From: Petr Lapukhov (petr@internetworkexpert.com)
Date: Thu Mar 15 2007 - 10:39:48 ART
Simply put - NTP key number (on either sending or receiving side) is used as
index to look up the local key table. Bear in mind that NTP packet carries
key number along with computed hash value.
When a router receives a packet with key number 10, a local key table
defined
with "ntp authentication-key x" is looked up to find a match (key number
10),
and the matched key is used to verify the integrity of the packet.
However, since the same number is used on the sending side to look up
the local key table for auth key, key numbers must match in result.
This is because you can not specify "local" and "remote" key number
separately.
HTH
-- Petr Lapukhov, CCIE #16379 (R&S/Security) petr@internetworkexpert.comInternetwork Expert, Inc. http://www.InternetworkExpert.com
2007/3/14, Bit Gossip <bit.gossip@chello.nl>: > > Hi group, > it seems to me that 2 ntp peers which are authenticated will not become > sane > and valid unless they use the same key number besides the key itself. This > in > all the following commands: > ntp authentication-key 4 md5 062526126F61 7 > ntp trusted-key 4 > ntp server 204.12.1.254 key 4 > > Is it correct? Or is it possible to use different key numbers on the 2 > sides? > > Thanks, > Luca. > > _______________________________________________________________________ > Subscription information may be found at: > http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART