Re: NTP authenticaion

From: John Matus (jmatus@pacbell.net)
Date: Fri Jul 08 2005 - 01:34:04 GMT-3

• Next message: Scott Morris: "RE: protocol type-code information on DocCD"
• Previous message: John Matus: "Re: Queue"
• Maybe in reply to: Teesa Peter: "NTP authenticaion"
• Next in thread: Brian Dennis: "RE: NTP authenticaion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hmm....i'm not sure, but this flys in the face of everythink i thought i new
about ntp.
from what "i" learned, the only statement you need on the server side is:
ntp authentication-key 1 md5 cisco

on the client side you need:
ntp server 1.2.3.4 key 1
ntp authenticate
ntp authentication-key 1 md5 csico
ntp trusted key 1

for the statum level - i believe it goes on the server side, not the client
side.

Regards,

John D. Matus
MCSE, CCNP
Office: 818-782-2061
Cell: 818-430-8372
jmatus@pacbell.net
----- Original Message -----
From: "Sila Moni" <silamoni@yahoo.com>
To: "Teesa Peter" <tespet@rediffmail.com>; <ccielab@groupstudy.com>
Sent: Thursday, July 07, 2005 11:10 AM
Subject: Re: NTP authenticaion

> Peter,
>
> From my understanding, NTP server authenticates with
> the client. Therefore, "ntp trusted-key" statement is
> only required on the client side. In the configure
> below, you set the stratum on R2 to 10. That means
> your client will be 11. The lower the stratum the
> better - usually 1 or 2. Finally, if authentication
> is both ways, the pass phrase should be the same.
>
> Sila
>
>> R2
>> !
>> ntp master 10
>> ntp trusted-key 1
>> ntp authenticate
>> ntp authentication-key 1
>> md5 ccie
>> !
>>
>> R1
>> !
>> ntp server 10.0.0.2
>> ntp trusted-key 1
>> ntp authenticate
>> ntp
>> authentication-key 1 md5 cisco
>
>
>
> --- Teesa Peter <tespet@rediffmail.com> wrote:
>
>>
>> Hi,
>>
>> R1 & R2 are connected through a point-to-point
>> interface having ip
>> addresses 10.0.0.1 & 10.0.0.2 respectively. R2 is
>> the ntp master.R1 is
>> synchronising with R2 and also I want to
>> authenticate NTP.I configured R2 as:
>> R2
>> !
>> ntp master 10
>> ntp trusted-key 1
>> ntp authenticate
>> ntp authentication-key 1
>> md5 ccie
>> !
>>
>> R1
>> !
>> ntp server 10.0.0.2
>> ntp trusted-key 1
>> ntp authenticate
>> ntp
>> authentication-key 1 md5 cisco
>> !
>>
>> Here the R1 is synchronising with R2 evenif
>> the key or password are different.So is it that here
>> authentication is not
>> working ?
>> The other thing is that if I change R1's ntp server
>> command to
>> include the "key" ie
>> R1
>> !
>> ntp server 10.0.0.2 key 1
>> !
>>
>> In this case R1 is
>> not synchronising.Here R1 will synchronise only if
>> both keys and passwords are
>> same.
>> So If I am asked to configure NTP authentication,
>> need I add the "key"
>> keyword to my "ntp server" or " ntp peer " statement
>> ?
>>
>> Thanks,
>> Peter
>>
>>
> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
>
>
> ____________________________________________________
> Sell on Yahoo! Auctions  no fees. Bid on great items.
> http://auctions.yahoo.com/
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Scott Morris: "RE: protocol type-code information on DocCD"
• Previous message: John Matus: "Re: Queue"
• Maybe in reply to: Teesa Peter: "NTP authenticaion"
• Next in thread: Brian Dennis: "RE: NTP authenticaion"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3