This is the documentation for the 20.10 version. Looking for the documentation of the latest version? Have a look here.

NTP RestrictionsΒΆ

NTP restrictions control how NTP treats traffic from peers. The NTP Configuration Examples at the start of this section contains a good set of restrictions to use as a starting point.

These restrictions are configured using the restrict command from within config-ntp mode.

restrict <default|source|host|prefix>

This command enters config-ntp-restrict mode.

The restriction is placed upon an address specified as:


The default restriction for any host.


Default restrictions for associated hosts.


An address specified as an FQDN to be resolved using DNS.


An IPv4 or IPv6 network specification.

In config-ntp-restrict mode, the following settings control what hosts matching this restriction can do:


Sends a Kiss of Death packet to misbehaving clients. Only works when paired with the limited option.


Enforce rate limits on clients. This does not apply to queries from ntpq/ntpdc or the show ntp <x> commands.


Allows clients to query read only server state information, but does not allow them to make changes.


Deny unauthorized associations. When using a server entry in pool mode, this should be present in the default restriction but not in the source restriction.


Deny ntpq/ntpdc/show ntp <x> queries for NTP daemon information. Does not affect NTP acting as a time server.


Disables time service. Still allows ntpq/ntpdc/show ntp <x> queries


Decline mode 6 trap service to clients.