From: Ivan (ivan@iip.net)
Date: Fri Nov 24 2006 - 20:37:23 ART
The difference is client config. This thread was born for this difference.
ntp server 155.1.0.5
ntp server 155.1.0.5 key 1
On Saturday 25 November 2006 02:01, Daniel Kutchin wrote:
> Hmmm...
> Hold on, Petr, what are you talking about? The configs for case 1 and case
> 2 look identical. Only the outputs line 1 show a difference (our_master vs
> authenticated, our_master) which I couldn't replicate.
>
> Oh, I didn't smoke anything!
>
>
> Daniel
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Petr Lapukhov
> Sent: Mittwoch, 22. November 2006 17:17
> To: Scott Morris
> Cc: Lab Rat #109385382; Cisco certification; security@groupstudy.com
> Subject: Re: NTP Question
>
> Scott, i have specifically verified this one...
>
> Case1: ================
>
> Client:
>
> ntp authentication-key 1 md5 cisco
> ntp authenticate
> ntp trusted-key 1
> ntp server 155.1.0.5
>
> Server:
>
> ntp authentication-key 1 md5 cisco
> ntp master
>
> Output:
>
> R4#show ntp associations detail
> 155.1.0.5 configured, our_master, sane, valid, stratum 8 ref ID
> 127.127.7.1, time C909C4D7.7FEE184D (17:43:51.499 UTC Sat Nov 18
> 2006)
> our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
> root delay 0.00 msec, root disp 0.03, reach 377, sync dist 24.597 delay
> 48.42 msec, offset -0.3627 msec, dispersion 0.37 precision 2**18, version 3
> org time C909C4E6.B3C2F6FD (17:44:06.702 UTC Sat Nov 18 2006) rcv time
> C909C4E6.BA0DAD26 (17:44:06.726 UTC Sat Nov 18 2006) xmt time
> C909C4E6.ADA44A58 (17:44:06.678 UTC Sat Nov 18 2006)
> filtdelay = 48.42 48.13 48.00 48.74 48.61 62.99 48.16
> 48.11 filtoffset = -0.36 -0.06 -0.06 -0.41 0.25 -7.47 -0.18
> 0.02 filterror = 0.02 0.99 1.01 1.02 1.04 1.05 1.07
> 1.08
>
> Case2: ==================
>
> ntp authentication-key 1 md5 cisco
> ntp authenticate
> ntp trusted-key 1
> ntp server 155.1.0.5 key 1
>
> Server:
>
> ntp authentication-key 1 md5 cisco
> ntp master
>
> Output:
>
> R4#show ntp associations detail
> 155.1.0.5 configured, authenticated, our_master, sane, valid, stratum 8 ref
> ID 127.127.7.1, time C909C517.7FFCC37E (17:44:55.499 UTC Sat Nov 18
> 2006)
> our mode client, peer mode server, our poll intvl 64, peer poll intvl 64
> root delay 0.00 msec, root disp 0.03, reach 377, sync dist 25.650 delay
> 48.42 msec, offset -0.3627 msec, dispersion 1.42 precision 2**18, version 3
> org time C909C526.B4F98FCC (17:45:10.706 UTC Sat Nov 18 2006) rcv time
> C909C526.BCB04F6B (17:45:10.737 UTC Sat Nov 18 2006) xmt time
> C909C526.ADAA32CE (17:45:10.678 UTC Sat Nov 18 2006)
> filtdelay = 58.38 48.42 48.13 48.00 48.74 48.61 62.99
> 48.16 filtoffset = -0.94 -0.36 -0.06 -0.06 -0.41 0.25 -7.47
> -0.18 filterror = 0.02 0.99 1.97 1.98 2.00 2.01 2.03
> 2.04
>
> 2006/11/22, Scott Morris <swm@emanon.com>:
> > The parameter is designed for if you have more than one key/server
> > configured. If you only have one, mentioning the key on the ntp
> > server line is not necessary.
> >
> >
> > Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713,
> > JNCIE #153, CISSP, et al.
> > CCSI/JNCI-M/JNCI-J
> > IPExpert VP - Curriculum Development
> > IPExpert Sr. Technical Instructor
> > smorris@ipexpert.com
> > http://www.ipexpert.com
> >
> >
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of Lab Rat #109385382
> > Sent: Wednesday, November 22, 2006 4:26 AM
> > To: 'Petr Lapukhov'
> > Cc: Cisco certification; security@groupstudy.com
> > Subject: RE: NTP Question
> >
> > Petr.not sure about that. I've labbed up both ways and they both work
> > (with only one key configured). Maybe I didn't wait long enough, but
> > NTP was sync'd in both scenarios.
> >
> >
> >
> >
> >
> > From: petrsoft@gmail.com [mailto:petrsoft@gmail.com] On Behalf Of Petr
> > Lapukhov
> > Sent: Wednesday, November 22, 2006 12:56 AM
> > To: Lab Rat #109385382
> > Cc: Cisco certification; security@groupstudy.com
> > Subject: Re: NTP Question
> >
> >
> >
> > You definitely need "ntp server x.x.x.x key y" in order to let your
> > router know, what key to use when polling the NTP server. This is
> > because you may have many keys configured on the same router, and use
> > different keys for different servers.
> >
> > 2006/11/22, Lab Rat #109385382 <techlist01@gmail.com>:
> >
> > I have seen two different configurations by a from leading training
> > vendors.
> >
> > If you have the following commands set:
> >
> >
> > ntp authenticate
> > ntp authentication-key 1 md5 PASSWORD
> > ntp trusted-key 1
> >
> >
> > do you need the following command:
> >
> >
> > ntp server x.x.x.x key 1
> >
> >
> > I have seen the solution stated as such:
> >
> >
> > ntp server x.x.x.x
> >
> >
> > Thanks,
> >
> > Ed
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> > --
> > Petr Lapukhov, CCIE #16379
> > petr@internetworkexpert.com
> >
> > Internetwork Expert, Inc.
> > http://www.InternetworkExpert.com
> > Toll Free: 877-224-8987
> > Outside US: 775-826-4344
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > ______________________________________________________________________
> > _ Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> --
> Petr Lapukhov, CCIE #16379
> petr@internetworkexpert.com
>
> Internetwork Expert, Inc.
> http://www.InternetworkExpert.com
> Toll Free: 877-224-8987
> Outside US: 775-826-4344
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
-- Ivan
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:48 ART