RE: NTP authentication issue

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Fri Nov 11 2005 - 15:28:47 GMT-3

• Next message: Schulz, Dave: "RE: default cos vaule on switch port"
• Previous message: Montiean: "default cos vaule on switch port"
• Maybe in reply to: Schulz, Dave: "NTP authentication issue"
• Next in thread: Schulz, Dave: "RE: NTP authentication issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Thanks, Pete. I will give that a try. However, this seems to be a
security issue....if I have no key set up at the remotes, they will
still synchronize with the server. It appears then that the
security/authentication is only based on the specific device determining
where it will get its timing from, not that the server will only provide
timing to specific devices.

Dave Schulz,

Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com%20>

________________________________

From: Peter McCreesh [mailto:petermccreesh@gmail.com]
Sent: Friday, November 11, 2005 12:08 PM
To: Schulz, Dave
Cc: ccielab@groupstudy.com
Subject: Re: NTP authentication issue

Hi Dave,
i think you need the following on R5
ntp server 10.10.10.1 key 1

..Pete

On 11/11/05, Schulz, Dave <DSchulz@dpsciences.com> wrote:

I have NTP set up between two routers with the following configuration,
using a md5 password of "cisco". R1 is the master. Everything
synchronizes and is happy. However, I am purposely trying to break it,
by changing the password at R1 to "wellfleet" (all the old guys <like
me> will appreciate that). Unfortunately, R5 still synchronizes (and it
shouldn't). Am I missing something? Here are the configs.....

!
hostname R1
!
interface Ethernet0
ip address 192.168.150.100 255.255.255.0
!
interface Serial0
ip address 10.10.10.1 255.255.255.0
ip pim nbma-mode
ip pim sparse-mode
encapsulation frame-relay
no ip mroute-cache
no fair-queue
frame-relay map ip 10.10.10.1 105
frame-relay map ip 10.10.10.5 105 broadcast
frame-relay map ip 10.10.10.6 106 broadcast
no frame-relay inverse-arp
!
ntp authentication-key 1 md5 051C03032D4A420C1C11 7
ntp trusted-key 1
ntp master 3
!

!
hostname R5
!
interface Serial0
ip address 10.10.10.5 255.255.255.0
ip pim sparse-mode
encapsulation frame-relay
no fair-queue
frame-relay map ip 10.10.10.1 501 broadcast
frame-relay map ip 10.10.10.5 501
frame-relay map ip 10.10.10.6 501
no frame-relay inverse-arp
!
ntp authentication-key 1 md5 13061E010803 7
ntp authenticate
ntp trusted-key 1
ntp clock-period 17179785
ntp server 10.10.10.1
!

Dave Schulz,
Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com >

• Next message: Schulz, Dave: "RE: default cos vaule on switch port"
• Previous message: Montiean: "default cos vaule on switch port"
• Maybe in reply to: Schulz, Dave: "NTP authentication issue"
• Next in thread: Schulz, Dave: "RE: NTP authentication issue"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Dec 01 2005 - 09:12:06 GMT-3