RE: NTP Authentications

From: Tracy Blackmore (TracyB@xxxxxxxxx)
Date: Tue Nov 14 2000 - 13:21:57 GMT-3

• Next message: Steve McNutt: "RE: a different twist on ISDN coming up?"
• Previous message: Greg Ferro: "Re: a different twist on ISDN coming up?"
• Maybe in reply to: Sam Munzani: "NTP Authentications"
• Next in thread: Sam Munzani: "Re: NTP Authentications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Ok, I'll eat some crow! If you have a master coded, it will provide time to
any client. When you add in the key values to the client, it will ONLY
accept the time from a master (or peer) that has the key as well. In normal
NTP servers, you can also require that the clients authenticate to the
master but it doesn't look like Cisco's implementation has that ability.
Sorry for the confusion.

The master should read:

Ntp authentication
Ntp authentication-key 1 md5 keyname
Ntp master

The client will be:

Ntp authentication
Ntp authentication-key 1 md5 keyname
Ntp server x.x.x.x key 1

Tracy W. Blackmore
T.S. Lad Consulting
1026 E Stanford Ave.
Gilbert, AZ., 85234
(480)558-0472

                -----Original Message-----
                From: Sam Munzani [mailto:sam@munzani.com]
                Sent: Tuesday, November 14, 2000 10:51 AM
                To: Tracy Blackmore
                Subject: Re: NTP Authentications

                 << File: r6.TXT >> << File: r3.TXT >> << File: r2.TXT >>
O.K. Here it comes.
                R6 is NTP master, I am using authentication on R2 with R6
and not using any
                authentication on R3 to get time from R6.

                R3 still gets time without any authentication keys.

                Sam
                ----- Original Message -----
                From: "Tracy Blackmore" <TracyB@TSLAD.com>
                To: "'Sam Munzani'" <sam@munzani.com>
                Sent: Monday, November 13, 2000 4:01 AM
                Subject: RE: NTP Authentications

> Without seeing your config, it's hard to say. If you have
the following,
                it
> should work (I have 11.2(23)).
>
> NTP AUTHENTICATE
> NTP AUTHENTICATION-KEY xx MD5 key
> NTP TRUSTED-KEY xx
>
> Once I configured the client, I had to reload it but it
didn't work
                without
> the lines above.
>
> -----Original Message-----
> From: Sam Munzani [mailto:sam@munzani.com]
> Sent: Monday, November 13, 2000 2:18 PM
> To: ccielab@groupstudy.com
> Subject: NTP Authentications
>
>
> Hi Guys,
>
> This is discussed on group so many time but there is no
definate answer on
> archives.
>
> 1. NTP master serves time to authenticated clients only.
All non
> authenticated clients should not get time from master.
>
> I tried and it gets time even if you have wrong
authentication key on
> client. Any catch in this one?
>
> Sam

• Next message: Steve McNutt: "RE: a different twist on ISDN coming up?"
• Previous message: Greg Ferro: "Re: a different twist on ISDN coming up?"
• Maybe in reply to: Sam Munzani: "NTP Authentications"
• Next in thread: Sam Munzani: "Re: NTP Authentications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:45 GMT-3