|
|
This chapter describes the commands used to perform basic system management tasks, such as naming the router and setting time services.
For basic system management configuration tasks and examples, refer to the chapter entitled "Performing Basic System Management" in the Configuration Fundamentals Configuration Guide.
To create a command alias, use the alias global configuration command. Use the no form of this command to delete all aliases in a command mode or to delete a specific alias, and to revert to the original command syntax.
alias mode alias-name alias-command-line
mode | Command mode of the original and alias commands. See Table 119 for a list of options for this argument. |
alias-name | Command alias. |
alias-command-line | Original command syntax. |
Default aliases are in EXEC mode as follows:
| Command Alias | Original Command |
|---|---|
h | help |
lo | logout |
p | ping |
r | resume |
s | show |
w | where |
Global configuration
This command first appeared in Cisco IOS Release 10.3.
You can use simple words or abbreviations as aliases. The aliases in the "Defaults" section are predefined. They can be turned off using the no alias command.
Table 119 shows the acceptable options for the mode argument in the alias global configuration command.
| Argument Options | Mode |
|---|---|
configuration | Global configuration |
controller | Controller configuration |
exec | EXEC |
hub | Hub configuration |
interface | Interface configuration |
ipx-router | IPX router configuration |
line | Line configuration |
map-class | Map class configuration |
map-list | Map list configuration |
route-map | Route map configuration |
router | Router configuration |
See the summary of command modes in the "Understanding the Command Line Interface" chapter in the Configuration Fundamentals Configuration Guide for more information about command modes.
When you use online help, command aliases are indicated by an asterisk (*), as follows:
Router#lo? *lo=logout lock login logout
When you use online help, aliases that contain spaces (for example, telnet device.cisco.com 25) are displayed as follows:
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# alias exec device-mail telnet device.cisco.com 25 Router(config)# end Router# device-mail? *device-mail="telnet device.cisco.com 25"
When you use online help, the alias is expanded and replaced with the original command, as shown in the following example with the td alias:
Router(config)# alias exec td trace device Router(config)# ^Z Router# t? *td="trace device" telnet terminal test tn3270 trace
To list only commands and omit aliases, begin your input line with a space. In the following example, the alias td is not shown, because there is a space before the t? command line.
Router# t? telnet terminal test tn3270 trace
As with commands, you can use online help to display the arguments and keywords that can follow a command alias. In the following example, the alias td is created to represent the command telet device. The /debug and /line switches can be added to telnet device to modify the command:
Router(config)# alias exec td telnet device
Router(config)# ^Z
Router# td ?
/debug Enable telnet debugging mode
/line Enable telnet line mode
...
whois Whois port
<cr>
Router# telnet device
You must enter the complete syntax for the alias command. Partial syntax for aliases are not accepted. In the following example, the parser does not recognize the command t as indicating the alias td.
Router# t % Ambiguous command: "t"
In the following example, the alias fixmyrt is created for the IP route198.92.116.16:
alias exec fixmyrt clear ip route 198.92.116.16
You can use the master indexes or search online to find documentation of related commands.
To set the system calendar, use one of the formats of the calendar set EXEC command.
calendar set hh:mm:ss day month year
hh:mm:ss | Current time in hours (24-hour format), minutes, and seconds. |
day | Current day (by date) in the month. |
month | Current month (by name). |
year | Current year (no abbreviation). |
EXEC
This command first appeared in Cisco IOS Release 10.0.
Some platforms have a hardware-based system calendar that is separate from the software-based system clock. The system calendar is a battery-powered clock in the hardware and runs continuously, even if the router is powered off or rebooted. The system clock is a software clock and is set from the system calendar when the system is booted or when the clock read-calendar EXEC command is issued. The time specified in this command is relative to the configured time zone.
In the following example, the system calendar is manually set to 1:32 p.m. on July 23, 1997:
calendar set 13:32:00 23 July 1997
You can use the master indexes or search online to find documentation of related commands.
clock read-calendar
clock set
clock summer-time
clock timezone
clock update-calendar
To configure a router as a time source for a network based on its calendar, use the clock calendar-valid global configuration command. Use the no form of this command to specify that the calendar is not an authoritative time source.
clock calendar-validThis command has no arguments or keywords.
The router is not configured as a time source.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Some platforms have a hardware-based system calendar that is separate from the software-based system clock. The calendar is a battery-powered clock in the hardware and runs continuously, even if the router is powered off or rebooted. If you have no outside time source available on your network, use this command to make the calendar an authoritative time source.
In the following example, a router is configured as the time source for a network based on its calendar:
clock calendar-valid
You can use the master indexes or search online to find documentation of related commands.
ntp master
vines time use-system
To manually read the system calendar settings into the system clock, use the clock read-calendar EXEC command.
clock read-calendarThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 10.0.
Some platforms have a hardware-based system calendar that is separate from the software-based system clock. The system calendar is a battery-powered clock in the hardware and runs continuously, even if the router is powered off or rebooted. The system clock is a software clock and is set from the system calendar when the system is booted. When the router is rebooted, the system calendar settings are read into the system clock automatically. However, you may use this command to manually read the calendar settings into the system clock. This command is useful if the calendar set command has been used to change the setting of the system calendar.
In the following example, the system clock is configured to set its date and time by the calendar setting:
clock read-calendar
You can use the master indexes or search online to find documentation of related commands.
calendar set
clock set
clock update-calendar
ntp update-calendar
To manually set the system clock, use one of the formats of the clock set EXEC command.
clock set hh:mm:ss day month year
hh:mm:ss | Current time in hours (24-hour format), minutes, and seconds. |
day | Current day (by date) in the month. |
month | Current month (by name). |
year | Current year (no abbreviation). |
EXEC
This command first appeared in Cisco IOS Release 10.0.
Generally, if the system is synchronized by a valid outside timing mechanism, such as an NTP or VINES clock source, or if you have a router with calendar capability, you do not need to set the system clock. Use this command if no other time sources are available. The time specified in this command is relative to the configured time zone.
In the following example, the system clock is manually set to 1:32 p.m. on July 23, 1997:
clock set 13:32:00 23 July 1997
You can use the master indexes or search online to find documentation of related commands.
calendar set
clock read-calendar
clock summer-time
clock timezone
To configure the system to automatically switch to summer time (daylight savings time), use one of the formats of the clock summer-time global configuration command. Use the no form of this command to configure the Cisco IOS software not to automatically switch to summer time.
clock summer-time zone recurring [week day month hh:mm week day month hh:mm [offset]]
zone | Name of the time zone (PDT,...) to be displayed when summer time is in effect. |
recurring | Indicates that summer time should start and end on the corresponding specified days every year. |
date | Indicates that summer time should start on the first specific date listed in the command and end on the second specific date in the command. |
week | Week of the month (1 to 5 or last). |
day | Day of the week (Sunday, Monday,...). |
date | Date of the month (1 to 31). |
month | Month (January, February,...). |
year | Year (1993 to 2035). |
hh:mm | Time (24-hour format) in hours and minutes. |
offset | (Optional) Number of minutes to add during summer time (default is 60). |
Summer time is disabled. If clock summer-time zone recurring is specified without parameters, the summer time rules default to United States rules. Default of offset is 60.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command if you want to automatically switch to summer time (for display purposes only). Use the recurring form of the command if the local summer time rules are of this form. Use the date form to specify a start and end date for summer time if you cannot use the first form.
In both forms of the command, the first part of the command specifies when summer time begins, and the second part specifies when it ends. All times are relative to the local time zone. The start time is relative to standard time. The end time is relative to summer time. If the starting month is after the ending month, the system assumes that you are in the Southern Hemisphere.
In the following example, summer time starts on the first Sunday in April at 02:00 and ends on the last Sunday in October at 02:00:
clock summer-time PDT recurring 1 Sunday April 2:00 last Sunday October 2:00
If you live in a place where summer time does not follow the pattern in the first example, you could set it to start on October 12, 1997 at 02:00, and end on April 26, 1998 at 02:00, with the following example:
clock summer-time date 12 October 1997 2:00 26 April 1998 2:00
You can use the master indexes or search online to find documentation of related commands.
To set the time zone for display purposes, use the clock timezone global configuration command. To set the time to Coordinated Universal Time (UTC), use the no form of this command.
clock timezone zone hours [minutes]
zone | Name of the time zone to be displayed when standard time is in effect. |
hours | Hours offset from UTC. |
minutes | (Optional) Minutes offset from UTC. |
UTC
Global configuration
This command first appeared in Cisco IOS Release 10.0.
The system internally keeps time in UTC, so this command is used only for display purposes and when the time is manually set.
In the following example, the timezone is set to Pacific Standard Time and is offset 8 hours behind UTC:
clock timezone PST -8
You can use the master indexes or search online to find documentation of related commands.
calendar set
clock set
clock summer-time
show clock
To set the system calendar from the system clock, use the clock update-calendar EXEC command.
clock update-calendarThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 10.0.
Some platforms have a hardware-based system calendar that is separate from the software-based system clock. The system calendar is a battery-powered clock in the hardware and runs continuously, even if the router is powered off or rebooted. The system clock is a software clock and is set from the system calendar when the system is booted
If the system clock and system calendar are not synchronized, and the system clock is more accurate, use this command to update the system calendar to the correct date and time.
In the following example, the current time is copied from the system clock to the calendar:
clock update-calendar
You can use the master indexes or search online to find documentation of related commands.
clock read-calendar
ntp update-calendar
To generate a configuration that is compatible with an earlier Cisco IOS release, use the downward-compatible-config global configuration command. To remove this feature, use the no form of this command.
downward-compatible-config version
version | Cisco IOS Release number, not earlier than 10.2. |
Disabled
Global configuration
This command first appeared in Cisco IOS Release 11.1.
In Cisco IOS Release 10.3, IP access lists changed format. Use this command to regenerate a configuration in a format prior to Release 10.3 if you are going to downgrade from a Release 10.3 or later to an earlier release. The earliest release this command accepts is 10.2.
When this command is configured, the router attempts to generate a configuration that is compatible with the specified version. Currently, this command affects only IP access lists.
Under some circumstances, the software might not be able to generate a fully backward-compatible configuration. In such a case, the software issues a warning message.
In the following example, the router attempts to generate a configuration file compatible with Cisco IOS Release 10.2:
downward-compatible-config 10.2
You can use the master indexes or search online to find documentation of related commands.
access-list (extended)
access-list (standard)
To specify or modify the host name for the network server, use the hostname global configuration command. The host name is used in prompts and default configuration filenames. The setup command facility also prompts for a host name at startup.
hostname name
name | New host name for the network server. |
The factory-assigned default host name is router.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
The order of display at startup is banner message-of-the-day (MOTD), then login and password prompts, then EXEC banner.
Do not expect case to be preserved. Upper- and lowercase characters look the same to many internet software applications (often under the assumption that the application is doing you a favor). It may seem appropriate to capitalize a name the same way you might do in English, but conventions dictate that computer names appear all lowercase. For more information, refer to RFC 1178, Choosing a Name for Your Computer.
The name must also follow the rules for ARPANET host names. They must start with a letter, end with a letter or digit, and have as interior characters only letters, digits, and hyphens. Names must be 63 characters or fewer. For more information, refer to RFC 1035, Domain Names--Implementation and Specification.
The following example changes the host name to sandbox:
hostname sandbox
You can use the master indexes or search online to find documentation of related commands.
setup
This command has no arguments or keywords.
Enabled
Global configuration
This command first appeared in Cisco IOS Release 11.2.
By default, the BOOTP server is enabled.
When you disable the BOOTP server, access to the BOOTP ports cause the Cisco IOS software to send an "ICMP port unreachable" message to the sender and discard the original incoming packet.
The following example disables the BOOTP service on the router:
no ip bootp server
Use the ip telnet source-interface global configuration command to allow a user to select an address of an interface as the source address for Telnet connections. Use the no form of this command to reset the source address to the default for each connection.
ip telnet source-interface interface
interface | The interface whose address is to be used as the source for Telnet connections. |
The address of the closest interface to the destination as the source address. If the selected interface is not "up," the Cisco IOS software selects the address of the closest interface to the destination as the source address.
Global configuration
This command first appeared in Cisco IOS Release 11.1.
Use this command to set an interface's IP address as the source for all Telnet connections.
The following example makes the IP address for Ethernet interface 1 as the source address for Telnet connections:
ip telnet source-interface e 1
You can use the master indexes or search online to find documentation of related commands.
ip tacacs source-interface
ip tftp source-interface
ip radius source-interface
Use the ip tftp source-interface global configuration command to allow a user to select the interface whose address will be used as the source address for TFTP connections.
ip tftp source-interface interface
interface | The interface whose address is to be used as the source for TFTP connections. |
The address of the closest interface to the destination as the source address. If the selected interface is not "up," the Cisco IOS software selects the address of the closest interface to the destination as the source address.
Global configuration
This command first appeared in Cisco IOS Release 11.1.
Use this command to set an interface's IP address as the source for all TFTP connections.
The following example makes the IP address for Ethernet interface 1 as the source address for TFTP connections:
ip tftp source-interface e 1
You can use the master indexes or search online to find documentation of related commands.
ip radius source-interface
ip tacacs source-interface
ip telnet source-interface
To control access to the system's Network Time Protocol (NTP) services, use the ntp access-group global configuration command. To remove access control to the system's NTP services, use the no form of this command.
ntp access-group {query-only | serve-only | serve | peer} access-list-number
query-only | Allows only NTP control queries. See RFC 1305 (NTP version 3). |
serve-only | Allows only time requests. |
serve | Allows time requests and NTP control queries, but does not allow the system to synchronize to the remote system. |
peer | Allows time requests and NTP control queries and allows the system to synchronize to the remote system. |
access-list-number | Number (1 to 99) of a standard IP access list. |
No access control (full access granted to all systems)
Global configuration
This command first appeared in Cisco IOS Release 10.0.
The access group options are scanned in the following order from least restrictive to most restrictive:
1. peer
2. serve
3. serve-only
4. query-only
Access is granted for the first match that is found. If no access groups are specified, all access is granted to all sources. If any access groups are specified, only the specified access is granted. This facility provides minimal security for the time services of the system. However, it can be circumvented by a determined programmer. If tighter security is desired, use the NTP authentication facility.
In the following example, the system is configured to allow itself to be synchronized by a peer from access list 99. However, the system restricts access to allow only time requests from access list 42.
ntp access-group peer 99 ntp access-group serve-only 42
You can use the master indexes or search online to find documentation of related commands.
access-list
To enable Network Time Protocol (NTP) authentication, use the ntp authenticate global configuration command. Use the no form of this command to disable the feature.
ntp authenticateThis command has no keywords or arguments.
No authentication
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command if you want authentication. If this command is specified, the system will not synchronize to a system unless it carries one of the authentication keys specified in the ntp trusted-key command.
In the following example, the system is configured to synchronize only to systems providing authentication key 42 in its NTP packets:
ntp authenticate ntp authentication-key 42 md5 aNiceKey ntp trusted-key 42
You can use the master indexes or search online to find documentation of related commands.
ntp authentication-key
ntp trusted-key
To define an authentication key for Network Time Protocol (NTP), use the ntp authentication-key global configuration command. Use the no form of this command to remove the authentication key for NTP.
ntp authentication-key number md5 value
number | Key number (1 to 4294967295). |
md5 | Authentication key. Message authentication support is provided using the Message Digest (MD5) algorithm. The key type md5 is currently the only key type supported. |
value | Key value (an arbitrary string of up to eight characters). |
No authentication key is defined for NTP.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command to define authentication keys for use with other NTP commands in order to provide a higher degree of security.
In the following example, the system is configured to synchronize only to systems providing authentication key 42 in its NTP packets:
ntp authenticate ntp authentication-key 42 md5 aNiceKey ntp trusted-key 42
You can use the master indexes or search online to find documentation of related commands.
ntp authenticate
ntp peer
ntp server
ntp trusted-key
To specify that a specific interface should send Network Time Protocol (NTP) broadcast packets, use the ntp broadcast interface configuration command. Use the no form of this command to disable this capability.
ntp broadcast [version number]
version number | (Optional) Number from 1 to 3 indicating the NTP version. |
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 10.0.
In the following example, Ethernet interface 0 is configured to send NTP version 2 packets:
interface ethernet 0 ntp broadcast version 2
You can use the master indexes or search online to find documentation of related commands.
ntp broadcast client
ntp broadcastdelay
To allow the system to receive NTP broadcast packets on an interface, use the ntp broadcast client interface configuration command. Use the no form of this command to disable this capability.
ntp broadcast clientThis command has no arguments or keywords.
Disabled
Interface configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command to allow the system to listen to broadcast packets on an interface-by-interface basis.
In the following example, the Cisco IOS software synchronizes to NTP packets broadcast on Ethernet interface 1:
interface ethernet 1ntp broadcast client
You can use the master indexes or search online to find documentation of related commands.
ntp broadcast
ntp broadcastdelay
To set the estimated round-trip delay between the Cisco IOS software and a Network Time Protocol (NTP) broadcast server, use the ntp broadcastdelay global configuration command. Use the no form of this command to revert to the default value.
ntp broadcastdelay microseconds
microseconds | Estimated round-trip time (in microseconds) for NTP broadcasts. The range is from 1 to 999999. |
3000 microseconds
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command when the router is configured as a broadcast client and the round-trip delay on the network is other than 3000 microseconds.
In the following example, the estimated round-trip delay between a router and the broadcast client is set to 5000 microseconds:
ntp broadcastdelay 5000
You can use the master indexes or search online to find documentation of related commands.
ntp broadcast
ntp broadcast client
 | Caution Do not enter this command; it is documented for informational purposes only. The system automatically generates this command as Network Time Protocol (NTP) determines the clock error and compensates. |
As NTP compensates for the error in the system clock, it keeps track of the correction factor for this error. The system automatically saves this value into the system configuration using the ntp clock-period global configuration command. The system uses the no form of this command to revert to the default.
ntp clock-period value
value | Amount to add to the system clock for each clock hardware tick (in units of |
17179869 2-32 seconds (4 milliseconds)
Global configuration
This command first appeared in Cisco IOS Release 10.0.
If a copy running-config startup-config command is entered to save the configuration to NVRAM, this command will automatically be added to the configuration. It is a good idea to perform this task after NTP has been running for a week or so; this will help NTP synchronize more quickly if the system is restarted.
To prevent an interface from receiving Network Time Protocol (NTP) packets, use the ntp disable interface configuration command. To enable receipt of NTP packets on an interface, use the no form of this command.
ntp disableThis command has no arguments or keywords.
Enabled
Interface configuration
This command first appeared in Cisco IOS Release 10.0.
This command provides a simple method of access control.
In the following example, Ethernet interface 0 is prevented from receiving NTP packets:
interface ethernet 0 ntp disable
To configure the Cisco IOS software as a Network Time Protocol (NTP) master clock to which peers synchronize themselves when an external NTP source is not available, use the ntp master global configuration command. To disable the master clock function, use the no form of this command.
ntp master [stratum] | Caution Use this command with extreme caution. It is very easy to override valid time sources using this command, especially if a low stratum number is configured. Configuring multiple machines in the same network with the ntp master command can cause instability in keeping time if the machines do not agree on the time. |
stratum | (Optional) Number from 1 to 15. Indicates the NTP stratum number that the system will claim. |
By default, the master clock function is disabled. When enabled, the default stratum is 8.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Because Cisco's implementation of NTP does not support directly attached radio or atomic clocks, the router is normally synchronized, directly or indirectly, to an external system that has such a clock. In a network without Internet connectivity, such a time source may not be available. The ntp master command is used in such cases.
If the system has ntp master configured, and it cannot reach any clock with a lower stratum number, the system will claim to be synchronized at the configured stratum number, and other systems will be willing to synchronize to it via NTP.
In the following example, a router is configured as an NTP master clock to which peers may synchronize:
ntp master 10
You can use the master indexes or search online to find documentation of related commands.
To configure the system clock to synchronize a peer or to be synchronized by a peer, use the
ntp peer global configuration command. To disable this capability, use the no form of this command.
ip-address | IP address of the peer providing, or being provided, the clock synchronization. |
version | (Optional) Defines the Network Time Protocol (NTP) version number. |
number | (Optional) NTP version number (1 to 3). |
key | (Optional) Defines the authentication key. |
keyid | (Optional) Authentication key to use when sending packets to this peer. |
source | (Optional) Names the interface. |
interface | (Optional) Name of the interface from which to pick the IP source address. |
prefer | (Optional) Makes this peer the preferred peer that provides synchronization. |
No peers are configured by default. If a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command if you want to allow this machine to synchronize with the peer, or vice versa. Using the prefer keyword reduces switching back and forth between peers.
If you are using the default version of 3 and NTP synchronization does not occur, try using NTP version number 2. Many NTP servers on the Internet run version 2.
In the following example, a router is configured to allow its system clock to be synchronized with the clock of the peer (or vice versa) at IP address 192.168.22.33 using NTP version 2. The source IP address is the address of Ethernet 0.
ntp peer 192.168.22.33 version 2 source ethernet 0
You can use the master indexes or search online to find documentation of related commands.
ntp authentication-key
ntp server
ntp source
To allow the system clock to be synchronized by a time server, use the ntp server global configuration command. To disable this capability, use the no form of this command.
ntp server ip-address [version number] [key keyid] [source interface] [prefer]
ip-address | IP address of the time server providing the clock synchronization. |
version | (Optional) Defines the Network Time Protocol (NTP) version number. |
number | (Optional) NTP version number (1 to 3). |
key | (Optional) Defines the authentication key. |
keyid | (Optional) Authentication key to use when sending packets to this peer. |
source | (Optional) Identifies the interface from which to pick the IP source address. |
interface | (Optional) Name of the interface from which to pick the IP source address. |
prefer | (Optional) Makes this server the preferred server that provides synchronization. |
No peers are configured by default. If a peer is configured, the default NTP version number is 3, no authentication key is used, and the source IP address is taken from the outgoing interface.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command if you want to allow this machine to synchronize with the specified server. The server will not synchronize to this machine.
Using the prefer keyword reduces switching back and forth between servers.
If you are using the default version of 3 and NTP synchronization does not occur, try using NTP version number 2. Many NTP servers on the Internet run version 2.
In the following example, a router is configured to allow its system clock to be synchronized with the clock of the peer at IP address 172.16.22.44 using NTP version 2:
ntp server 172.16.22.44 version 2
You can use the master indexes or search online to find documentation of related commands.
ntp authentication-key
ntp peer
ntp source
To use a particular source address in Network Time Protocol (NTP) packets, use the ntp source global configuration command. Use the no form of this command to remove the specified source address.
ntp source type number
type | Type of interface. |
number | Number of the interface. |
Source address is determined by the outgoing interface.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Use this command when you want to use a particular source IP address for all NTP packets. The address is taken from the named interface. This command is useful if the address on an interface cannot be used as the destination for reply packets. If the source keyword is present on an ntp server or ntp peer command, that value overrides the global value.
In the following example, a router is configured to use the IP address of Ethernet 0 as the source address of all outgoing NTP packets:
ntp source ethernet 0
You can use the master indexes or search online to find documentation of related commands.
To authenticate the identity of a system to which Network Time Protocol (NTP) will synchronize, use the ntp trusted-key global configuration command. Use the no form of this command to disable authentication of the identity of the system.
ntp trusted-key key-number
key-number | Key number of authentication key to be trusted. |
Disabled
Global configuration
This command first appeared in Cisco IOS Release 10.0.
If authentication is enabled, use this command to define one or more key numbers (corresponding to the keys defined with the ntp authentication-key command) that a peer NTP system must provide in its NTP packets, in order for this system to synchronize to it. This provides protection against accidentally synchronizing the system to a system that is not trusted, since the other system must know the correct authentication key.
In the following example, the system is configured to synchronize only to systems providing authentication key 42 in its NTP packets:
ntp authenticate ntp authentication-key 42 md5 aNiceKey ntp trusted-key 42
You can use the master indexes or search online to find documentation of related commands.
ntp authenticate
ntp authentication-key
To periodically update the calendar from Network Time Protocol (NTP), use the ntp update-calendar global configuration command. Use the no form of this command to disable this feature.
ntp update-calendarThis command has no arguments or keywords.
The calendar is not updated.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Some platforms have a calendar which is separate from the system clock. This calendar runs continuously, even if the router is powered off or rebooted.
If a router is synchronized to an outside time source via NTP, it is a good idea to periodically update the calendar with the time learned from NTP. Otherwise, the calendar will tend to gradually lose or gain time. The calendar will be updated only if NTP has synchronized to an authoritative time server.
In the following example, the system is configured to periodically update the calendar from the system clock:
ntp update-calendar
You can use the master indexes or search online to find documentation of related commands.
clock read-calendar
clock update-calendar
string | Prompt. It can consist of all printing characters and the escape sequences listed in Table 120. |
The default prompt is either Router or the name defined with the hostname global configuration command, followed by an angle bracket (>) for EXEC mode or a pound sign (#) for privileged EXEC mode.
Global configuration
This command first appeared in Cisco IOS Release 10.3.
You can include escape sequences when specifying the prompt. All escape sequences are preceded by a percent sign (%). Table 120 lists the valid escape sequences.
| Escape Sequence | Interpretation |
|---|---|
%h | Host name. This is either Router or the name defined with the hostname global configuration command. |
%n | Physical terminal line (TTY) number of the EXEC user. |
%p | Prompt character itself. It is either an angle bracket (>) for EXEC mode or a pound sign (#) for privileged EXEC mode. |
%s | Space. |
%t | Tab. |
%% | Percent sign (%) |
Issuing the prompt %h command has the same effect as issuing the no prompt command.
The following example changes the EXEC prompt to include the TTY number, followed by the name and a space:
prompt TTY%n@%h%s%p
The following are examples of user and privileged EXEC prompts that result from the previous command:
TTY17@Router1 > TTY17SRouter1 #
You can use the master indexes or search online to find documentation of related commands.
To specify that line numbers be displayed and interpreted as decimal numbers rather than octal numbers, use the service decimal-tty global configuration command. Use the no form of this command to restore the default.
service decimal-ttyThis command has no arguments or keywords.
Decimal numbers on the 500-CS and Cisco 2500 Series.
Global configuration
This command first appeared in Cisco IOS Release 10.0.
The following example shows how to display decimal rather than octal line numbers:
service decimal-tty
To delay the startup of the EXEC on noisy lines, use the service exec-wait global configuration command. Use the no form of this command to disable this feature.
service exec-waitThis command has no arguments or keywords.
Disabled
Global configuration
This command first appeared in Cisco IOS Release 10.0.
This command delays startup of the EXEC until the line has been idle (no traffic seen) for 3 seconds. The default is to enable the line immediately on modem activation.
This command is useful on noisy modem lines or when a modem attached to the line is configured to ignore MNP or V.42 negotiations, and MNP or V.42 modems may be dialing in. In these cases, noise or MNP/V.42 packets may be interpreted as usernames and passwords, causing authentication failure before the user gets a chance to type a username/password. The command is not useful on non-modem lines or lines without some kind of login configured.
The following example delays the startup of the EXEC:
service exec-wait
To allow Finger protocol requests (defined in RFC 742) to be made of the network server, use the service finger global configuration command. This service is equivalent to issuing a remote show users command. Use the no form of this command to remove this service.
service fingerThis command has no arguments or keywords.
Enabled
Global configuration
This command first appeared in Cisco IOS Release 10.0.
The following example disables the Finger protocol:
no service finger
To hide addresses while trying to establish a Telnet session, use the service hide-telnet-address global configuration command. Use the no form of this command to remove this service.
service hide-telnet-addressThis command has no arguments or keywords.
Addresses are displayed.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
The hide feature improves the functionality of the busy-message feature. When you configure only the busy-message command, the normal messages generated during a connection attempt are not displayed; only the busy-message is displayed. When you use the hide and busy features together you can customize the information displayed during Telnet connection attempts. When you configure the service hide-telnet-address command and the busy-message command, the router suppresses the address and displays the message specified with the busy-message command if the connection attempt is not successful.
The following example shows how to hide Telnet addresses:
service hide-telnet-address
You can use the master indexes or search online to find documentation of related commands.
busy-message
To display the configuration prompt (config), use the service prompt config global configuration command. Use the no form of this command to remove the configuration prompt.
service prompt configThis command has no arguments or keywords.
The configuration mode prompts (hostname(config)#) appear in all configuration modes.
Global configuration
This command first appeared in Cisco IOS Release 11.1.
In the following example, the no service prompt config command prevents the configuration prompt from being displayed. The prompt is still displayed in EXEC mode. When the service prompt config command is entered, the configuration mode prompt reappears.
Router# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Router(config)# no service prompt config hostname bob end bob# configure terminal Enter configuration commands, one per line. End with CNTL/Z. service prompt config bob(config)# hostname Router Router(config)# end Router#
You can use the master indexes or search online to find documentation of related commands.
This command has no arguments or keywords.
Disabled
Global configuration
This command first appeared in Cisco IOS Release 11.1.
By default, the TCP servers for Echo, Discard, Chargen, and Daytime services are disabled.
When the minor TCP/IP servers are disabled, access to the Echo, Discard, Chargen, and Daytime ports cause the Cisco IOS software to send a TCP RESET packet to the sender and discard the original incoming packet.
The following example enables minor TCP/IP services available from the network:
service tcp-small-servers
To set the TCP window to zero (0) when the Telnet connection is idle, use the service telnet-zero-idle global configuration command. Use the no form of this command to disable this feature.
service telnet-zero-idleThis command has no arguments or keywords.
Disabled
Global configuration
This command first appeared in Cisco IOS Release 10.0.
Normally, data sent to noncurrent Telnet connections is accepted and discarded. When service telnet-zero-idle is enabled, if a session is suspended (that is, some other connection is made active or the EXEC is sitting in command mode), the TCP window is set to zero. This action prevents the remote host from sending any more data until the connection is resumed. Use this command when it is important that all messages sent by the host be seen by the users and the users are likely to use multiple sessions.
Do not use this command if your host will eventually time out and log out a TCP user whose window is zero.
The following example sets the TCP window to zero when the Telnet connection is idle:
service telnet-zero-idle
You can use the master indexes or search online to find documentation of related commands.
resume
This command has no arguments or keywords.
Disabled
Global configuration
This command first appeared in Cisco IOS Release 11.2.
By default the UPD servers for Echo, Discard, and Chargen services are disabled.
When the servers are disabled, access to Echo, Discard, and Chargen ports causes the Cisco IOS software to send an "ICMP port unreachable" message to the sender and discard the original incoming packet.
The following example disables minor UDP services on the router:
no service udp-small-servers
To display all alias commands, or the alias commands in a specified mode, use the show aliases EXEC command.
show aliases [mode]
mode | (Optional) Command mode. See Table 119 in the description of the alias command for acceptable options for the mode argument. |
EXEC
This command first appeared in Cisco IOS Release 10.3.
All of the modes listed in Table 119 have their own prompts, except for the null interface mode. For example, the prompt for interface configuration mode is Router(config-if).
The following is sample output from the show aliases exec commands. The aliases configured for commands in EXEC mode are displayed.
Router# show aliases exec Exec mode aliases: h help lo logout p ping r resume s show w where
You can use the master indexes or search online to find documentation of related commands.
To display the calendar hardware setting, use the show calendar EXEC command:
show calendarThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 10.0.
Some platforms have a calendar which is separate from the system clock. This calendar runs continuously, even if the router is powered off or rebooted.
You can compare the time and date shown with this command with the time and date listed via the show clock command to verify that the calendar and system clock are in sync with each other. The time displayed is relative to the configured time zone.
In the following sample display, the hardware calendar indicates the timestamp of 12:13:44 p.m. on Friday, July 19, 1996:
Router# show calendar 12:13:44 PST Fri Jul 19 1996
You can use the master indexes or search online to find documentation of related commands.
To display the system clock, use the show clock EXEC command.
show clock [detail]
detail | (Optional) Indicates the clock source (NTP, VINES, system calendar, and so forth) and the current summer-time setting (if any). |
EXEC
This command first appeared in Cisco IOS Release 10.0.
The system clock keeps an "authoritative" flag that indicates whether the time is authoritative (believed to be accurate). If the system clock has been set by a timing source (system calendar, NTP, VINES, and so forth), the flag is set. If the time is not authoritative, it will be used only for display purposes. Until the clock is authoritative and the "authoritative" flag is set, the flag prevents peers from synchronizing to the clock when the peers' time is invalid.
The symbol that precedes the show clock display indicates the following:
| Symbol | Description |
|---|---|
* | Time is not authoritative. |
(blank) | Time is authoritative. |
. | Time is authoritative, but NTP is not synchronized. |
The following sample output shows that the current clock is authoritative and that the time source is NTP:
Router# show clock detail 15:29:03.158 PST Mon Mar 3 1997 Time source is NTP
You can use the master indexes or search online to find documentation of related commands.
To show the status of Network Time Protocol (NTP) associations, use the show ntp associations EXEC command.
show ntp associations [detail]
detail | (Optional) Shows detailed information about each NTP association. |
EXEC
This command first appeared in Cisco IOS Release 10.0.
Detailed descriptions of the information displayed by this command can be found in the NTP specification (RFC 1305).
The following is sample output from the show ntp associations command:
Router# show ntp associations
address ref clock st when poll reach delay offset disp
~172.31.32.2 172.31.32.1 5 29 1024 377 4.2 -8.59 1.6
+~192.168.13.33 192.168.1.111 3 69 128 377 4.1 3.48 2.3
*~192.168.13.57 192.168.1.111 3 32 128 377 7.9 11.18 3.6
* master (synced), # master (unsynced), + selected, - candidate, ~ configured
Table 121 describes significant fields shown in the display.
| Field | Description |
|---|---|
(leading characters in display lines) | The first characters in a display line can be one or more of the following characters: * Synchronized to this peer # Almost synchronized to this peer + Peer selected for possible synchronization - Peer is a candidate for selection ~ Peer is statically configured |
address | Address of peer. |
ref clock | Address of peer's reference clock. |
st | Peer's stratum. |
when | Time since last NTP packet received from peer. |
poll | Polling interval (seconds). |
reach | Peer reachability (bit string, in octal). |
delay | Round-trip delay to peer (milliseconds). |
offset | Relative time of peer's clock to local clock (milliseconds). |
disp | Dispersion |
The following is sample output of the show ntp associations detail command:
Router# show ntp associations detail 172.31.32.2 configured, insane, invalid, stratum 5 ref ID 172.31.32.1, time AFE252C1.6DBDDFF2 (00:12:01.428 PDT Mon Jul 5 1993) our mode active, peer mode active, our poll intvl 1024, peer poll intvl 64 root delay 137.77 msec, root disp 142.75, reach 376, sync dist 215.363 delay 4.23 msec, offset -8.587 msec, dispersion 1.62 precision 2**19, version 3 org time AFE252E2.3AC0E887 (00:12:34.229 PDT Mon Jul 5 1993) rcv time AFE252E2.3D7E464D (00:12:34.240 PDT Mon Jul 5 1993) xmt time AFE25301.6F83E753 (00:13:05.435 PDT Mon Jul 5 1993) filtdelay = 4.23 4.14 2.41 5.95 2.37 2.33 4.26 4.33 filtoffset = -8.59 -8.82 -9.91 -8.42 -10.51 -10.77 -10.13 -10.11 filterror = 0.50 1.48 2.46 3.43 4.41 5.39 6.36 7.34 192.168.13.33 configured, selected, sane, valid, stratum 3 ref ID 192.168.1.111, time AFE24F0E.14283000 (23:56:14.078 PDT Sun Jul 4 1993) our mode client, peer mode server, our poll intvl 128, peer poll intvl 128 root delay 83.72 msec, root disp 217.77, reach 377, sync dist 264.633 delay 4.07 msec, offset 3.483 msec, dispersion 2.33 precision 2**6, version 3 org time AFE252B9.713E9000 (00:11:53.442 PDT Mon Jul 5 1993) rcv time AFE252B9.7124E14A (00:11:53.441 PDT Mon Jul 5 1993) xmt time AFE252B9.6F625195 (00:11:53.435 PDT Mon Jul 5 1993) filtdelay = 6.47 4.07 3.94 3.86 7.31 7.20 9.52 8.71 filtoffset = 3.63 3.48 3.06 2.82 4.51 4.57 4.28 4.59 filterror = 0.00 1.95 3.91 4.88 5.84 6.82 7.80 8.77 192.168.13.57 configured, our_master, sane, valid, stratum 3 ref ID 192.168.1.111, time AFE252DC.1F2B3000 (00:12:28.121 PDT Mon Jul 5 1993) our mode client, peer mode server, our poll intvl 128, peer poll intvl 128 root delay 125.50 msec, root disp 115.80, reach 377, sync dist 186.157 delay 7.86 msec, offset 11.176 msec, dispersion 3.62 precision 2**6, version 2 org time AFE252DE.77C29000 (00:12:30.467 PDT Mon Jul 5 1993) rcv time AFE252DE.7B2AE40B (00:12:30.481 PDT Mon Jul 5 1993) xmt time AFE252DE.6E6D12E4 (00:12:30.431 PDT Mon Jul 5 1993) filtdelay = 49.21 7.86 8.18 8.80 4.30 4.24 7.58 6.42 filtoffset = 11.30 11.18 11.13 11.28 8.91 9.09 9.27 9.57 filterror = 0.00 1.95 3.91 4.88 5.78 6.76 7.74 8.71
Table 122 describes significant fields shown in the display.
| Field | Descriptions |
|---|---|
configured | Peer was statically configured. |
dynamic | Peer was dynamically discovered. |
our_master | Local machine is synchronized to this peer. |
selected | Peer is selected for possible synchronization. |
candidate | Peer is a candidate for selection. |
sane | Peer passes basic sanity checks. |
insane | Peer fails basic sanity checks. |
valid | Peer time is believed to be valid. |
invalid | Peer time is believed to be invalid. |
leap_add | Peer is signaling that a leap second will be added. |
leap-sub | Peer is signaling that a leap second will be subtracted. |
unsynced | Peer is not synchronized to any other machine. |
ref ID | Address of machine peer is synchronized to. |
time | Last timestamp peer received from its master. |
our mode | Our mode relative to peer (active / passive / client / server / bdcast / bdcast client). |
peer mode | Peer's mode relative to us. |
our poll intvl | Our poll interval to peer. |
peer poll intvl | Peer's poll interval to us. |
root delay | Delay along path to root (ultimate stratum 1 time source). |
root disp | Dispersion of path to root. |
reach | Peer reachability (bit string in octal). |
sync dist | Peer synchronization distance. |
delay | Round trip delay to peer. |
offset | Offset of peer clock relative to our clock. |
dispersion | Dispersion of peer clock. |
precision | Precision of peer clock in Hz. |
version | NTP version number that peer is using. |
org time | Originate time stamp. |
rcv time | Receive time stamp. |
xmt time | Transmit time stamp. |
filtdelay | Round trip delay in milliseconds of each sample. |
filtoffset | Clock offset in milliseconds of each sample. |
filterror | Approximate error of each sample. |
You can use the master indexes or search online to find documentation of related commands.
To show the status of Network Time Protocol (NTP), use the show ntp status EXEC command.
show ntp statusThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 10.0.
The following is sample output from the show ntp status command:
Router# show ntp status Clock is synchronized, stratum 4, reference is 192.168.13.57 nominal freq is 250.0000 Hz, actual freq is 249.9990 Hz, precision is 2**19 reference time is AFE2525E.70597B34 (00:10:22.438 PDT Mon Jul 5 1993) clock offset is 7.33 msec, root delay is 133.36 msec root dispersion is 126.28 msec, peer dispersion is 5.98 msec
Table 123 shows the significant fields in the display.
| Field | Description |
|---|---|
synchronized | System is synchronized to an NTP peer. |
unsynchronized | System is not synchronized to any NTP peer. |
stratum | NTP stratum of this system. |
reference | Address of peer we are synchronized to. |
nominal freq | Nominal frequency of system hardware clock. |
actual freq | Measured frequency of system hardware clock. |
precision | Precision of this system's clock (in Hz). |
reference time | Reference timestamp. |
clock offset | Offset of our clock to synchronized peer. |
root delay | Total delay along path to root clock. |
root dispersion | Dispersion of root path. |
peer dispersion | Dispersion of synchronized peer. |
You can use the master indexes or search online to find documentation of related commands.
Use the show sntp EXEC command on a Cisco 1003, Cisco 1004, or Cisco 1005 router to show information about the Simple Network Time Protocol (SNTP).
show sntpThis command has no arguments or keywords.
EXEC
This command first appeared in Cisco IOS Release 11.2.
The following is sample output from the show sntp command:
Router# show sntp SNTP server Stratum Version Last Receive 171.69.118.9 5 3 00:01:02 172.21.28.34 4 3 00:00:36 Synced Bcast Broadcast client mode is enabled.
Table 124 describes the fields show in this display.
| Field | Description |
|---|---|
SNTP server | Address of the configured or broadcast NTP server. |
Stratum | NTP stratum of the server. The stratum indicates how far away from an authoritative time source the server is. |
Version | NTP version of the server. |
Last Receive | Time since the last NTP packet was received from the server. |
Synced | Indicates the server chosen for synchronization. |
Bcast | Indicates a broadcast server. |
You can use the master indexes or search online to find documentation of related commands.
sntp broadcast client
sntp server
Use the sntp broadcast client global configuration command to configure a Cisco 1003, Cisco 1004, or Cisco 1005 router to use the Simple Network Time Protocol (SNTP) to accept Network Time Protocol (NTP) traffic from any broadcast server. The no form of the command prevents the router from accepting broadcast traffic.
sntp broadcast clientThis command has no arguments or keywords.
The router does not accept SNTP traffic from broadcast servers.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
SNTP is a compact, client-only version of the Network Time Protocol (NTP). SNMP can only receive the time from NTP servers; it cannot be used to provide time services to other systems.
SNTP typically provides time within 100 milliseconds of the accurate time, but it does not provide the complex filtering and statistical mechanisms of NTP. In addition, SNTP does not authenticate traffic, although you can configure extended access lists to provide some protection.
You must configure the router with either this command or the sntp server command in order enable SNTP.
The following example enables the router to accept broadcast NTP packets and shows sample show sntp command output:
Router(config)# sntp broadcast client Router(config)# end Router# %SYS-5-CONFIG: Configured from console by console Router# show sntp SNTP server Stratum Version Last Receive 172.21.28.34 4 3 00:00:36 Synced Bcast Broadcast client mode is enabled.
You can use the master indexes or search online to find documentation of related commands.
Use the sntp server global configuration command to configure a Cisco 1003, Cisco 1004, Cisco 1005, 1720, or 800 router to use the Simple Network Time Protocol (SNTP) to request and accept Network Time Protocol (NTP) traffic from a stratum 1 time server. The no form of the command removes a server from the list of NTP servers.
sntp server {address | hostname} [version number]
address | IP address of the time server. |
hostname | Hostname of the time server. |
version number | (Optional) Version of NTP to use. The default is 1. |
The router does not accept SNTP traffic from a time server.
Global configuration
This command first appeared in Cisco IOS Release 11.2.
SNTP is a compact, client-only version of the Network Time Protocol (NTP). SNMP can only receive the time from NTP servers; it cannot be used to provide time services to other systems.
SNTP typically provides time within 100 milliseconds of the accurate time, but it does not provide the complex filtering and statistical mechanisms of NTP. In addition, SNTP does not authenticate traffic, although you can configure extended access lists to provide some protection.
Enter this command once for each NTP server.
You must configure the router with either this command or the sntp broadcast client command in order to enable SNTP.
SNTP time servers should operate only at the root (stratum 1) of the subnet, and then only in configurations where no other source of sychronization other than a reliable radio or modem time service is available. A stratum 2 server cannot be used as an SNTP time server. The use of SNTP rather than NTP in primary servers should be carefully considered.
The following example enables the router to request and accept NTP packets from the server at 172.21.118.9 and shows sample show sntp command output:
Router(config)# sntp server 172.21.118.9 Router(config)# end Router# %SYS-5-CONFIG: Configured from console by console Router# show sntp SNTP server Stratum Version Last Receive 172.21.118.9 5 3 00:01:02 Synced
You can use the master indexes or search online to find documentation of related commands.
show sntp
sntp broadcast client
Posted: Wed Aug 16 20:46:33 PDT 2000
Copyright 1989-2000©Cisco Systems Inc.