NTP Access Control Menu
Page 12-39

Create Restrict Entry/Add Flags to Entry

It is possible to place restriction flags on specific NTP entities in relation to the switch. Restric-
tion flags prevent messages or information coming from the NTP entity from affecting the
switch.
To create a restriction flag, enter the ntpcres command as shown:
ntpcres <address> <mask> <restriction>
where <address> is the IP address of the NTP entity, <mask> is the entity’s subnet mask, and
<restriction> is the specific flag you want to place on the entity. For example to put an ignore
restriction on an entity with address 1.1.1.1 and a subnet mask of 255.255.0.0, enter the
following:
ntpcres 1.1.1.1 255.255.0.0 ignore
The following is a list of possible restriction flags that can be used:
ignore Ignore all packets from hosts which match this entry. If this flag
is specified neither queries nor time server polls will be
responded to.
noquery Ignore all NTP information queries and configuration requests
from the source. Time service is not affected.
nomodify Ignore all NTP information queries and configuration requests
that attempt to modify the state of the server (i.e., run time
reconfiguration). Queries which return information are permit-
ted.
notrap Decline to provide control message trap service to matching
hosts. The trap service is a subsystem of the control message
protocol which is intended for use by remote event logging
programs.
lowpriotrap Declare traps set by matching hosts to be low priority. The
number of traps a server can maintain is limited (the current
limit is 3). Traps are usually assigned on a first come, first serve
basis, with later trap requestors being denied service. This flag
modifies the assignment algorithm by allowing low priority
traps to be overridden by later requests for normal priority
traps. For more information on setting traps see Configure a
Trap in the Server on page 12-41
noserve Ignore NTP packets other than information queries and configu-
ration requests. In effect, time service is denied, though queries
may still be permitted.
nopeer Provide stateless time service to polling hosts, but do not allo-
cate peer memory resources to these hosts even if they other-
wise might be considered useful as future synchronization
partners.
notrust Treat these hosts normally in other respects, but never use
them as synchronization sources.