Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

NTP authentication issue

Hi Sir,

I have an NTP issue. Router R4 is an NTP master and router R2 is an NTP client.

R4

--

!

interface Loopback0

ip address 200.0.x.x.255.255.255

!

clock timezone CST -6

ntp source Loopback0

ntp master

!

R2

--

!

clock timezone CST -6

ntp authentication-key 1 md5 xxx

ntp authenticate

ntp trusted-key 1

ntp update-calendar

ntp server 200.0.0.4

!

R2#sh ntp sta

Clock is synchronized, stratum 9, reference is 200.0.0.4

nominal freq is 250.0000 Hz, actual freq is 250.0053 Hz, precision is 2**18

reference time is CA410B64.43C1EEE4 (14:19:48.264 CST Thu Jul 12 2007)

clock offset is -10.6025 msec, root delay is 33.62 msec

root dispersion is 14.45 msec, peer dispersion is 3.81 msec

R2#

Why, after enabling authentication on R2, R2 still synchronizes to R4? Do I need to configure similar authentication mechanism on R4? I have tried configure a different MD5 key on R4 and yet, R2 still synchronizes to R4 !

Can you please advise how NTP encrypted authentication is configured?

Thank you.

B.Rgds,

Lim TS

3 REPLIES
Hall of Fame Super Bronze

Re: NTP authentication issue

NTP Authentication is enforced by the NTP server, on this sample, R4 is the server.

In order to have authentication going between these 2 devices, just enter the following commands in R4

ntp authentication-key 1 md5 1419061B01007F 7

ntp authenticate

ntp trusted-key 1

Silver

Re: NTP authentication issue

Hello Toh Soon Lim.

Yes, as you say, NTP authentication's purpose is to identify if the server is trustworthy.

So when MASTER has wrong password, CLIENT will not synchronize with it.

You have a mistake in your configuration though. For client (R2) to use authentication, you have to type:

ntp server 200.0.0.4 key 1

Without the "key 1" at the end, authentication will not be used.

New Member

Re: NTP authentication issue

Hi,

You are right! For R2, I need to type "ntp server 200.0.0.4 key 1". With this command, R2 will not synchronize with R4 if R4's MD5 authentication key is different.

I'm confused with the command "ntp trusted-key 1". How is it related to other NTP authentication commands?

Thank you.

B.Rgds,

Lim TS

244
Views
5
Helpful
3
Replies