From: Darren Ward (dward@xxxxxxxxxx)
Date: Sat Mar 03 2001 - 01:23:44 GMT-3
Arrrrrrrrrrrrrrrrr!
I forgot the trusted-key parameter on the clients.
As soon as I entered the trusted-key on the clients the first client with the
correct auth key synchronised within a minute and the other doesn't trust the
master because the keys don't match so it's just kicking back doing nothing.
Mission acomplished, thanks Alan!
Alan Basinger wrote:
> Darren,
> NTP will only use authentication between peers not with the Master and
> peers.
> Here is a config that works but still no auth. I thought about setting a
> peer statement in the master peering with the R2 as well as the master
> statement, but when I tried it showed configured but not sync. Seemed as if
> auth worked in my debugs though? Any ideas out there? Also how do you get
> the clock to stay set it always reverts back to 1993 after reboot?
>
> HTH
>
> Alan
>
> ntp authentication-key 1 md5 01100F175804 7
> ntp authenticate
> ntp master 1
> end
>
> r1#sh ntp ass
>
> address ref clock st when poll reach delay offset
> disp
> *~127.127.7.1 .LOCL. 0 33 64 377 0.0 0.00
> 0.0
> * master (synced), # master (unsynced), + selected, - candidate, ~
> configured
> r1#sh ntp stat
> Clock is synchronized, stratum 1, reference is .LOCL.
> nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**19
> reference time is AF3C5C41.5BB02639 (09:56:17.358 UTC Mon Mar 1 1993)
> clock offset is 0.0000 msec, root delay is 0.00 msec
> root dispersion is 0.02 msec, peer dispersion is 0.02 msec
>
> tp authentication-key 1 md5 104D000A0618 7
> ntp authenticate
> ntp trusted-key 1
> ntp clock-period 17179810
> ntp peer 172.33.1.1
> end
>
> r2#sh ntp ass
>
> address ref clock st when poll reach delay offset
> disp
> *~172.33.1.1 .LOCL. 1 50 64 377 7.5 -0.09
> 3.3
> * master (synced), # master (unsynced), + selected, - candidate, ~
> configured
> r2#sh ntp stat
> Clock is synchronized, stratum 2, reference is 172.33.1.1
> nominal freq is 250.0000 Hz, actual freq is 250.0008 Hz, precision is 2**19
> reference time is AF3C5C65.25B6FDE2 (09:56:53.147 UTC Mon Mar 1 1993)
> clock offset is -0.0873 msec, root delay is 7.48 msec
> root dispersion is 3.39 msec, peer dispersion is 3.27 msec
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> Darren Ward
> Sent: Friday, March 02, 2001 8:47 PM
> To: ccielab@groupstudy.com
> Subject: NTP Authentication
>
> Hi All,
>
> I've been playing with NTP authentication between three routers, one as
> master the other two as clients but one of the clients has been
> configured with a bad key.
>
> Now I have set debug ntp auth and packet to check out what happens .
>
> Now what i see is that the server attempts to use key 1 but doesn't say
> success or fail but when it replies to the client who is using the bad
> key it doesn't send it using a key.
>
> Is this the masters way of saying authentication failed but here's my
> time anyway?
>
> BTW it's only been 10 minutes so they haven't synched yet at all.......
>
> Sample Debug:
>
> 3d19h: NTP: rcv packet from 10.0.0.3 to 10.0.0.2 on Serial1/1:
> 3d19h: leap 3, mode 3, version 3, stratum 0, ppoll 64
> 3d19h: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000
> (0.0.0.0)
> 3d19h: ref 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
> 3d19h: org BE4B736C.1BAFC44B (13:43:08.108 UTC Sat Mar 3 2001)
> 3d19h: rec BE4B09FA.06FAFCEC (06:13:14.027 UTC Sat Mar 3 2001)
> 3d19h: xmt BE4B0A39.FE273820 (06:14:17.992 UTC Sat Mar 3 2001)
> 3d19h: inp BE4B73AC.1B118CC2 (13:44:12.105 UTC Sat Mar 3 2001)
> 3d19h: Authentication key 1
> 3d19h: NTP: stateless xmit packet to 10.0.0.3:
> 3d19h: leap 0, mode 4, version 3, stratum 1, ppoll 64
> 3d19h: rtdel 0000 (0.000), rtdsp 0002 (0.031), refid 4C4F434C
> (76.79.67.76)
> 3d19h: ref BE4B736C.8B436780 (13:43:08.543 UTC Sat Mar 3 2001)
> 3d19h: org BE4B0A39.FE273820 (06:14:17.992 UTC Sat Mar 3 2001)
> 3d19h: rec BE4B73AC.1B118CC2 (13:44:12.105 UTC Sat Mar 3 2001)
> 3d19h: xmt BE4B73AC.1BA19E96 (13:44:12.107 UTC Sat Mar 3 2001)
> 3d19h: Authentication key 1
> 3d19h: NTP: rcv packet from 10.0.0.4 to 10.0.0.2 on Serial1/1:
> 3d19h: leap 3, mode 3, version 3, stratum 0, ppoll 64
> 3d19h: rtdel 0000 (0.000), rtdsp 10001 (1000.015), refid 00000000
> (0.0.0.0)
> 3d19h: ref 00000000.00000000 (00:00:00.000 UTC Mon Jan 1 1900)
> 3d19h: org BE4B737C.CA08072B (13:43:24.789 UTC Sat Mar 3 2001)
> 3d19h: rec AF44C22F.194AB6C2 (18:49:19.098 UTC Sun Mar 7 1993)
> 3d19h: xmt AF44C26F.107ABF0A (18:50:23.064 UTC Sun Mar 7 1993)
> 3d19h: inp BE4B73BC.C9D5058F (13:44:28.788 UTC Sat Mar 3 2001)
> 3d19h: Authentication key 1
> 3d19h: NTP: stateless xmit packet to 10.0.0.4:
> 3d19h: leap 0, mode 4, version 3, stratum 1, ppoll 64
> 3d19h: rtdel 0000 (0.000), rtdsp 0002 (0.031), refid 4C4F434C
> (76.79.67.76)
> 3d19h: ref BE4B73AC.8C2135E1 (13:44:12.547 UTC Sat Mar 3 2001)
> 3d19h: org AF44C26F.107ABF0A (18:50:23.064 UTC Sun Mar 7 1993)
> 3d19h: rec BE4B73BC.C9D5058F (13:44:28.788 UTC Sat Mar 3 2001)
> 3d19h: xmt BE4B73BC.CA65465D (13:44:28.790 UTC Sat Mar 3 2001)
>
> Darren
>
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:19 GMT-3