From: Brian McGahan (bmcgahan@internetworkexpert.com)
Date: Fri Feb 06 2004 - 20:12:51 GMT-3
Yep. A master can be a client of another master though, so you
could end up in the case where you have authentication on a server
challenging an upstream master.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
> -----Original Message-----
> From: Kenneth Wygand [mailto:KWygand@customonline.com]
> Sent: Friday, February 06, 2004 3:56 PM
> To: Brian McGahan; ccielab@groupstudy.com
> Subject: RE: Ping Brian McGahan - Your NTP Paper
>
> So in other words, since by design only NTP clients should initiate
> authentication requests, NTP Authenticate should only be configured on
> NTP clients, correct?
>
> Kenneth E. Wygand
> Systems Engineer, Project Services
> CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
> Network+, A+
> Custom Computer Specialists, Inc.
> "Success is to be measured not so much by the position one has reached
> in life as by the obstacles which he has overcome while trying to
> succeed."
> -Booker Taliaferro Washington
>
> -----Original Message-----
> From: Brian McGahan [mailto:bmcgahan@internetworkexpert.com]
> Sent: Friday, February 06, 2004 4:54 PM
> To: Kenneth Wygand; ccielab@groupstudy.com
> Subject: RE: Ping Brian McGahan - Your NTP Paper
>
> Ken,
>
> The point of the command is to show that it is not required and
> has
> no effect. The 'ntp authenticate' command instructs the router to issue
> an
> authentication challenge to servers or peers that have an associated
> authentication key configured. In case II of the paper, the client is
> not
> challenging the server. Therefore the authentication configuration on
> the
> server does not have any effect.
>
> http://www.internetworkexpert.com/resources/01700369.htm
>
>
> HTH,
>
> Brian McGahan, CCIE #8593
> bmcgahan@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987 x 705
> Outside US: 775-826-4344 x 705
>
>
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of
> > Kenneth Wygand
> > Sent: Friday, February 06, 2004 2:55 PM
> > To: ccielab@groupstudy.com
> > Subject: Ping Brian McGahan - Your NTP Paper
> >
> > Brian,
> >
> >
> >
> > This question relates to your white paper on NTP
> > (internetworkexpert.com), but can also be answered by the group.
> >
> >
> >
> > In the cases you list, case II is "Authentication on Master (R1) Only"
> > and case IV is "Authentication on Master (R1) and Client (R2)".
> >
> >
> >
> > The configuration for R1 in case II is as follows:
> >
> >
> >
> > <snip>
> >
> > R1(config)#ntp master 1
> >
> > R1(config)#ntp authenticate
> >
> > R1(config)#ntp authentication-key 1 md5 CISCO
> >
> > <snip>
> >
> >
> >
> > Yet the configuration for R1 in case IV is as follows:
> >
> >
> >
> > <snip>
> >
> > R1(config)#ntp master 1
> >
> > R1(config)#ntp authentication-key 1 md5 CISCO
> >
> > <snip>
> >
> >
> >
> > Note the command "ntp authenticate" is listed in R1's configuration in
> > case II but not in case IV. The description on both cases is that
> > Authentication *IS* enabled on R1. Was this done intentionally, and
> if
> > so, why is "ntp authenticate" only required in case II.
> >
> >
> >
> > Thanks!
> >
> >
> >
> > Kenneth E. Wygand
> > Systems Engineer, Project Services
> >
> > CISSP #37102, CCNP, CCDP, ACSP, Cisco IPT Design Specialist, MCP, CNA,
> > Network+, A+
> > Custom Computer Specialists, Inc.
> >
> > "Success is to be measured not so much by the position one has reached
> > in life as by the obstacles which he has overcome while trying to
> > succeed."
> > -Booker Taliaferro Washington
> >
> >
> _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials
> from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:47 GMT-3