Re: NTP Server

From: Jason Madsen (madsen.jason@gmail.com)
Date: Sun Jan 04 2009 - 06:15:36 ARST

• Next message: Jason Madsen: "Re: NTP Server"
• Previous message: Dale Shaw: "Re: NTP Server"
• Maybe in reply to: Ed Man: "NTP Server"
• Next in thread: Jason Madsen: "Re: NTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi Dale,

With NTP Authentication it's best to remember that the client is the one
with the authentication requirement of the server and not the other way
around. On the client you can specify multiple authentication keys. It's
the trusted key statement that specifies which of your authentication keys
to use...not really sure why you'd want to have multiple keys listed just to
"use" / trust one of them though unless it helps facilitate a more seamless
key change.

Jason

On Sun, Jan 4, 2009 at 12:59 AM, Dale Shaw <dale.shaw@gmail.com> wrote:

> Hi,
>
> On Sun, Jan 4, 2009 at 1:38 PM, Jared Scrivener <jscrivener@ipexpert.com>
> wrote:
> > Nope. For what you want to do, you need:
> >
> *snip*
>
> Hmm.. At first, I interpreted this description of 'ntp trusted-key' (a
> NTP-process level command, not per-peer/server) to mean that an IOS
> NTP client configured for authentication requires that all of its time
> sources present the same key -- i.e. every time source must be
> configured with the same key as the client, and that once client-side
> authentication enabled, all time sources must offer up a key.
>
> Then I realised you can enter multiple "trusted-key" commands.
>
> *phew*
>
> What's not clear to me, is why the 'trusted-key' command is required
> at all. Surely, like routing protocol authentication, as long as the
> NTP peers (client, server, peer, whatever) have matching keys, the
> light should turn green. I don't see what value 'trusted-key' provdes.
> Anyone?
>
> Lastly, am I the only one that thinks the documentation of the NTP
> implementation in IOS leaves a LOT to be desired?
>
> cheers,
> Dale
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Jason Madsen: "Re: NTP Server"
• Previous message: Dale Shaw: "Re: NTP Server"
• Maybe in reply to: Ed Man: "NTP Server"
• Next in thread: Jason Madsen: "Re: NTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST