Showing results for 
Search instead for 
Did you mean: 
Create Post
Level 7



I have a kind of complicated script I need to run and I'm not sure if it's possible or the best way to do it. I need to update NTP servers across every device (about 500). All devices are Cisco but there are some Switches (nexus and catalyst), routers and ASA. I have no problem adding the new servers, in fact this has mostly been done already, but I'm having issues removing the old one as there was no standard before so there is no way of just stating something like "if RegEx expression 'NTP server' is found, run script 'no NTP server" as the IP I need to remove can vary.

So let's say the new NTP servers have an IP of and Is there a way of running something to search for instances of "ntp server" but ignore the "ntp server" and "ntp server", and then to take that output and "no" them?



Labels (2)
0 Kudos
3 Replies
Level 12

This is fairly simply to due with compliance policies. I only use 2 rules to fix this for all of my Cisco IOS/IOS XE devices.

First rule is to remove any non-approved NTP servers


The other is to input the new correct servers.


Setup in this way I have been able to turn on auto-remediation for them and having had an issue since. Just make sure you don't apply this policy to your NTP servers if you are using a router for that.

Let me know if this works out for you!

Level 8

I don't know the exact SW command syntax, but if the old servers are all in private IP space, you can search for ranges of IP addresses to remove, and just avoid the new addresses. - (skip .1 and .2) = 10\.0\.0\.([3-9]|[1-9]\d|1\d\d|2[0-4]\d|25[0-4])

Thankfully there is an online tool for creating IP ranges here:

It puts a ^ at the beginning and a $ at the end of each expression. They specify 'start of line' and 'end of line' respectively. You probably want to leave those off.

The longer the range of IPs, the longer the expression, so if the old servers use random Internet-routable IPs, this method might get a little crazy. In that case, it might be better to simply search for all entries (ntp server .*) and save them to a list. Then you can create multiple smaller ranges and make a few passes.

Just for fun ... -


0 Kudos
Community Manager
Community Manager

I'm sure that there's a way to do it, but when I did this for TACACS+ servers at my last company, I elected to do it the simple way.

My script was basically:

no ntp server
no ntp server
no ntp server
(repeat for however many you might have)
ntp server
ntp server
ntp server
(repeat for the new ones and put them in the preferred order)
"Shoot for the stars to reach the moon"