From: Daniel Kutchin (daniel@kutchin.com)
Date: Fri Nov 24 2006 - 20:01:24 ART
Hmmm...
Hold on, Petr, what are you talking about? The configs for case 1 and case 2
look identical. Only the outputs line 1 show a difference (our_master vs
authenticated, our_master) which I couldn't replicate.
Oh, I didn't smoke anything!
Daniel
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Petr
Lapukhov
Sent: Mittwoch, 22. November 2006 17:17
To: Scott Morris
Cc: Lab Rat #109385382; Cisco certification; security@groupstudy.com
Subject: Re: NTP Question
Scott, i have specifically verified this one...
Case1: ================
Client:
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp server 155.1.0.5
Server:
ntp authentication-key 1 md5 cisco
ntp master
Output:
R4#show ntp associations detail
155.1.0.5 configured, our_master, sane, valid, stratum 8 ref ID 127.127.7.1,
time C909C4D7.7FEE184D (17:43:51.499 UTC Sat Nov 18
2006)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 377, sync dist 24.597 delay
48.42 msec, offset -0.3627 msec, dispersion 0.37 precision 2**18, version 3
org time C909C4E6.B3C2F6FD (17:44:06.702 UTC Sat Nov 18 2006) rcv time
C909C4E6.BA0DAD26 (17:44:06.726 UTC Sat Nov 18 2006) xmt time
C909C4E6.ADA44A58 (17:44:06.678 UTC Sat Nov 18 2006)
filtdelay = 48.42 48.13 48.00 48.74 48.61 62.99 48.16 48.11
filtoffset = -0.36 -0.06 -0.06 -0.41 0.25 -7.47 -0.18 0.02
filterror = 0.02 0.99 1.01 1.02 1.04 1.05 1.07 1.08
Case2: ==================
ntp authentication-key 1 md5 cisco
ntp authenticate
ntp trusted-key 1
ntp server 155.1.0.5 key 1
Server:
ntp authentication-key 1 md5 cisco
ntp master
Output:
R4#show ntp associations detail
155.1.0.5 configured, authenticated, our_master, sane, valid, stratum 8 ref
ID 127.127.7.1, time C909C517.7FFCC37E (17:44:55.499 UTC Sat Nov 18
2006)
our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
root delay 0.00 msec, root disp 0.03, reach 377, sync dist 25.650 delay
48.42 msec, offset -0.3627 msec, dispersion 1.42 precision 2**18, version 3
org time C909C526.B4F98FCC (17:45:10.706 UTC Sat Nov 18 2006) rcv time
C909C526.BCB04F6B (17:45:10.737 UTC Sat Nov 18 2006) xmt time
C909C526.ADAA32CE (17:45:10.678 UTC Sat Nov 18 2006)
filtdelay = 58.38 48.42 48.13 48.00 48.74 48.61 62.99 48.16
filtoffset = -0.94 -0.36 -0.06 -0.06 -0.41 0.25 -7.47 -0.18
filterror = 0.02 0.99 1.97 1.98 2.00 2.01 2.03 2.04
2006/11/22, Scott Morris <swm@emanon.com>:
>
> The parameter is designed for if you have more than one key/server
> configured. If you only have one, mentioning the key on the ntp
> server line is not necessary.
>
>
> Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> JNCIE #153, CISSP, et al.
> CCSI/JNCI-M/JNCI-J
> IPExpert VP - Curriculum Development
> IPExpert Sr. Technical Instructor
> smorris@ipexpert.com
> http://www.ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> Of Lab Rat #109385382
> Sent: Wednesday, November 22, 2006 4:26 AM
> To: 'Petr Lapukhov'
> Cc: Cisco certification; security@groupstudy.com
> Subject: RE: NTP Question
>
> Petr.not sure about that. I've labbed up both ways and they both work
> (with only one key configured). Maybe I didn't wait long enough, but
> NTP was sync'd in both scenarios.
>
>
>
>
>
> From: petrsoft@gmail.com [mailto:petrsoft@gmail.com] On Behalf Of Petr
> Lapukhov
> Sent: Wednesday, November 22, 2006 12:56 AM
> To: Lab Rat #109385382
> Cc: Cisco certification; security@groupstudy.com
> Subject: Re: NTP Question
>
>
>
> You definitely need "ntp server x.x.x.x key y" in order to let your
> router know, what key to use when polling the NTP server. This is
> because you may have many keys configured on the same router, and use
> different keys for different servers.
>
> 2006/11/22, Lab Rat #109385382 <techlist01@gmail.com>:
>
> I have seen two different configurations by a from leading training
> vendors.
>
> If you have the following commands set:
>
>
> ntp authenticate
> ntp authentication-key 1 md5 PASSWORD
> ntp trusted-key 1
>
>
> do you need the following command:
>
>
> ntp server x.x.x.x key 1
>
>
> I have seen the solution stated as such:
>
>
> ntp server x.x.x.x
>
>
> Thanks,
>
> Ed
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
> --
> Petr Lapukhov, CCIE #16379
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _ Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Petr Lapukhov, CCIE #16379 petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com Toll Free: 877-224-8987 Outside US: 775-826-4344
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART