Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Anonymous
N/A

NTP Authentication Issue

While I am configuring C7609 route or C6509 switch as ntp server and Cisco 2811 router as ntp client,ntp was not working if the authentication is configured in client side, when removing authentication part from the client ONLY ntp is working, below are attached config:

NTP Server:     

HQ-7609#sh run | inc ntp

ntp authentication-key 1 md5 <KEY>

ntp authenticate

ntp trusted-key 1

ntp clock-period 17179881

ntp source Loopback0

ntp master 2

ntp server 10.10.5.2 key 1

NTP Client:

R1#sh run | inc ntp

ntp authentication-key 1 md5 <KEY>

ntp authenticate

ntp clock-period 17179903

ntp server 10.10.5.2 key 1

Please advice....

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

Re: NTP Authentication Issue

Then it's a really strange config ... Try it the "traditional" way:

Server:

ntp authentication-key 1 md5

ntp trusted-key 1

ntp master

Client:

ntp authentication-key 1 md5

ntp authenticate

ntp server 10.10.5.2 key 1

ntp trusted-key 1

After some waiting (NTP is *really* slow) post the output of "show ntp associations".

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
7 REPLIES
VIP Purple

NTP Authentication Issue

The client also needs "ntp trusted-key 1".

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Anonymous
N/A

NTP Authentication Issue

Add the command "ntp trusted-key 1" to the client also the same. my question why the client synchronized with NTP server when I remove the authentication part from the client?

VIP Purple

NTP Authentication Issue

if you remove "ntp authenticate" the client just doesn't care about authentication and always can synchronize with a compatible server.

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Anonymous
N/A

NTP Authentication Issue

Ok, but why when authentication exist the client doesn't syncronized with the server ?

VIP Purple

NTP Authentication Issue

What is you actual config? It seems that HQ-7609 is not the NTP-server as that device also synchonizes to IP 10.10.5.2. And how is the NTP-config for that device?

Additionally, if you synchronize to an external source, you don't need "ntp master".

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
Anonymous
N/A

NTP Authentication Issue

IP 10.10.5.2 is loopback address of C7609 router and at the same time it is a master.

VIP Purple

Re: NTP Authentication Issue

Then it's a really strange config ... Try it the "traditional" way:

Server:

ntp authentication-key 1 md5

ntp trusted-key 1

ntp master

Client:

ntp authentication-key 1 md5

ntp authenticate

ntp server 10.10.5.2 key 1

ntp trusted-key 1

After some waiting (NTP is *really* slow) post the output of "show ntp associations".

-- 
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni


--
Don't stop after you've improved your network! Improve the world by lending money to the working poor: http://www.kiva.org/invitedby/karsteni
221
Views
0
Helpful
7
Replies