RE: NTP authentication

From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Mon May 01 2006 - 10:07:45 ART

• Next message: Vincent Mashburn: "RE: voice"
• Previous message: Petr Lapukhov: "Re: NTP authentication"
• Maybe in reply to: Schulz, Dave: "RE: NTP authentication"
• Next in thread: Schulz, Dave: "RE: NTP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

That is what I was thinking, but after doing the debugs....I didn't see
this. I'll run it again.

Dave Schulz,

Email: dschulz@dpsciences.com <mailto:dschulz@dpsciences.com%20>

________________________________

From: Petr Lapukhov [mailto:petrsoft@gmail.com]
Sent: Monday, May 01, 2006 9:05 AM
To: Schulz, Dave
Cc: Luis Rueda; Michael; ccielab
Subject: Re: NTP authentication

Actually, if you do a "debug ntp authentication" you will see,
that NTP packets carry key number with them :))

I try to dig that topic, since information on NTP is scarse and vague
:))

Petr

2006/5/1, Schulz, Dave <DSchulz@dpsciences.com>:

Luis -

Do you have a configuration where this worked successfully? I labbed it
up and could only get the authentication to work if the key #'s are the
same.

Dave Schulz,
Email: dschulz@dpsciences.com

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Luis Rueda
Sent: Sunday, April 30, 2006 4:09 PM
To: Michael; ccielab
Subject: RE: NTP authentication

If you mean like OSPF that you have to use the same number on both ? I'm
pretty sure not. I have used them with different numbers and they all
work.

Diferent numbers are supported because maybe you have different servers
with different passwords....

Hope it helps.

Luis

-----Mensaje original-----
De: nobody@groupstudy.com [mailto:nobody@groupstudy.com] En nombre de
Michael
Enviado el: Sunday, April 30, 2006 3:05 PM
Para: ccielab
Asunto: RE: NTP authentication

Hi Groupstudy,

Is there anyone that can please comment / help on this subject?

Thanks in advance,

Michael

  _____

From: Michael [mailto: mamiller2@comcast.net
<mailto:mamiller2@comcast.net> ]
Sent: Sunday, April 30, 2006 2:43 AM
To: ccielab (ccielab@groupstudy.com)
Subject: NTP authentication

Hey all~

Can anyone confirm that ntp key id numbers also need to be the same for
peers using md5 authentication? I have been experimenting with
different configurations and this all that seems to work.

P1R1-2511#show run | inc ntp

ntp authentication-key 1 md5 0941571D100812 7

ntp authentication-key 3 md5 00070155 7

ntp authenticate

ntp trusted-key 1

ntp trusted-key 3

ntp trusted-key 6

ntp clock-period 17180181

ntp peer 10.10.3.3 key 3

ntp peer 10.10.4.4 key 1

ntp peer 10.10.5.5 key 1

ntp peer 10.10.6.6 key 1

ntp peer 10.10.7.7 key 1

ntp peer 10.10.8.8 key 1

ntp peer 10.10.9.9 key 1

ntp server 66.90.78.182

P1R1-2511#

CR3#show run | inc ntp

ntp authentication-key 3 md5 104D1B4A 7

ntp authenticate

ntp trusted-key 3

ntp clock-period 17208479

ntp source Loopback0

ntp peer 10.10.1.1 key 3 prefer

CR3#

• Next message: Vincent Mashburn: "RE: voice"
• Previous message: Petr Lapukhov: "Re: NTP authentication"
• Maybe in reply to: Schulz, Dave: "RE: NTP authentication"
• Next in thread: Schulz, Dave: "RE: NTP authentication"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 01 2006 - 06:33:20 ART