From: Mr.M (mnoktes@gmail.com)
Date: Fri Jan 02 2009 - 18:28:08 ARST
Kewl....thanks for getting back. Just lab it up too..you are right.
----- Original Message -----
From: John Edom
To: Jared Scrivener
Cc: Mr.M ; Eric Brouwers ; GS ; Ed Man
Sent: Friday, January 02, 2009 3:17 PM
Subject: Re: NTP Server
Yes, AFAIK, client authenticate server is it valid ntp server so client will
use trusted-key to verify server...
Regards
On Fri, Jan 2, 2009 at 11:58 PM, Jared Scrivener <jscrivener@ipexpert.com>
wrote:
Hey Guys,
Eric is right on this one (as is the IE blog). The NTP trusted-key
command
is only needed on an NTP client to specify which server's NTP packets to
trust based on their NTP key.
http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_10.html#
wp1
015038
Cheers,
Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mr.M
Sent: Friday, 2 January 2009 2:39 PM
To: Eric Brouwers; GS
Cc: Ed Man
Subject: Re: NTP Server
Eric,
I don't know if that is correct statement. Please refer to cisco website
below and look at step 4.
http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdmhelp/5
_0p
rocs/conf-ips/ntpserv.htm
Also I dont' see from internetworkexpert states that this command using
only
on client. From what i understand, if you have more than one key on
server,
then you can use this command to specific the one you want.
Cheers,
Monty
----- Original Message -----
From: "Eric Brouwers" <EricBrouwers@vodafone.nl>
To: "GS" <ccielab@groupstudy.com>
Cc: "Ed Man" <networkexpert08@gmail.com>
Sent: Friday, January 02, 2009 1:05 PM
Subject: Re: NTP Server
> Ed,
>
> Note that client authenticates server. ntp trusted-key statement is
only
> needed on client. Server side only needs the ntp authentication-key.
> Check out this link:
> http://www.internetworkexpert.com/resources/ntp-authentication.htm
>
> It shows following example:
>
> Server:
>
> ntp master 1
> ntp authentication-key 1 md5 CISCO
>
> Client:
>
> ntp authenticate
> ntp authentication-key 1 md5 CISCO
> ntp trusted-key 1
> ntp server 12.0.0.1 key 1
>
> Eric Brouwers
>
> Radioactive Frog wrote:
>
> Hi Ed,
> 'ntp trusted-key 1' is to tell router which key is valid for NTP
> authentication.
> Mind you, ntp server will still be syncing time with other
> non-authenticated
> clients. e.g. client not configured to use authentication with server.
> The only way to do that is to apply ACL.
>
> HTH
> -Frog
> CCIE voice#21569
>
> On Sat, Jan 3, 2009 at 12:10 AM, Ed Man <networkexpert08@gmail.com>
> wrote:
>
> Hi Group,
>
> Got confused when labbing with NTP...
>
> Server:
> ntp authentication-key 1 md5 CISCO 0
> ntp trusted-key 1
> ntp master 4
>
> Client:
> ntp authentication-key 1 md5 032772382520 7
> ntp authenticate
> ntp clock-period 17179828
> ntp server 1.1.1.1 key 1
>
> If "ntp trusted-key 1" is removed from server, client can
synchronized
> with
> server.
>
> My question is that do we really need server to have "ntp
trusted-key
> 1"
> configured.
>
> Thanks
> Ed.
>
> Blogs and organic groups at http://www.ccie.net
>
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST