable NTP feature and delete all the NTP related configurations.
Command Syntax
feature ntp (vrf management|)
no feature ntp (vrf management|)
Parameters
management
Virtual Routing and Forwarding name
Default
By default, feature ntp is enabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#feature ntp vrf management
(config)#no feature ntp vrf management
ntp acl
Use this command to allow paticular client to communicate with NTP server.
Use the no form of this command to remove the particular client from NTP server.
Note: ntp discard option and limited rate flag are required for sending the KOD packet.
Command Syntax
ntp allow (A.B.C.D | X:X::X:X) (mask (A.B.C.D| <1-128>)|)
({nopeer|noserve|noquery|nomodify|kod|limited|notrap}|) (vrf management|)
no ntp allow (A.B.C.D | X:X::X:X) (mask (A.B.C.D| <1-128>)|)
({nopeer|noserve|noquery|nomodify|kod|limited|notrap}|) (vrf management|)
Parameters
A.B.C.D
IPV4 address of the client
X:X::X:X
IPV6 address of the client
A.B.C.D
Mask for the IPv4 address
1-128
Mask for the IPv6 address
nopeer
Prevent the client from establishing a peer association
noserve
Prevent the client from performing time queries
noquery
Prevent the client from performing NTPq and NTPdc queries, but not time queries
nomodify
Restrict the client from making any changes to the NTP configurations
kod
Send a kiss-of-death packet if the client limit has exceeded
limited
Deny time service if the packet violates the rate limits established by the discard command
notrap
Prevent the client from configuring control message traps
vrf
Virtual Router and Forwarding
management
Virtual Routing and Forwarding name
Default
By default, only local host is permitted.
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 4.1.
Example
#configure terminal
(config)#ntp allow 1.1.1.1 mask 255.255.255.0 nopeer kod notrap noserve vrf management
ntp authenticate
Use this command to enable NTP authentication.
Use the no form of this command to disable authentication.
Command Syntax
ntp authenticate (vrf management|)
no ntp authenticate (vrf management|)
Parameters
management
Virtual Routing and Forwarding name
Default
By default, ntp authenticate is disabled
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#ntp authenticate vrf management
ntp authentication-key
Use this command to set an NTP Message Digest Algorithm 5 (MD5) authentication key.
Use the no form of this command to delete an authentication key.
Command Syntax
ntp authentication-key <1-65534> md5 WORD (vrf management|)
ntp authentication-key <1-65534> md5 WORD 7 (vrf management|)
no ntp authentication-key <1-65534> md5 WORD (vrf management|)
Parameters
<1-65534>
Authentication key number
WORD
MD5 string (maximum 8 characters)
7
Encrypt using weak algorithm
management
Virtual Routing and Forwarding name
Default
No default value is specified
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#ntp authentication-key 535 md5 J@u-b;l2 vrf management
ntp enable
Use this command to enable NTP feature and start the NTP service.
Use the no form of this command to stop the NTP service.
Command Syntax
ntp enable (vrf management|)
no ntp enable (vrf management|)
Parameters
management
Virtual Routing and Forwarding name
Default
By default, ntp is enabled.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#ntp enable vrf management
ntp discard
Use this command to enable rate limiting access to the NTP service running on a system.
Use the no form of this command to disable rate limiting access to the NTP service running on a system.
This NTP discard option and limited rate flag are required for sending the KOD packet. KOD (Kiss of Death) packets have the leap bits set unsynchronized and stratum set to zero and the reference identifier field set to a four-byte ASCII code. If the noserve or notrust flag of the matching restrict list entry is set, the code is "DENY"; if the limited flag is set and the rate limit is exceeded, the code is "RATE".
Command Syntax
ntp discard minimum <1-65535> (vrf management|)
no ntp discard minimum (vrf management|)
Parameters
minimum
Specify the minimum interpacket spacing <default 2>
<0-65535>
Minimum value
Default
By default, the minimum value is 2.
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 4.2.
Example
#configure terminal
(config)#ntp discard minimum 50 vrf management
ntp logging
Use this command to log NTP events.
Use the no form of this command to disable NTP logging.
Command Syntax
ntp logging (vrf management|)
no ntp logging (vrf management|)
Parameters
management
Virtual Routing and Forwarding name
Default
By default, ntp logging message is disabled
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#ntp logging vrf management
ntp master
Use this command to run a device as an NTP server.
Use the no command to disable the NTP server.
Command Syntax
ntp master (vrf management|)
no ntp master (vrf management|)
Parameters
vrf
Virtual Router and Forwarding
management
Virtual Routing and Forwarding name
Default
By default, NTP master is disabled
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 4.1.
Example
#configure terminal
(config)#ntp master vrf management
ntp master stratum
Use this command to set stratum value for NTP server.
Use the no command to remove stratum value.
The NTP Stratum model is a representation of the hierarchy of time servers in an NTP network, where the Stratum level (0-15) indicates the device's distance to the reference clock.
Command Syntax
ntp master stratum <1-15> (vrf management|)
no ntp master stratum (vrf management|)
Parameters
<1-15>
Stratum value for NTP server
vrf
Virtual Router and Forwarding
management
Virtual Routing and Forwarding name
Default
By default, NTP startum value is 16.
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 4.1.
Example
#configure terminal
(config)#ntp master stratum 2 vrf management
ntp peer
Use this command to configure a peer association. In a peer association, this system can synchronize with the other system or the other system can synchronize with this system.
Use the no command to remove a peer association.
Command Syntax
ntp peer (A.B.C.D | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
ntp peer (A.B.C.D | X:X::X:X | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
no ntp peer (A.B.C.D | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
no ntp peer (A.B.C.D | HOSTNAME) ({prefer|key|minpoll|maxpoll}|) (vrf management|)
no ntp peer (A.B.C.D | X:X::X:X | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
no ntp peer (A.B.C.D | X:X::X:X | HOSTNAME) ({prefer|key|minpoll|maxpoll}|) (vrf management|)
Parameters
A.B.C.D
IPv4 address of peer
HOSTNAME
Host name of peer
X:X::X:X
IPv6 address of peer
prefer
Prefer this peer; preferred peer responses are discarded only if they vary dramatically from other time sources
key
Peer authentication key
<1-65534>
Peer authentication key value
minpoll
Minimum poll interval
<4-16>
Minimum poll interval value in seconds raised to a power of 2 (default 4 = 16 seconds)
maxpoll
Maximum poll interval
<4-16>
Maximum poll interval value in seconds raised to a power of 2 (default 6 = 64 seconds)
management
Virtual Routing and Forwarding name
Default
By default, value of minpoll is 4 and maxpoll is 6.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#ntp peer 10.10.0.23 vrf management
(config)#ntp peer 10.10.0.23 prefer key 12345 vrf management
(config)#no ntp peer 10.10.0.23 vrf management
ntp request-key
Use this command to define NTP request-key which is used by the NTPDC utility program. NTP client should be able to modify NTP server configuration by using this request-key. Request key must be a trusted key.
Use no form of this command to remove a request key.
Command Syntax
ntp request-key <1-65534> (vrf management|)
no ntp request-key <1-65534> (vrf management|)
Parameter
<1-65534>
Request key number
vrf management
Virtual Routing and Forwarding name
Default
No default value
Command Mode
Configure mode
Applicability
This command is introduced in OcNOS version 5.1 MR.
Example
#configure terminal
(config)#ntp request-key 123 vrf management
ntp server
Use this command to configure an NTP server so that this system synchronizes with the server, but not vice versa.
Use the no option with this command to remove an NTP server.
Command Syntax
ntp server (A.B.C.D | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
ntp server (A.B.C.D | X:X::X:X | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
no ntp server (A.B.C.D | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
no ntp server (A.B.C.D | HOSTNAME) ({prefer|key|minpoll|maxpoll}|) (vrf management|)
no ntp server (A.B.C.D | X:X::X:X | HOSTNAME) ({prefer|key <1-65534>|minpoll <4-16>|maxpoll <4-16>}|) (vrf management|)
no ntp server (A.B.C.D | HOSTNAME) ({prefer|key|minpoll|maxpoll}|) (vrf management|)
Parameters
A.B.C.D
IPv4 address of the server
HOSTNAME
Host name of the server
X:X::X:X
IPv6 address of the server
prefer
Prefer this server; preferred server responses are discarded only if they vary dramatically from other time sources
key
Server authentication key
<1-65534>
Server authentication key
minpoll
Minimum poll interval
<4-16>
Minimum poll interval value in seconds raised to a power of 2 (default 4 = 16 seconds)
maxpoll
Maximum poll interval
<4-16>
Maximum poll interval value in seconds raised to a power of 2 (default 6 = 64 seconds)
management
Virtual Routing and Forwarding name
Default
By default, minpoll is 4 and maxpoll is 6.
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Examples
#configure terminal
(config)#ntp server 10.10.0.23 vrf management
(config)#ntp server 10.10.0.23 prefer key 12345 vrf management
(config)#no ntp server 10.10.0.23 vrf management
ntp sync-retry
Use this command to retry NTP synchronization with configured servers.
Command Syntax
ntp sync-retry (vrf management|)
Parameters
management
Virtual Routing and Forwarding name
Default
No default value is specified
Command Mode
Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#ntp sync-retry vrf management
ntp trusted-key
Use this command to define a “trusted” authentication key. If a key is trusted, the device will synchronize with a system that specifies this key in its NTP packets.
Use the no option with this command to remove a trusted key.
Command Syntax
ntp trusted-key <1-65534> (vrf management|)
no ntp trusted-key <1-65534> (vrf management|)
Parameter
<1-65534>
Authentication key number
management
Virtual Routing and Forwarding name
Default
By default, ntp trusted key is disabled
Command Mode
Configure mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#configure terminal
(config)#ntp trusted-key 234676 vrf management
show ntp authentication-keys
Use this command to display authentication keys.
Command Syntax
show ntp authentication-keys
Parameters
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#sh ntp authentication-keys
--------------------------
Auth Key MD5 String
--------------------------
123 0xa2cb891442844220
#
Table 14-23 explains the output fields.
Table 14-23: show ntp authentication-key fields
Entry | Description |
---|
Auth key | Authentication key (password). Use the password to verify the authenticity of packets sent from this interface or peer interface. |
MD5 String | One or more MD5 key strings. The MD5 key values can be from 1 through 16 characters long. You can specify more than one key value within the list. |
show ntp authentication-status
Use this command to display whether authentication is enabled or disabled.
Command Syntax
show ntp authentication-status
Parameters
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show ntp authentication-status
Authentication enabled
show ntp logging-status
Use this command to display the NTP logging status.
Command Syntax
show ntp logging-status
Parameters
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show ntp logging-status
NTP logging enabled
show ntp peer-status
Use this command to display the peers for which the server is maintaining state along with a summary of that state.
Command Syntax
show ntp peer-status
Parameters
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#sh ntp peer-status
Total peers : 1
* - selected for sync, + - peer mode(active),
- - peer mode(passive), = - polled in client mode,
x - source false ticker
remote refid st t when poll reach delay offset jitter
==============================================================================
*216.239.35.4 .GOOG. 1 u 24 64 377 38.485 0.149 0.053
#
Table 14-24 explains the output fields.
Table 14-24: show ntp peer-status fields
Entry | Description |
---|
Total peers | Number of servers and peers configured. |
* - selected for sync, + - peer mode (active), - - peer mode (passive), = - polled in client mode x - source false ticker | Fate of this peer in the clock selection process. |
Remote | Address of the remote peer. |
refid | Reference ID (0.0.0.0 for an unknown reference ID). |
st | The stratum of the remote peer (a stratum of 16 indicated remote peer is unsynchronized). |
t | Type of peer (local, unicast, multicast and broadcast). |
when | Time the last packet was received. |
poll | The polling interval (seconds). |
reach | The reachability register (octal). |
delay | Current estimated delay in seconds. |
offset | Current estimated offset in seconds. |
jitter | Current dispersion of the peer in seconds. |
show ntp peers
Use this command to display NTP peers.
Command Syntax
show ntp peers
Parameters
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show ntp peers
-----------------------------------------------------------
Peer IP Address Serv/Peer
-----------------------------------------------------------
216.239.35.4 Server (configured)
Table 14-25 explains the output fields.
Table 14-25: show ntp peers fields
Entry | Description |
---|
Peer IP Address | Address of the neighbor protocol. |
Serv/Peer | List of NTP peers and servers configured or dynamically learned. |
show ntp statistics
Use this command to display NTP statistics.
Command Syntax
show ntp statistics (io | local | memory | peer ( ipaddr (A.B.C.D | X:X::X:X ) | name (HOSTNAME)) )
Parameters
io
Counters maintained in the input-output module
local
Counters maintained in the local protocol module
memory
Counters related to memory allocation
peer
Counters associated with the specified peer
A.B.C.D
Peer IPv4 address
X:X::X:X
Peer IPv6 address
HOSTNAME
Peer host name
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show ntp statistics local
time since restart: 1685
time since reset: 1685
packets received: 4
packets processed: 0
current version: 0
previous version: 0
declined: 0
access denied: 0
bad length or format: 0
bad authentication: 0
rate exceeded: 0
#show ntp statistics memory
time since reset: 1698
total peer memory: 15
free peer memory: 15
calls to findpeer: 0
new peer allocations: 0
peer demobilizations: 0
hash table counts: 0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
0 0 0 0 0 0 0 0
Table 14-26 explains the output fields.
Table 14-26: show ntp statisticsfields
Entry | Description |
---|
Time since restart | Time when the ntp protocols were last started and how long they have been running. |
Time since reset | Time when the ntp protocols were last reset and how long they have been running. |
Packets received | Number of packets received from the peers. |
Packets processed | Number of packets processed to the peers. |
Current version | Current version of the protocol that is being used. |
Previous version | Previous version of the protocol that has been used. |
Declined | Access to the protocol declined |
Access denied | Number of attempts denied to access protocol |
Bad length or format | Number of messages received with length or format errors so severe that further classification could not occur. |
Bad authentication | Number of messages received with incorrect authentication. |
Rate exceeded | Exceed the configured rate if additional bandwidth is available from other queues |
Total peer memory | Actual memory available to the peer system. |
Free peer memory | Free memory available to the peer system. |
Calls to find peer | Number of calls to find peer. |
New peer allocations | Number of allocations from the free peer list. |
Peer demobilizations | Number of structures freed to free peer list. |
Hash table counts | Peer hash table’s each bucket count. |
show ntp trusted-keys
Use this command to display keys that are valid for authentication.
Command Syntax
show ntp trusted-keys
Parameters
None
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#show ntp trusted-keys
Trusted Keys:
333
#
Table 14-27 explains the output fields.
Table 14-27: show ntp trusted-keys fields
Entry | Description |
---|
Trusted Keys | Keys that are valid for authentication. |
show running-config ntp
Use this command to display the NTP running configuration.
Command Syntax
show running-config ntp (|all)
Parameters
all
Reserved for future use
Command Mode
Exec mode and Privileged Exec mode
Applicability
This command was introduced before OcNOS version 1.3.
Example
#sh running-config ntp
feature ntp vrf management
ntp enable vrf management
ntp authenticate vrf management
ntp logging vrf management
ntp authentication-key 123 md5 0xa2cb891442844220 7 vrf management
ntp trusted-key 123 vrf management
ntp server 216.239.35.4 vrf management