From: Richard Davidson (rich@myhomemail.net)
Date: Wed Jan 28 2004 - 01:30:16 GMT-3
The best wright up I have seen on NTP see links. The
first will explain your problem. The second is a link
to the netmaster site. The sample lab 1 has an
excellent explanation the insane problem experienced
with NTP. Both are great reads.
Resources:
Hardening Cisco Routers
http://www.oreilly.com/catalog/hardcisco/chapter/ch10.html
Sample lab 1
http://www.netmasterclass.net/site/home.php
--- Ellie Chou <ellie_chou@hotmail.com> wrote:
> Hi, I found lots of NTP authentication discussion in
> the archive but
> still have some puzzle in my mind. So I configured
> the following scenario
> to test my knowledge. My understanding according to
> the config is, R1
> will ask key 2 from R2 (from the "ntp server7.7.7.7
> key 2" config), R2
> will respond with key2 since it has it configured.
> However, key 2 is not
> a trusted key (ntp trusted-key 1) so the
> authentication should fail. But
> it doesn't! "show ntp status" shows R1 is synced.
> Can someone help me on
> this? Is there anything wrong with the statement I
> made above? thanks a
> lot!! R1:sh run | inc ntp
> ntp authentication-key 1 md5 0458080F0A 7
> ntp authentication-key 2 md5 021201481F 7
> ntp authenticate
> ntp trusted-key 1
> ntp clock-period 17179935
> ntp server 7.7.7.7 key 2
> R2:sh run | inc ntp
> ntp authentication-key 2 md5 021201481F 7
> ntp master 3
> ntp update-calendar
> R1#sh ntp sta
> Clock is unsynchronized, stratum 16, no reference
> clock
> nominal freq is 250.0000 Hz, actual freq is 249.9990
> Hz, precision is
> 2**18
> reference time is C3C093A4.5455894F (07:37:08.329
> UTC Tue Jan 27 2004)
> clock offset is -0.1228 msec, root delay is 26.61
> msec
> root dispersion is 0.34 msec, peer dispersion is
> 0.17 msec
>
>
------------------------------------------------------------------------
>
> Get a FREE online virus check for your PC here, from
> McAfee.
>
>
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:51 GMT-3