Configuring NTP
he Network Time Protocol (NTP) synchronizes the time of day among a set of distributed time servers and clients so that you can correlate time-specific information, such as system logs, received from the devices in your network.
This section contains payload examples and CLIs to demonstrate how to use the NX-API REST API to configure NTP on Cisco Nexus 3000 and 9000 Series switches and to show how the REST APIs correspond to the CLI commands.
For more information, see the Cisco Nexus 9000 Series NX-OS System Management Configuration Guide, Release 7.x.
Enabling NTP
Enabling NTP
POST http://<IP_Address>/api/mo/sys/fm.json
{
"fmEntity": {
"children": [
{
"fmNtpd": {
"attributes": {
"adminSt": "enabled"
}}}]}}
<System>
<fm-items>
<ntpd-items>
<adminSt>enabled</adminSt>
</ntpd-items>
</fm-items>
</System>
This example enables the NTP feature.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
feature ntp
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Disabling NTP
Disabling NTP
POST http://<IP_Address>/api/mo/sys/fm.json
{
"fmEntity": {
"children": [
{
"fmNtpd": {
"attributes": {
"status": "deleted"
}}}]}}
<System>
<fm-items>
<ntpd-items xc:operation="delete">
</ntpd-items>
</fm-items>
</System>
This example disables the NTP feature.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
no feature ntp
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Configuring General NTP Settings
Configuring General NTP Settings
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"attributes": {
"authSt": "enabled",
"logging": "enabled",
"loggingLevel": "critical",
"master": "enabled",
"masterStratum": "8"
},
"children": [
{
"datetimeNtpAuth": {
"attributes": {
"id": "123",
"isEncrypt": "no",
"key": "MD5_String"
}}}]}}
<System>
<time-items>
<authSt>enabled</authSt>
<logging>enabled</logging>
<loggingLevel>critical</loggingLevel>
<master>enabled</master>
<masterStratum>8</masterStratum>
<auth-items>
<NtpAuth-list>
<id>123</id>
<isEncrypt>false</isEncrypt>
<key>MD5_String</key>
</NtpAuth-list>
</auth-items>
</time-items>
</System>
This example enables NTP authentication and logging.
CLI Commands
The CLI commands and options listed below are used to create the payload example displayed in the pane on the right.
logging level ntp 2ntp authenticatentp authentication-key 123 md5 MD5_Stringntp loggingntp master 8
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Disabling Configured NTP Settings
Disabling Configured NTP Settings
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"attributes": {
"authSt": "disabled",
"logging": "disabled",
"loggingLevel": "critical",
"master": "disabled",
"masterStratum": "8"
},
"children": [
{
"datetimeNtpAuth": {
"attributes": {
"id": "123",
"isEncrypt": "no"
}}}]}}
<System>
<time-items>
<authSt>disabled</authSt>
<logging>disabled</logging>
<loggingLevel>critical</loggingLevel>
<master>disabled</master>
<masterStratum>8</masterStratum>
<auth-items>
<NtpAuth-list>
<id>123</id>
<isEncrypt>false</isEncrypt>
</NtpAuth-list>
</auth-items>
</time-items>
</System>
This example disables NTP authentication and logging.
CLI Commands
The CLI commands and options listed below are used to create the payload example displayed in the pane on the right.
no logging level ntp 2no ntp authenticateno ntp authentication-key 123 md5 MD5_Stringno ntp loggingno ntp master 8
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Configuring NTP Access Restrictions
Configuring NTP Access Restrictions
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeAccessGroup": {
"attributes": {
"peer": "ACL_1",
"queryOnly": "ACL_1234",
"serve": "ACL_12",
"serveOnly": "ACL_123"
}}}]}}
<System>
<time-items>
<accessgroup-items>
<peer>ACL_1</peer>
<queryOnly>ACL_1234</queryOnly>
<serve>ACL_12</serve>
<serveOnly>ACL_123</serveOnly>
</accessgroup-items>
</time-items>
</System>
The access group options are scanned in the following order, from least restrictive to most restrictive. However, if NTP matches a deny ACL rule in a configured peer, ACL processing stops and does not continue to the next access group option.
- The peer keyword enables the device to receive time requests and NTP control queries and to synchronize itself to the servers specified in the access list.
- The serve keyword enables the device to receive time requests and NTP control queries from the servers specified in the access list but not to synchronize itself to the specified servers.
- The serve-only keyword enables the device to receive only time requests from servers specified in the access list.
- The query-only keyword enables the device to receive only NTP control queries from the servers specified in the access list.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
ntp access-group peer ACL_1ntp access-group serve ACL_12ntp access-group serve-only ACL_123ntp access-group query-only ACL_1234
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Configuring NTP Authentication Key
Configuring NTP Authentication Key
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpAuth": {
"attributes": {
"id": "5",
"isEncrypt": "no",
"key": "asdf1234xyz",
"trusted": "yes"
}}}]}}
<System>
<time-items>
<auth-items>
<NtpAuth-list>
<id>5</id>
<isEncrypt>false</isEncrypt>
<key>asdf1234xyz</key>
<trusted>true</trusted>
</NtpAuth-list>
</auth-items>
</time-items>
</System>
This example configures a clear text trusted key as key number 5.
CLI Commands
The CLI commands and options listed below are used to create the payload example displayed in the pane on the right.
ntp authentication-key 5 md5 asdf1234xyzntp trusted-key 5
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Disabling NTP Authentication Key
Disabling NTP Authentication Key
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpAuth": {
"attributes": {
"id": "5",
"isEncrypt": "no",
"trusted": "no"
}}}]}}
<System>
<time-items>
<auth-items>
<NtpAuth-list>
<id>5</id>
<isEncrypt>false</isEncrypt>
<trusted>false</trusted>
</NtpAuth-list>
</auth-items>
</time-items>
</System>
This example disables a clear text trusted key configured as key number 5.
CLI Commands
The CLI commands and options listed below are used to create the payload example displayed in the pane on the right.
no ntp authentication-key 5 md5 asdf1234xyzno ntp trusted-key 5
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Configuring an NTP Server and Peer
Configuring an NTP Server and Peer
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpProvider": {
"attributes": {
"keyId": "123",
"maxPoll": "4",
"minPoll": "4",
"name": "4.3.2.1",
"preferred": "yes",
"provT": "server",
"vrf": "VRF_1"
}}},{
"datetimeNtpProvider": {
"attributes": {
"keyId": "123",
"maxPoll": "4",
"minPoll": "4",
"name": "1.2.3.4",
"preferred": "yes",
"provT": "peer",
"vrf": "VRF_1"
}}}]}}
<System>
<time-items>
<prov-items>
<NtpProvider-list>
<name>4.3.2.1</name>
<keyId>123</keyId>
<maxPoll>4</maxPoll>
<minPoll>4</minPoll>
<preferred>true</preferred>
<provT>server</provT>
<vrf>VRF_1</vrf>
</NtpProvider-list>
<NtpProvider-list>
<name>1.2.3.4</name>
<keyId>123</keyId>
<maxPoll>4</maxPoll>
<minPoll>4</minPoll>
<preferred>true</preferred>
<provT>peer</provT>
<vrf>VRF_1</vrf>
</NtpProvider-list>
</prov-items>
</time-items>
</System>
This example forms an association with an NTP server.
CLI Commands
The CLI commands and options listed below are used to create the payload example displayed in the pane on the right.
ntp peer 1.2.3.4 key 123 maxpoll 4 minpoll 4 prefer use-vrf VRF_1ntp server 4.3.2.1 key 123 maxpoll 4 minpoll 4 prefer use-vrf VRF_1
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Configuring the NTP Source IP Address
Configuring the NTP Source IP Address
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpSrcIp": {
"attributes": {
"srcIp": "1.2.3.4",
"srcIpv6": "0::0"
}}}]}}
<System>
<time-items>
<srcIp-items>
<srcIp>1.2.3.4</srcIp>
<srcIpv6>0::0</srcIpv6>
</srcIp-items>
</time-items>
</System>
This example sets the NTP source IP address to 1.2.3.4.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
ntp source 1.2.3.4
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Deleting a Configured NTP Source IP Address
Deleting a Configured NTP Source IP Address
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpSrcIp": {
"attributes": {
"srcIp": "0.0.0.0"
}}}]}}
<System>
<time-items>
<srcIp-items>
<srcIp>0.0.0.0</srcIp>
</srcIp-items>
</time-items>
</System>
This example unsets the NTP source IP address that was set to 1.2.3.4.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
no ntp source 1.2.3.4
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Configuring the NTP Source IP Address (Ipv6)
Configuring the NTP Source IP Address (Ipv6)
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpSrcIp": {
"attributes": {
"srcIp": "0.0.0.0",
"srcIpv6": "1::2"
}}}]}}
<System>
<time-items>
<srcIp-items>
<srcIp>0.0.0.0</srcIp>
<srcIpv6>1::2</srcIpv6>
</srcIp-items>
</time-items>
</System>
This example sets the NTP source IP address to 1.2.3.4.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
ntp source 1::2
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Deleting a Configured NTP Source IP Address (Ipv6)
Deleting a Configured NTP Source IP Address (Ipv6)
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpSrcIp": {
"attributes": {
"srcIp": "0.0.0.0"
}}}]}}
<System>
<time-items>
<srcIp-items>
<srcIp>0.0.0.0</srcIp>
</srcIp-items>
</time-items>
</System>
This example unsets the NTP source IP address that was set to 1.2.3.4.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
no ntp source 1::2
See the NX-API DME Model Reference for detailed information about classes and attributes described in the payload: https://developer.cisco.com/site/nx-os/docs/nexus-model-reference/
For information about using the payloads, see the Cisco Nexus 9000 Series NX-OS Programmability Guide https://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-programming-reference-guides-list.html
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Configuring the NTP Source Interface
Configuring the NTP Source Interface
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpSrcIf": {
"attributes": {
"srcIf": "eth2/1"
}}}]}}
<System>
<time-items>
<srcIp-items>
<srcIp>0.0.0.0</srcIp>
</srcIp-items>
</time-items>
</System>
This example sets the NTP source interface to Ethernet port 2/1.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
ntp source-interface ethernet 2/1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html
Deleting the NTP Source Interface
Deleting the NTP Source Interface
POST http://<IP_Address>/api/mo/sys/time.json
{
"datetimeClkPol": {
"children": [
{
"datetimeNtpSrcIf": {
"attributes": {
"status": "deleted"
}}}]}}
<System>
<time-items>
<srcIf-items xc:operation="delete">
</srcIf-items>
</time-items>
</System>
This example deletes the NTP source interface set to Ethernet port 2/1.
CLI Command
The CLI command below is the equivalent to the payload example displayed in the pane on the right.
no ntp source-interface ethernet 2/1
For other CLI options, see the Cisco Nexus 9000 Series NX-OS Command Reference: http://www.cisco.com/c/en/us/support/switches/nexus-9000-series-switches/products-command-reference-list.html