Restricting Peers


You want to restrict whom your router will provide NTP services to.


You can use the ntp access-group command to restrict which devices you want your router to allow NTP associations with:

Router#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#access-list 88 permit host
Router(config)#access-list 88 permit host
Router(config)#access-list 99 permit
Router(config)#access-list 99 permit
Router(config)#clock timezone EST -5
Router(config)#clock summer-time EDT recurring
Router(config)#ntp server version 3
Router(config)#ntp server version 3
Router(config)#ntp access-group peer 88
Router(config)#ntp access-group serve-only 99



In this example, the router will allow the internal clock to be synchronized by the two NTP servers listed in access-list number 88,, and The router also allows time requests only from the client devices permitted by access-list 99.

By default, NTP has no access controls, and it gives full access to all NTP devices. The ntp access-group command limits this access to various NTP services. In the example above, the peer keyword means that the router will only allow its internal clock to be changed by those remote servers and peers permitted by the access-list.

The serve-only keyword specifies the clients permitted to obtain time services from the router. In the above example, the serve-only access-list (99) permits two entire subnets, and This means that any NTP clients residing on either of these two subnets can obtain time services from the local router. Using the same method, you can limit the access-list to a single subnet, a group of hosts, or no one. Omitting the ntp access-group serve-only command completely prevents the router from providing time services.

NTP access-groups provide excellent granularity of access to time services on a global basis. Used in conjunction with the interface command ntp disable, NTP access-groups can form the basis of an effective access control strategy.

See Also

Recipe 14.11

Router Configuration and File Management

Router Management

User Access and Privilege Levels


IP Routing





Frame Relay

Handling Queuing and Congestion

Tunnels and VPNs

Dial Backup

NTP and Time


Router Interfaces and Media

Simple Network Management Protocol





First Hop Redundancy Protocols

IP Multicast

IP Mobility




Appendix 1. External Software Packages

Appendix 2. IP Precedence, TOS, and DSCP Classifications


Cisco IOS Cookbook
Cisco IOS Cookbook (Cookbooks (OReilly))
ISBN: 0596527225
EAN: 2147483647
Year: 2004
Pages: 505 © 2008-2020.
If you may any questions please contact us: