RE: NTP authentication

From: David H. Brown (DHBrown@xxxxxxxxxxxx)
Date: Mon Jul 31 2000 - 20:55:33 GMT-3

• Next message: omoruyi usuanlele: "Lab Date Swap - Sept 6th"
• Previous message: Lawrence Dwyer: "Re: NTP authentication"
• Maybe in reply to: John Conzone: "NTP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Sam,

Several of us have it working with either as well. But, can you PREVENT a
non-authenticating peer (a router with no authentication statement) from
syncing with the server, WITHOUT using an access-group on the server? If
so, please post the configs.

David
(RTP lab 8/6)

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Sam Munzani
Sent: Monday, July 31, 2000 10:51 AM
To: Derek Small
Cc: John Conzone; Simon Hopkins; Andrew; ccielab
Subject: Re: NTP authentication

Wrong. I have it working with NTP server command.

On Sun, 30 Jul 2000, Derek Small wrote:

> You cannot use the "ntp server" command if you want to do authentication.
Use the "NTP peer" command on both server and client to get it to work
correctly.
>
> Derek Small
> CCIE # 5832
> dwsmall@fatkid.com
>
>
> ----- Original Message -----
> From: John Conzone
> To: Simon Hopkins ; Andrew
> Cc: ccielab
> Sent: Sunday, July 30, 2000 4:09 PM
> Subject: Re: NTP authentication
>
>
> Simon, the problem is that if I enable authentication on the server
side, the clients still connect whether I specify authentication on the
client or not. I debug ntp auth and see NOTHING. I debug ntp packets and
see the same whether I have authentication on or not.
> I'm thinking that if I enable authentication on the server then none
of the clients should be able to sync without authentication. Like OSPF or
RIP2.
> I have searched CCO and TAC database for any complete NTP
authentication configs and have found none. I find that curious. I can't
find any, not even partial using NTP authentication.
> ----- Original Message -----
> From: Simon Hopkins
> To: Andrew
> Cc: John Conzone ; ccielab
> Sent: Sunday, July 30, 2000 3:09 PM
> Subject: Re: NTP authentication
>
>
> A common problem is using the "ntp server x.x.x.x" command without the
"key"
> e.g
> ntp authenticate
> ntp trusted-key 1
> ntp authentication-key 1 md5 cisco
> ntp server x.x.x.x key 1
>
>
> Andrew wrote:
>
> Can you show us what configuration you are using?
> At 12:44 PM 7/30/00 -0400, John Conzone wrote:
>
> I have 6 routers, one as NTP Master 1 and the others as NTP
server X.X.X.X (ip of master).
> I have no problem getting the other 5 to pull time from the master
and clocks all synch up.
> However, I cannot get authentication to work. The clients
synch to the master regardless of whether authentication is on or not. I
can't find any good examples of NTP authentication configuration. I'm sure
I'm implementing wrong. Any help?
> Thanks!
>

• Next message: omoruyi usuanlele: "Lab Date Swap - Sept 6th"
• Previous message: Lawrence Dwyer: "Re: NTP authentication"
• Maybe in reply to: John Conzone: "NTP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:00 GMT-3