Re: NTP Trusted Key

From: Gary Duncanson (gary.duncanson@googlemail.com)
Date: Wed Nov 14 2007 - 13:56:29 ART

• Next message: Muhammad Saleem: "RE: Two default gateway (IP Route ..)"
• Previous message: mike jones: "RE: VTP Pruning vs. Allowed Vlan"
• Maybe in reply to: Gregory Gombas: "NTP Trusted Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I imagine the reasons may be buried in the mechanics of the RFCs for NTP and
IGP/BGP auth.

Here's NTP skinny

http://www.oreilly.com/catalog/hardcisco/chapter/ch10.html

HTH
Gaz

----- Original Message -----
From: "Gregory Gombas" <ggombas@gmail.com>
To: "Gary Duncanson" <gary.duncanson@googlemail.com>
Cc: <ccielab@groupstudy.com>
Sent: Wednesday, November 14, 2007 4:37 PM
Subject: Re: NTP Trusted Key

> Thanks, I think I have a better understanding now...I guess if you
> have keys lying around that are inactive you can remove them from
> trusted status. But I'm wondering why there is no analogy to other
> authentication methods:
>
> ip rip authentication mode md5
> ip rip authenticaion key-chain 1
> ip rip trusted-key 1 <-no such thing
>
> or
> router bgp 200
> neighbor 1.1.1.1 password CISCO
> bgp trusted password CISCO <-no such thing
>
> See my point?
>
> On Nov 14, 2007 11:28 AM, Gary Duncanson <gary.duncanson@googlemail.com>
> wrote:
>> 1.. Enable NTP authentication with the ntp authenticate command.
>>
>> 2.. Define an NTP authentication key with the ntp authentication-key
>> command. A unique number identifies each NTP key. This number is the
>> first
>> argument to the ntp authentication-key command.
>>
>> 3.. Use the ntp trusted-key command to tell the router which keys are
>> valid for authentication. The ntp trusted-key command's only argument is
>> the
>> number of the key defined in the previous step
>> If your external NTP servers require authentication, you need to
>> configure
>> your router to use authentication when contacting those servers. To do
>> this,
>> perform the same steps listed previously to add an NTP authentication
>> key;
>> then use the ntp server command with the key argument to tell the router
>> what key to use when authenticating with the NTP server:
>>
>>
>>
>> HTH
>>
>> Gary
>>
>>
>>
>> ----- Original Message -----
>> From: "Gregory Gombas" <ggombas@gmail.com>
>> To: "Cisco certification" <ccielab@groupstudy.com>
>> Sent: Wednesday, November 14, 2007 3:33 PM
>> Subject: NTP Trusted Key
>>
>>
>> > Can someone please explain what the trusted key is for? It seems like
>> > a redundant command:
>> >
>> > Server:
>> > R1(config)#ntp master 1
>> > R1(config)#ntp authentication-key 1 md5 CISCO
>> >
>> > Client:
>> > R2(config)#ntp authenticate <-- enables authentication of the server
>> > R2(config)#ntp authentication-key 1 md5 CISCO <-- Defines a key
>> > R2(config)#ntp trusted-key 1 <-- What the hell does this do?
>> > R2(config)#ntp server 12.0.0.1 key 1 <-- Binds the key to the server
>> >
>> > Thanks,
>> > Greg
>> >
>>
>> > _______________________________________________________________________
>> > Subscription information may be found at:
>> > http://www.groupstudy.com/list/CCIELab.html

• Next message: Muhammad Saleem: "RE: Two default gateway (IP Route ..)"
• Previous message: mike jones: "RE: VTP Pruning vs. Allowed Vlan"
• Maybe in reply to: Gregory Gombas: "NTP Trusted Key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:29 ART