From: Angelo De Guzman (a.deguzman@wesolv.ph.fujitsu.com)
Date: Mon Sep 04 2006 - 01:39:00 ART
Hi Petr, Thanks for your reply. Got it this time.
Petr Lapukhov (9/4/06 12:20 PM):
>
>Hi Angelo,
>
>with "ntp server x.x.x.x key x" "poll" means that client is actively sending
>queries
>to server, encapsulating key number in NTP packets, and uses response
>packets
>to sync local clock. However, client does not try to sync server, so this is
>a classic
>"client/server" mode.
>
>HTH
>
>4 Sep 2006 08:49:00 +0800, Angelo De Guzman <
>a.deguzman@wesolv.ph.fujitsu.com>:
>>
>> Hi Petr,
>>
>> "and "ntp server x.x.x.x key x" if you poll NTP server."
>>
>> When you say poll the NTP Server what exactly do you mean? Sorry got
>> lost
>> here.
>> TIA,
>> Angelo
>>
>> Petr Lapukhov (9/3/06 10:32 PM):
>> >
>> >The idea of NTP authentication is to validate packets that may change our
>> >local clock.
>> >
>> >Let's say a router receives an NTP packet (a poll response or a
>> broadcast),
>> >and it would like to use it to change it's local clock.
>> >
>> >If "NTP authenticate" is enabled, a key number is extracted from packet.
>> >Router lookups local key with the *same* number, and if the key is
>> "trusted"
>> >it
>> >hashes incoming packet using this key. If checksums match, packet is
>> used
>> >for synchronization.
>> >
>> >Now you need to set up keys with appropriate numbers on server, but you
>> >don't
>> >need to turn on "ntp authenticate" here, since servers' clock never
>> change.
>> >
>> >If you broadcast NTP packets, you may put a specified key with :
>> >"ntp broadcast key x".
>> >
>> >If you poll your server, you specify key number to send to server with
>> >"ntp server ... key x". Server uses this key number to select correct
>> >responce key.
>> >
>> >So with server you need to set up only "ntp authentication-key x md5
>> YYYY"
>> >and/or "ntp broadcast key x" if you broadcast.
>> >
>> >With client (either polling or broadcast) you need to configure
>> >
>> >ntp authenticate
>> >ntp authentication-key x md5 YYYY
>> >ntp trusted-key x
>> >
>> >and "ntp server x.x.x.x key x" if you poll NTP server.
>> >
>> >With NTP peers, you need to configure "ntp trusted-keys" , "ntp
>> >authenticate"
>> >on both sides, since both sides sync each other's clocks. Also put a
>> command
>> >"ntp peer x.x.x.x key x" at least on one side to choose key number.
>> >
>> >HTH
>> >
>> >
>> >2006/9/3, Stefan Grey <examplebrain@hotmail.com>:
>> >>
>> >> Hello guys,
>> >> I have configured very much and have seen the solutions and read many
>> >> material but it still remains unclear for me what are the exect
>> commands
>> >> to
>> >> configure NTP authentication.
>> >>
>> >> Well R2 is the NTP master. On R3 is configured (ntp server R2). And R1
>> is
>> >> synchronized using ntp broadcast client (respectively ntp broadcast
>> >> command
>> >> on R2). What command are really needed on R1,R2,R3 for the NTP
>> >> authentication??
>> >> Thanks to everybody for explanations.... It seems I can't understand it
>> >> clearly for a long time
>> >> R1-R2-R3
>> >>
>> >> _________________________________________________________________
>> >> Find a baby-sitter FAST with MSN Search! http://search.msn.ie/
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >>
>> >
>> >
>> >
>> >--
>> >Petr Lapukhov, CCIE #16379
>> >petr@internetworkexpert.com
>> >
>> >Internetwork Expert, Inc.
>> >http://www.InternetworkExpert.com
>> >Toll Free: 877-224-8987
>> >Outside US: 775-826-4344
>> >
>> >_______________________________________________________________________
>> >Subscription information may be found at:
>> >http://www.groupstudy.com/list/CCIELab.html
>> >
>> >***********************
>> >No virus was detected in the attachment no filename
>> >
>> >Your mail has been scanned by InterScan MSS.
>> >***********-***********
>> >
>>
>>
>>
>> ***********************
>> No virus was detected in the attachment no filename
>>
>> Your mail has been scanned by InterScan MSS.
>> ***********-***********
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>
>
>
>--
>Petr Lapukhov, CCIE #16379
>petr@internetworkexpert.com
>
>Internetwork Expert, Inc.
>http://www.InternetworkExpert.com
>Toll Free: 877-224-8987
>Outside US: 775-826-4344
>
>
>***********************
>No virus was detected in the attachment no filename
>No virus was detected in the attachment no filename
>
>Your mail has been scanned by InterScan MSS.
>***********-***********
>
***********************
No virus was detected in the attachment no filename
Your mail has been scanned by InterScan MSS.
***********-***********
This archive was generated by hypermail 2.1.4 : Sun Oct 01 2006 - 16:55:39 ART