From: RoRo (cisconetman@gmail.com)
Date: Sat May 17 2008 - 17:50:17 ART
you need to do ntp authenticate on the client, otherwise you are not
authenticating and yes, you will then need to trust the key at that point.
On 5/17/08, keith tokash <ktokash@hotmail.com> wrote:
>
> Hi all, quick question. I keep seeing the "ntp trusted-key 1" command as a
> requirement on the client for NTP authentication to work. However I didn't
> apply it and my authentication is working just fine.
>
> SERVER
> R6(config)#do sh run | i ntp
> ntp authentication-key 666 md5 1531223F2705 7
> ntp master 5
>
> CLIENT
> R3(config)#do sh run | i ntp
> ntp authentication-key 666 md5 0802657D2A36 7
> ntp server 6.6.6.6 key 666
>
> R3#sh ntp st
> Clock is synchronized, stratum 6, reference is 6.6.6.6
>
> R3#sh ntp a d
> 6.6.6.6 configured, authenticated, our_master, sane, valid, stratum 5
>
> As you can see, R3 is showing R6 as an *authenticated* time source. What
> am I
> missing here? Did the IOS behavior change or is there some nuance that I'm
> glossing over? I searched the archives, checked two vendors' answers,
> checked
> the DocCD, and found the config in Doyle. They all list that command as
> required, but ... I'm confused.
>
> With a few exceptions, secrecy is deeply incompatible with democracy and
> with
> science.
> --Carl Sagan
> _________________________________________________________________
> Give to a good cause with every e-mail. Join the i m Initiative from
> Microsoft.
> http://im.live.com/Messenger/IM/Join/Default.aspx?souce=EML_WL_ GoodCause
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2008 - 06:59:17 ART