You want to control NTP services on a per-interface basis.

Depending on the level of access control required, you can use the ntp disable command to prevent the router from providing NTP services on a particular interface:

Router#configure terminal 
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#interface Serial0/1
Router(config-if)#ntp disable
Router(config-if)#end
Router#

You can also prevent the router from providing NTP services on an individual interface with access control lists:

Router#configure terminal
Enter configuration commands, one per line.  End with CNTL/Z.
Router(config)#access-list 107 deny udp any eq 123 any eq 123
Router(config)#access-list 107 permit ip any any 
Router(config)#interface Serial0/1
Router(config-if)#ip access-group 107 in
Router(config-if)#end
Router#

Both examples above effectively disable the router from providing NTP services through the interface Serial0/1, although the inbound access-list provides more flexibility.

By default, when you enable NTP services on a Cisco router, it automatically becomes an NTP server and provides time services on all interfaces. However, you may want to disable NTP services on one or more of the router’s interfaces. For instance, you may want to prevent your router from providing NTP services to devices outside of your organization. You could accomplish this by disabling NTP on router interfaces that connect to these external ...