From: David H. Brown (DHBrown@xxxxxxxxxxxx)
Date: Sun Jul 30 2000 - 18:27:50 GMT-3
This is a working scenario (the password is "cisco", even though the
IOS converted it). It might pay for me to try with the master being a
different version of IOS, but this works. It helped to debug NTP
everything, you can see the failures.
Master: version 12.0.(3)T3
ntp authentication-key 1 md5 110A1016141D 7
! that was keyed as "md5 cisco" ^^^^^^^^
ntp authenticate
ntp trusted-key 1
ntp master
Client 1: version 11.3(1)
ntp authentication-key 1 md5 01100F175804 7
! that was keyed as "md5 cisco" ^^^^^^^^
ntp authenticate
ntp trusted-key 1
ntp server 170.100.11.1 key 1
Client 2: version 12.0.(3)T3
ntp authentication-key 1 md5 045802150C2E 7
! that was keyed as "md5 cisco" ^^^^^^^^
ntp authenticate
ntp trusted-key 1
ntp server 170.100.11.1 key 1
Client 3: version 11.2(12)
ntp authentication-key 1 md5 0822455D0A16 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179862
ntp server 170.100.11.1 key 1
Client 4: version 11.2(8)
ntp authentication-key 1 md5 060506324F41 7
ntp authenticate
ntp trusted-key 1
ntp server 170.100.11.1 key 1
On the doc CD -
http://127.0.0.1:8080/cc/td/doc/product/software/ios112/112cg_cr/1cboo
k/1csysmgt.htm#xtocid513515
or
http://127.0.0.1:8080/cc/td/doc/product/software/ios112/112cg_cr/1cboo
k/1csysmgt.htm
David
(RTP lab 8/6/00)
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
John Conzone
Sent: Sunday, July 30, 2000 4:10 PM
To: Simon Hopkins; Andrew
Cc: ccielab
Subject: Re: NTP authentication
Simon, the problem is that if I enable authentication on the
server side, the clients still connect whether I specify
authentication on the client or not. I debug ntp auth and see
NOTHING. I debug ntp packets and see the same whether I have
authentication on or not.
I'm thinking that if I enable authentication on the server then
none of the clients should be able to sync without authentication.
Like OSPF or RIP2.
I have searched CCO and TAC database for any complete NTP
authentication configs and have found none. I find that curious. I
can't find any, not even partial using NTP authentication.
----- Original Message -----
From: Simon Hopkins
To: Andrew
Cc: John Conzone ; ccielab
Sent: Sunday, July 30, 2000 3:09 PM
Subject: Re: NTP authentication
A common problem is using the "ntp server x.x.x.x" command without
the "key"
e.g
ntp authenticate
ntp trusted-key 1
ntp authentication-key 1 md5 cisco
ntp server x.x.x.x key 1
Andrew wrote:
Can you show us what configuration you are using?
At 12:44 PM 7/30/00 -0400, John Conzone wrote:
I have 6 routers, one as NTP Master 1 and the others as NTP
server X.X.X.X (ip of master).
I have no problem getting the other 5 to pull time from the master
and clocks all synch up.
However, I cannot get authentication to work. The clients synch
to the master regardless of whether authentication is on or not. I
can't find any good examples of NTP authentication configuration.
I'm sure I'm implementing wrong. Any help?
Thanks!
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:23:59 GMT-3