3 Replies Latest reply: May 8, 2012 6:02 AM by learning cookie monster RSS

    ntp peer vs.ntp server

    learning cookie monster

      I have read through the doc CD (http://www.cisco.com/en/US/customer/docs/ios-xml/ios/bsm/configuration/12-4t/bsm-time-calendar-set.html#GUID-A1071998-72BE-4F2E-8BC0-3A9FDC5D67EE)  about these two settings. It is a bit like reading a law book and am getting confused on difference. Is it just that when configured as ntp server, the device will listen and respond to requests but not use the source to synchronize & ntp peer it will listen respond for updates and use source to synchronize. There are references to ACLs being used. Can anyone elaborate and post examples.


      Much thanks,



        • 1. Re: ntp peer vs.ntp server
          Sergey Fer

          NTP server is what it says - server. If it is only server (not client also) it does not sycnronize it's clock to anybody else. Peer is another thing. When your create peer-to-peer NTP BOTH neighbors may synchronize each other's clocks.

          You may use ACLs to block some types of NTP messages to restrict syncronization possibilities.

          • 2. Re: ntp peer vs.ntp server
            Scott Morris - CCDE/4xCCIE/2xJNCIE

            It has to do with authority.


            The "ntp server" command points to a server (meaning you are the client), and no matter what your clock says, you will jump to the server's clock setting because it has presumed authority of knowing what time it is.


            The "ntp peer" command is set between two devices.  And the assumption is that  neither one has authority (equal, peering) to know what time it is, but the two will work on getting in sync.  Both sides will actually shift their clock (maximum jump of two minutes at a time, so if clocks are way different then it'll take a while to sync!) towards each other.


            Peer 1 = 9am, peer 2 = 10 am...  Eventually, both will think it's somewhere around 9:30am with no bearing on reality.





            • 3. Re: ntp peer vs.ntp server
              learning cookie monster

              Thank you both. Very helpful information. I found syntax in master reference for ACLs




              Not much explanation in configuration guide but appears to be straight forward. Now I am looking up Kiss of Death. That is a new one for me.


              ntp access-group

              To control access to the Network Time Protocol (NTP) services on the system, use the ntp access-group command in global configuration mode. To remove access control to the NTP services, use the no form of this command.

              ntp access-group {peer | query-only | serve | serve-only} {access-list-number |access-list-number-expanded | access-list-name} [kod]

              no ntp [access-group {peer | query-only | serve | serve-only} {access-list-number |access-list-number-expanded | access-list-name}]

              Syntax Description



              Allows time requests and NTP control queries and allows the system to synchronize to the remote system.


              Allows only NTP control queries. See RFC 1305 (NTP version 3).


              Allows time requests and NTP control queries, but does not allow the system to synchronize to the remote system.


              Allows only time requests.


              Note You must configure the ntp server ip-addresscommand before using the serve-onlykeyword.


              Number (from 1 to 99) of a standard IPv4 access list.


              Number (from 1300 to 1999) of an expanded range IPv4 access list.


              Name of an access list.


              (Optional) Sends the "Kiss-o-Death" (KOD) packet to any host that tries to send a packet that is not compliant with the access-group policy.