RE: NTP Authentication

From: Edwards, Andrew M (andrew.m.edwards@boeing.com)
Date: Wed Jan 05 2005 - 22:08:09 GMT-3

• Next message: Mike Louis: "RE: OT:Anybody know the PPS for PIX535"
• Previous message: R. Adjakou/Home: "CCIE RS Practice labs - Lab5 - Bis"
• Maybe in reply to: Anthony Sequeira: "NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

You need to specify the key to use for authentication to the peer.

ntp peer 160.10.1.1 prefer key 1

andy
-----Original Message-----
From: Anthony Sequeira [mailto:terry.francona@gmail.com]
Sent: Wednesday, January 05, 2005 10:36 AM
To: Edwards, Andrew M
Cc: ccie2be; Cisco certification
Subject: Re: NTP Authentication

Well - I am thinking that mine is not working.....
Trying for a simple config between lab routers R1 and R2....

R1 CONFIG
clock timezone EST -5
clock calendar-valid
!
!
ntp authentication-key 1 md5 060506324F41 7
ntp authenticate
ntp trusted-key 1
ntp master 6

R2 CONFIG
clock timezone EST -5
!
!
ntp authentication-key 1 md5 121A0C041104 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179851
ntp peer 160.10.1.1 prefer

Here is show output from R2:
R2#show ntp assoc detail
160.10.1.1 configured, our_master, sane, valid, stratum 6
ref ID 127.127.7.1, time C585606D.6FB18839 (13:35:25.436 EST Tue Jan 4
2005) our mode active, peer mode passive, our poll intvl 64, peer poll
intvl 64 root delay 0.00 msec, root disp 0.03, reach 377, sync dist
4.395 delay 8.61 msec, offset -0.1788 msec, dispersion 0.06 precision
2**24, version 3 org time C5856074.F65D2D6C (13:35:32.962 EST Tue Jan 4
2005) rcv time C5856074.F7832435 (13:35:32.966 EST Tue Jan 4 2005) xmt
time C5856074.F541CB0C (13:35:32.958 EST Tue Jan 4 2005)
filtdelay = 8.61 8.45 8.44 8.45 8.47 8.51 8.54
8.45
filtoffset = -0.18 -0.17 -0.28 -0.34 -0.27 -0.23 -0.20
-0.17
filterror = 0.02 0.99 2.94 4.90 6.85 8.80 9.78
10.33

On Wed, 5 Jan 2005 10:01:33 -0800, Edwards, Andrew M
<andrew.m.edwards@boeing.com> wrote:
> Anthony,
>
> Using Tims command below will show "authenticated".
>
> Also, you can do "debug ntp authentication"
>
> HTH,
>
> andy
>
> -----Original Message-----
> From: ccie2be [mailto:ccie2be@nyc.rr.com]
> Sent: Wednesday, January 05, 2005 4:47 AM
> To: Anthony Sequeira; Cisco certification
> Subject: Re: NTP Authentication
>
> Use the show ntp asso det and/or show ntp staus
>
> If authentication is not working, you wont be in sync.
>
> ----- Original Message -----
> From: "Anthony Sequeira" <terry.francona@gmail.com>
> To: "Cisco certification" <ccielab@groupstudy.com>
> Sent: Tuesday, January 04, 2005 11:44 PM
> Subject: NTP Authentication
>
> > NTP authentication sure seems simple to implement - but how in the
> > world would you verify that it is actually working?
> >
> > ____________________________________________________________________
> > __
> > _
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Mike Louis: "RE: OT:Anybody know the PPS for PIX535"
• Previous message: R. Adjakou/Home: "CCIE RS Practice labs - Lab5 - Bis"
• Maybe in reply to: Anthony Sequeira: "NTP Authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Wed Feb 02 2005 - 22:10:19 GMT-3