Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 

Configuring NTP Access Restrictions for All IPv6 Addresses (SRC CLI)

 

By default, all the clients (any IPv4 or IPv6 addresses of any network) except localhost are restricted to access the NTP server. Some of the CLI commands (for example, show ntp status) will work only if the access to the localhost is allowed. So, we recommend you to not delete the access to the localhost. You can use the system ntp restrict default-v6 command to allow access for all IPv6 addresses to your NTP server and to configure NTP access restriction options for IPv6 addresses.

Note

We recommend you to not delete or change the default restrictions available for the system ntp restrict default-v6 command to avoid vulnerabilities.

To configure NTP access restrictions for all IPv6 addresses:

  1. From configuration mode, access the configuration statement that restricts NTP access for all IPv6 addresses.
  2. Specify whether to send a kiss-of-death packet if the client limit has exceeded.
  3. Specify whether to restrict the client from making any changes to the NTP configurations.
  4. Specify whether to prevent the client from establishing a peer association.
  5. Specify whether to prevent the client from performing ntpq and ntpdc queries, but not time queries.
  6. Specify whether to prevent the client from configuring control message traps.