Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?


Configuring NTP Access Restrictions for a Specific Address (SRC CLI)


By default, all the clients (any IPv4 or IPv6 addresses of any network) except localhost are restricted to access the NTP server. Some of the CLI commands (for example, show ntp status) will work only if the access to the localhost is allowed. So, we recommend you to not delete the access to the localhost. You can use the system ntp restrict address address command to allow access for specific addresses to your NTP server and to configure NTP access restriction options for those addresses.

To configure NTP access restrictions for a specific address:

  1. From configuration mode, access the configuration statement that restricts NTP access for a specific address.
  2. Specify the subnet mask of the host.
  3. Specify whether to send a kiss-of-death packet if the client limit has exceeded.
  4. Specify whether to restrict the client from making any changes to the NTP configurations.
  5. Specify whether to prevent the client from establishing a peer association.
  6. Specify whether to prevent the client from performing ntpq and ntpdc queries, but not time queries.
  7. Specify whether to prevent the client from configuring control message traps.