RE: NTP Authentication

From: Dave Oakman (doakman@xxxxxxxx)
Date: Tue Aug 24 1999 - 20:37:19 GMT-3

• Next message: Richardson, Cheryl: "RE: ECP1 fom CCCI.COM!"
• Previous message: Derek Fage: "NTP Authentication"
• Maybe in reply to: Derek Fage: "NTP Authentication"
• Next in thread: Derek Fage: "RE: NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Derek,

On R1
        
r1#show ntp associations detail
192.168.1.33 configured, authenticated, our_master, sane, valid, stratum 3
ref ID 127.127.7.1, time AF3D15B1.343CF03A (23:07:29.204 UTC Mon Mar 1 1993)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 374, sync dist 27.771
delay 50.26 msec, offset -0.4073 msec, dispersion 2.61
precision 2**19, version 3
org time AF3D1649.CDF703D3 (23:10:01.804 UTC Mon Mar 1 1993)
rcv time AF3D1649.D6F34282 (23:10:01.839 UTC Mon Mar 1 1993)
xmt time AF3D1649.C6CE1F87 (23:10:01.776 UTC Mon Mar 1 1993)
filtdelay = 69.15 58.73 52.60 52.15 50.26 51.27 52.38 52.93
filtoffset = 0.62 2.34 0.66 0.63 -0.41 -0.10 0.05 0.63
filterror = 0.02 0.99 1.97 1.98 2.00 2.01 2.03 2.04

You do bring up a question that I have where and when would you use the ntp tru
sted-key?
The trusted key must be the same # as the authentication key. if a key is speci
fied with the server statement
then all 3 must be the same. what value does the trusted key add ?

Where are you taking you test ? I will be in Halifax on sept 1-2.

ttfn
daveO
        

 -----Original Message-----
From: Derek Fage [SMTP:DerekF@itexjsy.com]
Sent: Tuesday, August 24, 1999 5:47 PM
To: ccielab@groupstudy.com
Subject: NTP Authentication

Hi,

I'm having trouble in getting to grips with NTP autentication.

The commands I initially entered were as follows (R2 is server, R1 is
client):

hostname R2
clock timezone GMT -0
clock timezone BST recurring
ntp authentication-key 1 md5 ccie
ntp master 5

hostname R1
clock timezone GMT -0
clock timezone BST recurring
ntp authentication-key 1 md5 ccie
ntp authenticate
ntp server 192.168.2.10

This caused the client to sync, but I do not think any authentication took
place.

Changing the ntp server command to 'ntp server 192.168.2.10 key 1' causes
the client to never sync. I just keep getting the following debug messages
(when debugging authentication and validity)

Adding the 'ntp trusted 1' to the client seems to get it to synchronise OK
now

So I think I've got it working now, but just wanted to get some feedback if
anybnody thinks I have it wrong.

>From what I understand, all you do is the folowing:
- setup an authentication key on the server and client
- add the ntp authenticate command to the client only
- add the ntp trusted-key command to the client only
- add the key parameter to the ntp server command on the client

Cheers,

Derek (9 days...)

• Next message: Richardson, Cheryl: "RE: ECP1 fom CCCI.COM!"
• Previous message: Derek Fage: "NTP Authentication"
• Maybe in reply to: Derek Fage: "NTP Authentication"
• Next in thread: Derek Fage: "RE: NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:21:47 GMT-3