From: John Conzone (jkconzone@xxxxxxxx)
Date: Tue Aug 01 2000 - 18:49:52 GMT-3
You can prevent a non authentication peer from syncing with a server
with auth, yes, but not from syncing with a master.
I'll resend my configs from Sunday.
----- Original Message -----
From: "Sam Munzani" <sam@chinet.com>
To: "David H. Brown" <DHBrown@Pipeline.com>
Cc: "'Derek Small'" <d.small@inetmail.att.net>; "'ccielab'"
<ccielab@groupstudy.com>; "'John Conzone'" <jkconzone@home.com>; "'Simon
Hopkins'" <simon@muddypaws.net>; "'Andrew'" <arousch@home.com>
Sent: Tuesday, August 01, 2000 10:26 AM
Subject: RE: NTP authentication
> That's good one. I am using access-group to prevent other people. You may
> be right on NTP server authentication then.
>
> On Mon, 31 Jul 2000, David H. Brown wrote:
>
> > Sam,
> >
> > Several of us have it working with either as well. But, can you PREVENT
a
> > non-authenticating peer (a router with no authentication statement) from
> > syncing with the server, WITHOUT using an access-group on the server?
If
> > so, please post the configs.
> >
> > David
> > (RTP lab 8/6)
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > Sam Munzani
> > Sent: Monday, July 31, 2000 10:51 AM
> > To: Derek Small
> > Cc: John Conzone; Simon Hopkins; Andrew; ccielab
> > Subject: Re: NTP authentication
> >
> >
> > Wrong. I have it working with NTP server command.
> >
> > On Sun, 30 Jul 2000, Derek Small wrote:
> >
> > > You cannot use the "ntp server" command if you want to do
authentication.
> > Use the "NTP peer" command on both server and client to get it to work
> > correctly.
> > >
> > > Derek Small
> > > CCIE # 5832
> > > dwsmall@fatkid.com
> > >
> > >
> > > ----- Original Message -----
> > > From: John Conzone
> > > To: Simon Hopkins ; Andrew
> > > Cc: ccielab
> > > Sent: Sunday, July 30, 2000 4:09 PM
> > > Subject: Re: NTP authentication
> > >
> > >
> > > Simon, the problem is that if I enable authentication on the
server
> > side, the clients still connect whether I specify authentication on the
> > client or not. I debug ntp auth and see NOTHING. I debug ntp packets
and
> > see the same whether I have authentication on or not.
> > > I'm thinking that if I enable authentication on the server then
none
> > of the clients should be able to sync without authentication. Like OSPF
or
> > RIP2.
> > > I have searched CCO and TAC database for any complete NTP
> > authentication configs and have found none. I find that curious. I can't
> > find any, not even partial using NTP authentication.
> > > ----- Original Message -----
> > > From: Simon Hopkins
> > > To: Andrew
> > > Cc: John Conzone ; ccielab
> > > Sent: Sunday, July 30, 2000 3:09 PM
> > > Subject: Re: NTP authentication
> > >
> > >
> > > A common problem is using the "ntp server x.x.x.x" command without
the
> > "key"
> > > e.g
> > > ntp authenticate
> > > ntp trusted-key 1
> > > ntp authentication-key 1 md5 cisco
> > > ntp server x.x.x.x key 1
> > >
> > >
> > > Andrew wrote:
> > >
> > > Can you show us what configuration you are using?
> > > At 12:44 PM 7/30/00 -0400, John Conzone wrote:
> > >
> > > I have 6 routers, one as NTP Master 1 and the others as
NTP
> > server X.X.X.X (ip of master).
> > > I have no problem getting the other 5 to pull time from the
master
> > and clocks all synch up.
> > > However, I cannot get authentication to work. The clients
> > synch to the master regardless of whether authentication is on or not. I
> > can't find any good examples of NTP authentication configuration. I'm
sure
> > I'm implementing wrong. Any help?
> > > Thanks!
> > >
> >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:24:20 GMT-3