From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Mon Sep 04 2006 - 01:20:59 ART
Hi Angelo,
with "ntp server x.x.x.x key x" "poll" means that client is actively sending
queries
to server, encapsulating key number in NTP packets, and uses response
packets
to sync local clock. However, client does not try to sync server, so this is
a classic
"client/server" mode.
HTH
4 Sep 2006 08:49:00 +0800, Angelo De Guzman <
a.deguzman@wesolv.ph.fujitsu.com>:
>
> Hi Petr,
>
> "and "ntp server x.x.x.x key x" if you poll NTP server."
>
> When you say poll the NTP Server what exactly do you mean? Sorry got
> lost
> here.
> TIA,
> Angelo
>
> Petr Lapukhov (9/3/06 10:32 PM):
> >
> >The idea of NTP authentication is to validate packets that may change our
> >local clock.
> >
> >Let's say a router receives an NTP packet (a poll response or a
> broadcast),
> >and it would like to use it to change it's local clock.
> >
> >If "NTP authenticate" is enabled, a key number is extracted from packet.
> >Router lookups local key with the *same* number, and if the key is
> "trusted"
> >it
> >hashes incoming packet using this key. If checksums match, packet is
> used
> >for synchronization.
> >
> >Now you need to set up keys with appropriate numbers on server, but you
> >don't
> >need to turn on "ntp authenticate" here, since servers' clock never
> change.
> >
> >If you broadcast NTP packets, you may put a specified key with :
> >"ntp broadcast key x".
> >
> >If you poll your server, you specify key number to send to server with
> >"ntp server ... key x". Server uses this key number to select correct
> >responce key.
> >
> >So with server you need to set up only "ntp authentication-key x md5
> YYYY"
> >and/or "ntp broadcast key x" if you broadcast.
> >
> >With client (either polling or broadcast) you need to configure
> >
> >ntp authenticate
> >ntp authentication-key x md5 YYYY
> >ntp trusted-key x
> >
> >and "ntp server x.x.x.x key x" if you poll NTP server.
> >
> >With NTP peers, you need to configure "ntp trusted-keys" , "ntp
> >authenticate"
> >on both sides, since both sides sync each other's clocks. Also put a
> command
> >"ntp peer x.x.x.x key x" at least on one side to choose key number.
> >
> >HTH
> >
> >
> >2006/9/3, Stefan Grey <examplebrain@hotmail.com>:
> >>
> >> Hello guys,
> >> I have configured very much and have seen the solutions and read many
> >> material but it still remains unclear for me what are the exect
> commands
> >> to
> >> configure NTP authentication.
> >>
> >> Well R2 is the NTP master. On R3 is configured (ntp server R2). And R1
> is
> >> synchronized using ntp broadcast client (respectively ntp broadcast
> >> command
> >> on R2). What command are really needed on R1,R2,R3 for the NTP
> >> authentication??
> >> Thanks to everybody for explanations.... It seems I can't understand it
> >> clearly for a long time
> >> R1-R2-R3
> >>
> >> _________________________________________________________________
> >> Find a baby-sitter FAST with MSN Search! http://search.msn.ie/
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >>
> >
> >
> >
> >--
> >Petr Lapukhov, CCIE #16379
> >petr@internetworkexpert.com
> >
> >Internetwork Expert, Inc.
> >http://www.InternetworkExpert.com
> >Toll Free: 877-224-8987
> >Outside US: 775-826-4344
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >***********************
> >No virus was detected in the attachment no filename
> >
> >Your mail has been scanned by InterScan MSS.
> >***********-***********
> >
>
>
>
> ***********************
> No virus was detected in the attachment no filename
>
> Your mail has been scanned by InterScan MSS.
> ***********-***********
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART