Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
515
Views
5
Helpful
3
Replies

NTP authentication issue

limtohsoon
Level 1
Level 1

‎07-11-2007 10:29 PM - edited ‎03-03-2019 05:49 PM

Hi Sir,

I have an NTP issue. Router R4 is an NTP master and router R2 is an NTP client.

R4

--

!

interface Loopback0

ip address 200.0.x.x.255.255.255

!

clock timezone CST -6

ntp source Loopback0

ntp master

!

R2

--

!

clock timezone CST -6

ntp authentication-key 1 md5 xxx

ntp authenticate

ntp trusted-key 1

ntp update-calendar

ntp server 200.0.0.4

!

R2#sh ntp sta

Clock is synchronized, stratum 9, reference is 200.0.0.4

nominal freq is 250.0000 Hz, actual freq is 250.0053 Hz, precision is 2**18

reference time is CA410B64.43C1EEE4 (14:19:48.264 CST Thu Jul 12 2007)

clock offset is -10.6025 msec, root delay is 33.62 msec

root dispersion is 14.45 msec, peer dispersion is 3.81 msec

R2#

Why, after enabling authentication on R2, R2 still synchronizes to R4? Do I need to configure similar authentication mechanism on R4? I have tried configure a different MD5 key on R4 and yet, R2 still synchronizes to R4 !

Can you please advise how NTP encrypted authentication is configured?

Thank you.

B.Rgds,

Lim TS

Labels:
0 Helpful
3 Replies 3

Edison Ortiz
Hall of Fame
Hall of Fame

‎07-12-2007 07:28 AM

NTP Authentication is enforced by the NTP server, on this sample, R4 is the server.

In order to have authentication going between these 2 devices, just enter the following commands in R4

ntp authentication-key 1 md5 1419061B01007F 7

ntp authenticate

ntp trusted-key 1

0 Helpful

Pavel Bykov
Level 5
Level 5

‎07-14-2007 12:07 AM

Hello Toh Soon Lim.

Yes, as you say, NTP authentication's purpose is to identify if the server is trustworthy.

So when MASTER has wrong password, CLIENT will not synchronize with it.

You have a mistake in your configuration though. For client (R2) to use authentication, you have to type:

ntp server 200.0.0.4 key 1

Without the "key 1" at the end, authentication will not be used.

limtohsoon
Level 1
Level 1
In response to Pavel Bykov

‎07-14-2007 08:44 AM

Hi,

You are right! For R2, I need to type "ntp server 200.0.0.4 key 1". With this command, R2 will not synchronize with R4 if R4's MD5 authentication key is different.

I'm confused with the command "ntp trusted-key 1". How is it related to other NTP authentication commands?

Thank you.

B.Rgds,

Lim TS

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card