RE: NTP authentication is affected by source interface?[2]

From: Wang, Ting \(Taylor\) (wangting@avaya.com)
Date: Sat Apr 29 2006 - 07:22:53 GMT-3

• Next message: Faryar Zabihi \(fzabihi\): "RE: Practice Lab"
• Previous message: chris Iannacone: "Practice Lab"
• Maybe in reply to: Michy Eika: "NTP authentication is affected by source interface?[2]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Group,
Anyone have the idea on the NTP questions in my last mail?
Does "ntp source lo0" and "ntp trusted-key 1234" only make sense for
client?
Taylor
-----Original Message-----
From: Wang, Ting (Taylor)
Sent: Friday, April 28, 2006 11:02 AM
To: 'Michy Eika'; 'ccielab@groupstudy.com'
Subject: RE: NTP authentication is affected by source interface?[2]

Hi ,
I think the "ntp source lo0" is only useful for client, for the purpose
of robust and ntp ACL. The "ntp server 1.1.1.1 " indicate the
destination IP address for NTP request is lo0 of NTP server.
BTW, I think the command of "ntp trusted-key 1234" is only needed in
client. It is redundent for NTP server, since client authenticate the
server only, not the vice verse. Could anyone confirm if I'm right?
Taylor
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Michy Eika
Sent: Sunday, April 23, 2006 9:06 AM
To: ccielab@groupstudy.com
Subject: NTP authentication is affected by source interface?[2]

Hi folks!

Hello again. And I wanna supplement my question with network topology.
I'm planning to use NTP. But if I want to configure routers to make it
more robust and secure, I think I should implement authentication and
redundant path to connect NTP server(ntp master router). In this case,
do I need to make loopback interface as source interface on both
routers(client and server router)?
I'm concerned about one of redundant link failure's impact. I wonder
what happens if redundant link failure occurs on NTP server or client. I
wonder the authentication is affected...(and etc...) . I think ntp ACL
will be affected by this circumstance.

|--lo0[R1]s0/0-----[R2]------s0/1[R3]lo0--|
          |e0/0 e0/1|
          |-----------[R4]-----------|
R1 lo:1.1.1.1
R3 lo:3.3.3.3
* R1 can reach R3 and vice versa.

[R1]
ntp master 3

ntp source Loopback0

ntp authenticate

ntp authentication-key 1234 md5 cisco

ntp trusted-key 1234

[R3]
ntp server 1.1.1.1 key 1234

ntp source Loopback0

ntp authenticate

ntp authentication-key 1234 md5 cisco

ntp trusted-key 1234

• Next message: Faryar Zabihi \(fzabihi\): "RE: Practice Lab"
• Previous message: chris Iannacone: "Practice Lab"
• Maybe in reply to: Michy Eika: "NTP authentication is affected by source interface?[2]"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon May 01 2006 - 11:41:59 GMT-3