RE: NTP Authentication

From: Alan Basinger (abasinge@xxxxxxxxxx)
Date: Fri Mar 02 2001 - 23:56:25 GMT-3

• Next message: JZ: "How to verify VAD of voip ?"
• Previous message: Arthayuth.B@xxxxxxxxxxxxxxxxxx: "RE: BGP problem"
• Maybe in reply to: Darren Ward: "NTP Authentication"
• Next in thread: Darren Ward: "Re: NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Darren,
NTP will only use authentication between peers not with the Master and
peers.
Here is a config that works but still no auth. I thought about setting a
peer statement in the master peering with the R2 as well as the master
statement, but when I tried it showed configured but not sync. Seemed as if
auth worked in my debugs though? Any ideas out there? Also how do you get
the clock to stay set it always reverts back to 1993 after reboot?

HTH

Alan

ntp authentication-key 1 md5 01100F175804 7
ntp authenticate
ntp master 1
end

r1#sh ntp ass

      address ref clock st when poll reach delay offset
disp
*~127.127.7.1 .LOCL. 0 33 64 377 0.0 0.00
0.0
 * master (synced), # master (unsynced), + selected, - candidate, ~
configured
r1#sh ntp stat
Clock is synchronized, stratum 1, reference is .LOCL.
nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19
reference time is AF3C5C41.5BB02639 (09:56:17.358 UTC Mon Mar 1 1993)
clock offset is 0.0000 msec, root delay is 0.00 msec
root dispersion is 0.02 msec, peer dispersion is 0.02 msec

tp authentication-key 1 md5 104D000A0618 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179810
ntp peer 172.33.1.1
end

r2#sh ntp ass

      address ref clock st when poll reach delay offset
disp
*~172.33.1.1 .LOCL. 1 50 64 377 7.5 -0.09
3.3
 * master (synced), # master (unsynced), + selected, - candidate, ~
configured
r2#sh ntp stat
Clock is synchronized, stratum 2, reference is 172.33.1.1
nominal freq is 250.0000 Hz, actual freq is 250.0008 Hz, precision is 2**19
reference time is AF3C5C65.25B6FDE2 (09:56:53.147 UTC Mon Mar 1 1993)
clock offset is -0.0873 msec, root delay is 7.48 msec
root dispersion is 3.39 msec, peer dispersion is 3.27 msec

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Darren Ward
Sent: Friday, March 02, 2001 8:47 PM
To: ccielab@groupstudy.com
Subject: NTP Authentication

Hi All,

I've been playing with NTP authentication between three routers, one as
master the other two as clients but one of the clients has been
configured with a bad key.

Now I have set debug ntp auth and packet to check out what happens .

Now what i see is that the server attempts to use key 1 but doesn't say
success or fail but when it replies to the client who is using the bad
key it doesn't send it using a key.

Is this the masters way of saying authentication failed but here's my
time anyway?

BTW it's only been 10 minutes so they haven't synched yet at all.......

Sample Debug:

3d19h: NTP: rcv packet from 10.0.0.3 to 10.0.0.2 on Serial1/1:
3d19h: leap 3, mode 3, version 3, stratum 0, ppoll 64
3d19h: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000
(0.0.0.0)
3d19h: ref 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
3d19h: org BE4B736C.1BAFC44B (13:43:08.108 UTC Sat Mar 3 2001)
3d19h: rec BE4B09FA.06FAFCEC (06:13:14.027 UTC Sat Mar 3 2001)
3d19h: xmt BE4B0A39.FE273820 (06:14:17.992 UTC Sat Mar 3 2001)
3d19h: inp BE4B73AC.1B118CC2 (13:44:12.105 UTC Sat Mar 3 2001)
3d19h: Authentication key 1
3d19h: NTP: stateless xmit packet to 10.0.0.3:
3d19h: leap 0, mode 4, version 3, stratum 1, ppoll 64
3d19h: rtdel 0000 (0.000), rtdsp 0002 (0.031), refid 4C4F434C
(76.79.67.76)
3d19h: ref BE4B736C.8B436780 (13:43:08.543 UTC Sat Mar 3 2001)
3d19h: org BE4B0A39.FE273820 (06:14:17.992 UTC Sat Mar 3 2001)
3d19h: rec BE4B73AC.1B118CC2 (13:44:12.105 UTC Sat Mar 3 2001)
3d19h: xmt BE4B73AC.1BA19E96 (13:44:12.107 UTC Sat Mar 3 2001)
3d19h: Authentication key 1
3d19h: NTP: rcv packet from 10.0.0.4 to 10.0.0.2 on Serial1/1:
3d19h: leap 3, mode 3, version 3, stratum 0, ppoll 64
3d19h: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000
(0.0.0.0)
3d19h: ref 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
3d19h: org BE4B737C.CA08072B (13:43:24.789 UTC Sat Mar 3 2001)
3d19h: rec AF44C22F.194AB6C2 (18:49:19.098 UTC Sun Mar 7 1993)
3d19h: xmt AF44C26F.107ABF0A (18:50:23.064 UTC Sun Mar 7 1993)
3d19h: inp BE4B73BC.C9D5058F (13:44:28.788 UTC Sat Mar 3 2001)
3d19h: Authentication key 1
3d19h: NTP: stateless xmit packet to 10.0.0.4:
3d19h: leap 0, mode 4, version 3, stratum 1, ppoll 64
3d19h: rtdel 0000 (0.000), rtdsp 0002 (0.031), refid 4C4F434C
(76.79.67.76)
3d19h: ref BE4B73AC.8C2135E1 (13:44:12.547 UTC Sat Mar 3 2001)
3d19h: org AF44C26F.107ABF0A (18:50:23.064 UTC Sun Mar 7 1993)
3d19h: rec BE4B73BC.C9D5058F (13:44:28.788 UTC Sat Mar 3 2001)
3d19h: xmt BE4B73BC.CA65465D (13:44:28.790 UTC Sat Mar 3 2001)

Darren

• Next message: JZ: "How to verify VAD of voip ?"
• Previous message: Arthayuth.B@xxxxxxxxxxxxxxxxxx: "RE: BGP problem"
• Maybe in reply to: Darren Ward: "NTP Authentication"
• Next in thread: Darren Ward: "Re: NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:19 GMT-3