Re: NTP Authentication

From: Derek Small (Fuse) (dwsmall@xxxxxxxxxx)
Date: Mon Apr 17 2000 - 23:54:47 GMT-3

• Next message: Brian Buck: "RE: The dark side of CCIE"
• Previous message: Hedlund, Brad: "RE: The dark side of CCIE"
• Maybe in reply to: Ron.Fuller@xxxxxx: "NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
It took me a while but I think I figured it out. (It you have not already)

You need to take the "ntp master" statement off of the master time server.
Instead use "ntp peer" statements on both the client and server.

! NTP Server router
interface Serial0
 description Connection to downstream client
 ip address 192.19.16.4 255.255.255.0
!
interface Serial1
 description Connection to upstream NTP master
 ip address 192.19.15.4 255.255.255.0
!
ntp authentication-key 1 md5 060506324F41 7
ntp authenticate
ntp clock-period 17179834
ntp server 192.19.15.1
ntp peer 192.19.16.1 key 1
end

! NTP Client router
interface Serial1/2
 ip address 192.19.16.1 255.255.255.0
 clockrate 64000
!
ntp authentication-key 1 md5 094F471A1A0A 7
ntp authenticate
ntp clock-period 17208221
ntp peer 192.19.16.4 key 1
no scheduler allocate
end

This one would not sync up unless both routers had the same password
configured.

Thank You

Derek Small
dwsmall@fatkid.com

----- Original Message -----
From: <Ron.Fuller@3x.com>
To: <ccielab@groupstudy.com>
Sent: Monday, April 17, 2000 6:49 PM
Subject: NTP Authentication

> I'm about ready to pull my hair out. What is the big secret with getting
> NTP authentication to work? I setup one of my 4500's as an NTP server and
> have a few other routers configured to get their time from it. Regardless
> of the config, it all works fine, with or without authentication. Here's
a
> cut of my configs:
>
> 4500 (NTP Master router)
> ntp authentication-key 1 md5 051F0F0224 7
> ntp authenticate
> ntp trusted-key 1
> ntp master 1
>
>
> 2513 Router:
> ntp clock-period 17179855
> ntp server 172.16.1.249
>
> And the results of the "sh ntp assocaitions" and "sh ntp status"
>
> R6#sh ntp ass
> address ref clock st when poll reach delay offset
> disp
> *~172.16.1.249 .LOCL. 1 29 64 377 7.4 -9.33
> 0.7
> * master (synced), # master (unsynced), + selected, - candidate, ~
> configured
>
> R6#sh ntp sta
> Clock is synchronized, stratum 2, reference is 172.16.1.249
> nominal freq is 250.0000 Hz, actual freq is 250.0002 Hz, precision is
2**19
> reference time is BCA61473.8EEABC3B (18:53:39.558 EST Mon Apr 17 2000)
> clock offset is -9.3339 msec, root delay is 7.37 msec
> root dispersion is 10.04 msec, peer dispersion is 0.67 msec
>
> Any suggestions or hints would be greatly appreciated.
>
> The NTP master router is a 4500 running 12.0.4 and the remote is a 2513
> running 12.0.4
>
> Halifax is only 9 days away!
>
> Ron Fuller, CCDP, CCNP-ATM, CCNP-Security, MCNE, MCP
> 3X Corporation
> rfuller@3x.com
>

• Next message: Brian Buck: "RE: The dark side of CCIE"
• Previous message: Hedlund, Brad: "RE: The dark side of CCIE"
• Maybe in reply to: Ron.Fuller@xxxxxx: "NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:14 GMT-3