From: ying chang (ying_c@xxxxxxxxxxx)
Date: Tue Mar 05 2002 - 14:34:57 GMT-3
Hi,
"ntp server 172.16.1.1 key 1" is the right one to use, it will cause the
server to send you the packet that contains the key. You can check the
result by "show ntp asso detail" after the clock is synced up. I think one
of the "debug ntp" command will also show you if the packet contains the key
or not. If you see "authentication key 0" from the output of "debug ntp
authentication", that's the same as "authentication failure". So if you want
to see how it works, first try it with the correct key, then try it with the
incorrect key, finally take away the "ntp authentication-key" and just use
the "ntp server 172.16.1.1" and compare the three results, you should see
what I'm talking about.
"ntp server 172.16.1.1" will simply take the ntp broadcast packet to sync
it's clock, the clock still sync, but there's no authentication involved.
Chang
>From: "Williams, Glenn" <WILLIAMSG@PANASONIC.COM>
>Reply-To: "Williams, Glenn" <WILLIAMSG@PANASONIC.COM>
>To: "'ccielab@groupstudy.com'" <ccielab@groupstudy.com>
>Subject: NTP Authentication
>Date: Tue, 5 Mar 2002 10:11:47 -0500
>
>Hi,
>
>When doing NTP authentication going to the server, I have seen for example:
>ntp authentication-key 1 md5 cisco
>ntp authenticate
>ntp server 172.16.1.1
>
>Now what is correct from below. What is the difference? How to check?
>Can't seem to nail this down, getting different info.
>
>
>ntp server 172.16.1.1
>OR
>ntp server 172.16.1.1 key 1
>TIA
>GW
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:56:53 GMT-3