Re: NTP Server

From: Eric Brouwers (EricBrouwers@vodafone.nl)
Date: Fri Jan 02 2009 - 16:05:02 ARST

• Next message: Dayaa Al Zoubi: "Re: 2 X 3550, 2 X 3560 switches and 3 X 3640 routers available"
• Previous message: Ronnie Angello: "Re: Gold Partner and Dual CCIE"
• Maybe in reply to: Ed Man: "NTP Server"
• Next in thread: Mr.M: "Re: NTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 Ed,

Note that client authenticates server. ntp trusted-key statement is only
needed on client. Server side only needs the ntp authentication-key.
Check out this link:
http://www.internetworkexpert.com/resources/ntp-authentication.htm

It shows following example:

Server:

ntp master 1
ntp authentication-key 1 md5 CISCO

Client:

ntp authenticate
ntp authentication-key 1 md5 CISCO
ntp trusted-key 1
ntp server 12.0.0.1 key 1

Eric Brouwers

Radioactive Frog wrote:

  Hi Ed,
  'ntp trusted-key 1' is to tell router which key is valid for NTP
  authentication.
  Mind you, ntp server will still be syncing time with other non-authenticated
  clients. e.g. client not configured to use authentication with server.
  The only way to do that is to apply ACL.
  
  HTH
  -Frog
  CCIE voice#21569

  On Sat, Jan 3, 2009 at 12:10 AM, Ed Man <networkexpert08@gmail.com> wrote:

    Hi Group,
    
    Got confused when labbing with NTP...
    
    Server:
    ntp authentication-key 1 md5 CISCO 0
    ntp trusted-key 1
    ntp master 4
    
    Client:
    ntp authentication-key 1 md5 032772382520 7
    ntp authenticate
    ntp clock-period 17179828
    ntp server 1.1.1.1 key 1

    If "ntp trusted-key 1" is removed from server, client can synchronized with
    server.
    
    My question is that do we really need server to have "ntp trusted-key 1"
    configured.
    
    Thanks
    Ed.

    Blogs and organic groups at http://www.ccie.net
    _______________________________________________________________________
    Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

  Blogs and organic groups at http://www.ccie.net
  _______________________________________________________________________
  Subscription information may be found at: http://www.groupstudy.com/list/CCIELab.html

  --------------------------------------------------------------------

  No virus found in this incoming message.
  Checked by AVG - http://www.avg.com
  Version: 8.0.176 / Virus Database: 270.10.2/1871 - Release Date: 1-1-2009 17:01

Blogs and organic groups at http://www.ccie.net

• Next message: Dayaa Al Zoubi: "Re: 2 X 3550, 2 X 3560 switches and 3 X 3640 routers available"
• Previous message: Ronnie Angello: "Re: Gold Partner and Dual CCIE"
• Maybe in reply to: Ed Man: "NTP Server"
• Next in thread: Mr.M: "Re: NTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST