From: Pickell, Aaryn (Aaryn.Pickell@xxxxxxxxxxxxx)
Date: Thu Jun 07 2001 - 17:13:46 GMT-3
The client will show authenticated if the server provides the correct key
string and number in its packet. But... without the trusted key, you won't
accept that key as valid. Kind of silly, but there you go.
I like how the NTP code for Cat switches handles it... the 'set ntp key'
includes a {trusted|untrusted} argument, so we don't need to worry about
having a second line.
Aaryn Pickell - CCNP ATM, CCDP, MCSE
Senior Engineer - Routing Protocols
Getronics Inc.
Direct: 713-394-1609
Email:aaryn.pickell@getronics.com
This e-mail message and any attachments are confidential and may be
privileged. If you are not the intended recipient, please notify me
immediately by replying to this message and please destroy all copies of
this message and attachments. Thank you.
> -----Original Message-----
> From: Richard Geiger [mailto:geiger_rich@hotmail.com]
> Sent: Thursday, June 07, 2001 2:17 PM
> To: Pickell, Aaryn; ccielab@groupstudy.com; Don.Barnhill@COMPAQ.com
> Subject: RE: NTP Question
>
>
> You got It!!!
>
> Thanks
>
>
> It was the trusted key, however the client was showing
> authenticated (!) (?)
> I'll post the actual config for the archives.
>
> RTR 1
>
> set clock -------
>
> clock timezone CST -6
> clock summer-time CDT recurring
> ntp authentication-key 1 md5 ciscotime
> ntp authenticate
> ntp trusted-key 1
> ntp clock-period 17179866
> ntp source Loopback0
> ntp server 16.16.16.16 key 1
>
>
> address ref clock st when poll reach
> delay offset
> disp
> *~127.127.7.1 127.127.7.1 7 32 64 377
> 0.0 0.00
> 0.0
> * master (synced), # master (unsynced), + selected, - candidate, ~
> configured
>
>
>
> RTR2
>
> set clock -------
>
> clock timezone CST -6
> clock summer-time CDT recurring
> ntp authentication-key 1 md5 ciscotime
> ntp authenticate
> ntp trusted-key 1
> ntp source Loopback0
> ntp master
> end
>
>
> address ref clock st when poll reach
> delay offset
> disp
> *~16.16.16.16 127.127.7.1 8 27 64 377
> 31.3 -3.33
> 0.4
> * master (synced), # master (unsynced), + selected, - candidate, ~
> configured
>
>
>
>
>
> >From: "Pickell, Aaryn" <Aaryn.Pickell@getronics.com>
> >Reply-To: "Pickell, Aaryn" <Aaryn.Pickell@getronics.com>
> >To: "'Richard Geiger'" <geiger_rich@hotmail.com>,
> ccielab@groupstudy.com
> >Subject: RE: NTP Question
> >Date: Thu, 7 Jun 2001 14:53:34 -0400
> >
> >The sh ntp association you have is from R1? That looks like
> what I would
> >expect from R2, actually. On R2, you need to have the
> trusted-key command
> >for authentication to work.
> >
> >
> >
> >Aaryn Pickell - CCNP ATM, CCDP, MCSE
> >Senior Engineer - Routing Protocols
> >Getronics Inc.
> >Direct: 713-394-1609
> >Email:aaryn.pickell@getronics.com
> >
> >This e-mail message and any attachments are confidential and may be
> >privileged. If you are not the intended recipient, please notify me
> >immediately by replying to this message and please destroy
> all copies of
> >this message and attachments. Thank you.
> >
> >
> > > -----Original Message-----
> > > From: Richard Geiger [mailto:geiger_rich@hotmail.com]
> > > Sent: Thursday, June 07, 2001 1:32 PM
> > > To: ccielab@groupstudy.com
> > > Subject: NTP Question
> > >
> > >
> > > My problem appears to be that the master clock does not
> > > recognize it's own
> > > clock as the master ..??? Authentication is working fine.
> > >
> > > Please help I am scheduled next for the Lab Next monday in the
> > > Great White North...
> > >
> > > Here is the config and the results..
> > >
> > >
> > >
> > > RTR1
> > > clock timezone CST -6
> > > clock summer-time CDT recurring
> > > ntp authentication-key 1 md5 070C285F4D060D0C1A17 7
> > > ntp authenticate
> > > ntp trusted-key 1
> > > ntp source Loopback0
> > > ntp master
> > >
> > >
> > > RTR2
> > > !
> > > clock timezone CST -6
> > > clock summer-time CDT recurring
> > > ntp authentication-key 1 md5 094F471A1A0A031B0609 7
> > > ntp authenticate
> > > ntp broadcastdelay 15
> > > ntp server 16.16.16.16 key 1
> > >
> > > 1#sh ntp a
> > >
> > > address ref clock st when poll reach
> > > delay offset
> > > disp
> > > ~16.16.16.16 0.0.0.0 16 18 64 0
> > > 0.0 0.00
> > > 16000.
> > > * master (synced), # master (unsynced), + selected, - candidate, ~
> > > configured
> > >
> > >
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:31:20 GMT-3