From: Eugene Ward (eward15@juno.com)
Date: Thu Sep 15 2005 - 13:43:43 GMT-3
My answer is not lab related, but I use it to keep the source address consistent when I allow ntp through my firewall; otherwise, I would have to allow multiple IP addresses through (my assumption here is that the closest interface to the time source failed, and the IP address in the ntp packet would be sourced by the next closest interface).
Eugene Ward
-----------------------------------------------------------------------
Does anyone see any benefit of explicitly stating the ntp source
interface? I have seen some labs with it and others that don't. I have
not seen anything that sticks out on why I would use this optional
feature.
Thanks,
Jeff
Jeff Ryan
Senior Network Engineer
NETCO Government Services Inc.
13665 Dulles Technology Drive, Herndon, VA 20171
301-675-7344 mobile
703-480-2581 office
AIM: Hooligan Jeff
mailto:jryan@netcogov.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Thomwin Chen
Sent: Thursday, September 15, 2005 12:42 AM
To: Venkataramanaiah.R; Jaycee Cockburn - BCX SS
Cc: ccielab@groupstudy.com
Subject: Re: ntp authentication
Hi,
I just read Solie (CCIE Lab Practical Studies vol. I)
yup, I think the correct way on the master side is like this :
ntp authenticate
ntp authentication-key 1 md5 september
ntp trusted-key 1
ntp master
and on the client side is like this :
ntp authenticate
ntp authentication-key 1 md5 september
ntp trusted-key 1
ntp server 1.1.1.1 key 1
this is a correction of what I sent a while ago replying somebody...
Rgds,
Thomwin
"Venkataramanaiah.R" <vramanaiah@gmail.com> wrote:
Hi Jaycee, Did that config work for you..? I guess you are missing the
ntp
authenticate command on the server...., by configuring that command on
the
server side, it is really not authenticating the client, but it just
helps
to send an appropriate hash in response when the client is
authenticating..
Hope i clarified it.
-Venkat
On 9/13/05, Jaycee Cockburn - BCX SS wrote:
>
>
> Hi
> I agree, and help if I'm wrong!
> For the client to authenticate the timesource
>
> NTPCLIENT
> ntp authentication-key 1 md5 beer
> ntp authenticate
> ntp trusted-key 1
> ntp server 172.16.35.5 key 1
>
> NTP Server
> ntp authentication-key 1 md5 1307121719 7
> ntp master
>
> If I understand correctly, there is no need for the server to
> authenticate the client???
>
> Cheers
> Happy Labbing!
> JC
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> Venkataramanaiah.R
> Sent: 13 September 2005 07:58 AM
> To: John Matus
> Cc: ccielab@groupstudy.com
> Subject: Re: ntp authentication
>
> Guys, thatz the trickier part with NTP. It is always the Client which
> authenticates the Server.. Because he wants to make sure he is getting
> the right time from the right server...
> My 2 cents
> -Venkat
>
> On 9/13/05, John Matus wrote:
> >
> > yeah, i guess it would be the case that the server always
authnticates
>
> > the client....i got thrown by some language
> >
> >
> > >From: "John Matus"
> > >Reply-To: "John Matus"
> > >To: ccielab@groupstudy.com
> > >Subject: ntp authentication
> > >Date: Mon, 12 Sep 2005 22:30:57 +0000
> > >
> > >ok, semi-trick question.......perhaps not
> > >
> > >can an ntp client be set up to authenticate a server, meaning
that
> > >the server authenticates to the client, or should it always be
that
> > >the
> > server
> > >autheticates the client?
This archive was generated by hypermail 2.1.4 : Sun Oct 02 2005 - 14:40:15 GMT-3