Configuring NTP Access Restrictions for a Specific Address (SRC CLI)
By default, all the clients (any IPv4 or IPv6 addresses of any network) except localhost are restricted to access the NTP server. Some of the CLI commands (for example, show ntp status) will work only if the access to the localhost is allowed. So, we recommend you to not delete the access to the localhost. You can use the system ntp restrict address address command to allow access for specific addresses to your NTP server and to configure NTP access restriction options for those addresses.
system ntp restrict address address {
mask mask;
kod;
nomodify;
nopeer;
noquery;
notrap;
}
To configure NTP access restrictions for a specific address:
- From configuration mode, access the configuration statement
that restricts NTP access for a specific address.[edit]user@host# set system ntp restrict address address ;
- Specify the subnet mask of the host.[edit system ntp restrict address address ]user@host# set mask mask;
- Specify whether to send a kiss-of-death packet if the
client limit has exceeded.[edit system ntp restrict address address ]user@host# set kod;
- Specify whether to restrict the client from making any
changes to the NTP configurations.[edit system ntp restrict address address ]user@host# set nomodify;
- Specify whether to prevent the client from establishing
a peer association.[edit system ntp restrict address address ]user@host# set nopeer;
- Specify whether to prevent the client from performing
ntpq and ntpdc queries, but not time queries.[edit system ntp restrict address address ]user@host# set noquery;
- Specify whether to prevent the client from configuring
control message traps.[edit system ntp restrict address address ]user@host# set notrap;