Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

ntp threshold

 

Syntax

Hierarchy Level

Release Information

Statement introduced in Junos OS Release 15.1X49-D70.

Description

Assign a threshold value for Network Time Protocol (NTP) adjustment that is outside of the acceptable NTP update and specify whether to accept or reject NTP synchronization when the proposed time from the NTP server exceeds the configured threshold value. If accept is the specified action, the system synchronizes the device time with the NTP server, but logs the time difference between the configured threshold and the time proposed by the NTP server; if reject is the specified action, synchronization with the time proposed by the NTP server is rejected, but the system provides the option of manually synchronizing the device time with the time proposed by the NTP server and logs the time difference between the configured threshold and the time proposed by the NTP server. By logging the time difference and rejecting synchronization when the configured threshold is exceeded, this feature helps improve security on the NTP service.

If this command is not configured or by default, the NTP will allow time adjustments for up to 1000 seconds except for first time adjustment. After NTP synchronization starts, it will allow first time adjustment to happen without any time limit. After first time adjustment happens, 1000 seconds time limit will be enforced for future time adjustments.

Options

valueSpecify the maximum value in seconds allowed for NTP adjustment.

Range: 1 through 600.

Default: The default value is 400.

actionSpecify the actions for NTP abnormal adjustment.
  • accept—Enable log mode for abnormal NTP adjustment. When the proposed time from the NTP server is outside of the configured threshold value, the device time synchronizes with the NTP server, but the system logs the time difference between the configured threshold and the time proposed by the NTP server.

  • reject—Enable log and reject mode for abnormal NTP adjustment. When the proposed time from the NTP server is outside of the configured threshold value, the system rejects synchronization, but provides the option for manually synchronizing the time and logs the time difference between the configured threshold and the time proposed by the NTP server.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.