NTP authentication issue

Unanswered Question
Jul 11th, 2007

Hi Sir,

I have an NTP issue. Router R4 is an NTP master and router R2 is an NTP client.

R4

--

!

interface Loopback0

ip address 200.0.x.x.255.255.255

!

clock timezone CST -6

ntp source Loopback0

ntp master

!

R2

--

!

clock timezone CST -6

ntp authentication-key 1 md5 xxx

ntp authenticate

ntp trusted-key 1

ntp update-calendar

ntp server 200.0.0.4

!

R2#sh ntp sta

Clock is synchronized, stratum 9, reference is 200.0.0.4

nominal freq is 250.0000 Hz, actual freq is 250.0053 Hz, precision is 2**18

reference time is CA410B64.43C1EEE4 (14:19:48.264 CST Thu Jul 12 2007)

clock offset is -10.6025 msec, root delay is 33.62 msec

root dispersion is 14.45 msec, peer dispersion is 3.81 msec

R2#

Why, after enabling authentication on R2, R2 still synchronizes to R4? Do I need to configure similar authentication mechanism on R4? I have tried configure a different MD5 key on R4 and yet, R2 still synchronizes to R4 !

Can you please advise how NTP encrypted authentication is configured?

Thank you.

B.Rgds,

Lim TS

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Edison Ortiz Thu, 07/12/2007 - 07:28

NTP Authentication is enforced by the NTP server, on this sample, R4 is the server.

In order to have authentication going between these 2 devices, just enter the following commands in R4

ntp authentication-key 1 md5 1419061B01007F 7

ntp authenticate

ntp trusted-key 1

Pavel Bykov Sat, 07/14/2007 - 00:07

Hello Toh Soon Lim.

Yes, as you say, NTP authentication's purpose is to identify if the server is trustworthy.

So when MASTER has wrong password, CLIENT will not synchronize with it.

You have a mistake in your configuration though. For client (R2) to use authentication, you have to type:

ntp server 200.0.0.4 key 1

Without the "key 1" at the end, authentication will not be used.

limtohsoon Sat, 07/14/2007 - 08:44

Hi,

You are right! For R2, I need to type "ntp server 200.0.0.4 key 1". With this command, R2 will not synchronize with R4 if R4's MD5 authentication key is different.

I'm confused with the command "ntp trusted-key 1". How is it related to other NTP authentication commands?

Thank you.

B.Rgds,

Lim TS

Actions

This Discussion