SV: ntp authentication

From: Jens Petter Eikeland (jenseike@start.no)
Date: Thu Sep 15 2005 - 13:25:32 GMT-3

• Next message: Eugene Ward: "RE: ntp authentication"
• Previous message: Peter McCreesh: "Re: RE : Is it possible ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi ,

Yes... when you f ex when the ntp packets are going trough some kind off
iltering device (firewall, acl's), you would want to set the source
interface so that you can specify this as source of the ntp packets..,

Jens Petter Eikeland

-----Opprinnelig melding-----
Fra: nobody@groupstudy.com [mailto:nobody@groupstudy.com] Pe vegne av Ryan,
Jeff
Sendt: 15. september 2005 18:02
Til: Thomwin Chen; Venkataramanaiah.R; Jaycee Cockburn - BCX SS
Kopi: ccielab@groupstudy.com
Emne: RE: ntp authentication

Does anyone see any benefit of explicitly stating the ntp source
interface? I have seen some labs with it and others that don't. I have
not seen anything that sticks out on why I would use this optional
feature.

Thanks,
Jeff

Jeff Ryan
Senior Network Engineer
NETCO Government Services Inc.
13665 Dulles Technology Drive, Herndon, VA 20171
301-675-7344 mobile
703-480-2581 office
AIM: Hooligan Jeff
mailto:jryan@netcogov.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Thomwin Chen
Sent: Thursday, September 15, 2005 12:42 AM
To: Venkataramanaiah.R; Jaycee Cockburn - BCX SS
Cc: ccielab@groupstudy.com
Subject: Re: ntp authentication

Hi,
 
I just read Solie (CCIE Lab Practical Studies vol. I)
yup, I think the correct way on the master side is like this :
 
ntp authenticate
ntp authentication-key 1 md5 september
ntp trusted-key 1
ntp master
 
and on the client side is like this :

ntp authenticate
ntp authentication-key 1 md5 september
ntp trusted-key 1
ntp server 1.1.1.1 key 1
 
this is a correction of what I sent a while ago replying somebody...
 
Rgds,
Thomwin

"Venkataramanaiah.R" <vramanaiah@gmail.com> wrote:
Hi Jaycee, Did that config work for you..? I guess you are missing the
ntp
authenticate command on the server...., by configuring that command on
the
server side, it is really not authenticating the client, but it just
helps
to send an appropriate hash in response when the client is
authenticating..
Hope i clarified it.

-Venkat

On 9/13/05, Jaycee Cockburn - BCX SS wrote:
>
>
> Hi
> I agree, and help if I'm wrong!
> For the client to authenticate the timesource
>
> NTPCLIENT
> ntp authentication-key 1 md5 beer
> ntp authenticate
> ntp trusted-key 1
> ntp server 172.16.35.5 key 1
>
> NTP Server
> ntp authentication-key 1 md5 1307121719 7
> ntp master
>
> If I understand correctly, there is no need for the server to
> authenticate the client???
>
> Cheers
> Happy Labbing!
> JC
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Venkataramanaiah.R
> Sent: 13 September 2005 07:58 AM
> To: John Matus
> Cc: ccielab@groupstudy.com
> Subject: Re: ntp authentication
>
> Guys, thatz the trickier part with NTP. It is always the Client which
> authenticates the Server.. Because he wants to make sure he is getting
> the right time from the right server...
> My 2 cents
> -Venkat
>
> On 9/13/05, John Matus wrote:
> >
> > yeah, i guess it would be the case that the server always
authnticates
>
> > the client....i got thrown by some language
> >
> >
> > >From: "John Matus"
> > >Reply-To: "John Matus"
> > >To: ccielab@groupstudy.com
> > >Subject: ntp authentication
> > >Date: Mon, 12 Sep 2005 22:30:57 +0000
> > >
> > >ok, semi-trick question.......perhaps not
> > >
> > >can an ntp client be set up to authenticate a server, meaning that
> > >the server authenticates to the client, or should it always be that
> > >the
> > server
> > >autheticates the client?
> > >
> > >_________________________________________________________________
> > >Express yourself instantly with MSN Messenger! Download today -
it's
> > FREE!
> > >http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
> > >
> >
>_____________________________________________________________________
> > >__ Subscription information may be found at:
> > >http://www.groupstudy.com/list/CCIELab.html
> >
> > _________________________________________________________________
> > Dont just search. Find. Check out the new MSN Search!
> > http://search.msn.click-url.com/go/onm00200636ave/direct/01/
> >
> >

• Next message: Eugene Ward: "RE: ntp authentication"
• Previous message: Peter McCreesh: "Re: RE : Is it possible ?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3