Re: NTP HELP!!! Authentication breaking NTP!! from karim jamali on 2010-09-03 (Ccielab archives 09/2010)

From: karim jamali <karim.jamali_at_gmail.com>
Date: Fri, 3 Sep 2010 18:38:01 +0300

hi,

To check NTP authentication try the command show ntp associations [detail]

Regards,

On Fri, Sep 3, 2010 at 6:06 PM, Combatant 101 <combatant101_at_gmail.com>wrote:

> Perfect!
>
>
>
> It worked! I didn't realise you needed to specify the key as trusted to the
> NTP master!
>
>
>
> How do I verify that authentication is working? Show ntp status does not
> indicate if authentication is enabled or not (without doing debug commands)
>
>
>
> Thanks
>
>
>
> Sunny
>
>
>
> From: Juan Pablo Corrales [mailto:jp.corrales_at_gmail.com]
> Sent: 03 September 2010 15:08
> To: Combatant 101
> Subject: Re: NTP HELP!!! Authentication breaking NTP!!
>
>
>
> Hi Sunny,
>
> Try to add the following to R1:
>
> ntp authenticate
> ntp trusted-key 1
>
> That should do it.
>
> Regards,
>
> Juan
>
> On Fri, Sep 3, 2010 at 7:00 AM, Combatant 101 <combatant101_at_gmail.com>
> wrote:
>
> Hi Guys,
>
>
>
> If I set up NTP between R1 and R2 it works fine (verified by show ntp
> status)
>
>
>
> R1 is NTP MASTER 2
>
> R2 is NTP SERVER R1
>
>
>
> However, when I then introduce authentication, it no longer works!!!! Even
> after a reload!! ANY IDEAS???
>
>
>
> Note: Key is identical at both ends!
>
>
>
> R1
>
> ntp authentication-key 1 md5 143442061C113E39702C62 7
>
> ntp master 2
>
>
>
> R2
>
> ntp authentication-key 1 md5 0528560231595A1B4D0146 7
>
> ntp authenticate
>
> ntp trusted-key 1
>
> ntp server 10.0.9.1 key 1
>
>
>
> show ntp status
>
> Clock is unsynchronized, stratum 16, no reference clock
>
> nominal freq is 250.0000 Hz, actual freq is 250.0000 Hz, precision is 2**18
>
> reference time is D02B7567.BC07AC6A (13:23:51.734 UTC Fri Sep 3 2010)
>
> clock offset is -107.2163 msec, root delay is 76.55 msec
>
> root dispersion is 109.88 msec, peer dispersion is 2.40 msec
>
>
>
> DEBUG on R2
>
>
>
> .Sep 3 13:55:00.604: NTP: xmit packet to 10.0.9.1:
>
> .Sep 3 13:55:00.604: leap 3, mode 3, version 3, stratum 0, ppoll 64
>
> .Sep 3 13:55:00.604: rtdel 1399 (76.553), rtdsp 1C22 (109.894), refid
> 0A000901
>
> (10.0.9.1)
>
> .Sep 3 13:55:00.604: ref D02B7567.BC07AC6A (13:23:51.734 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.604: org D02B7C74.0D4E85E9 (13:53:56.051 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.604: rec D02B7C74.AED654A1 (13:53:56.682 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.604: xmt D02B7CB4.9AD24C22 (13:55:00.604 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.604: Authentication key 1
>
> .Sep 3 13:55:00.684: NTP: rcv packet from 10.0.9.1 to 10.0.5.1 on Vlan1:
>
> .Sep 3 13:55:00.684: leap 0, mode 4, version 3, stratum 2, ppoll 64
>
> .Sep 3 13:55:00.684: rtdel 0000 (0.000), rtdsp 0019 (0.381), refid
> 7F7F0101 (1
>
> 27.127.1.1)
>
> .Sep 3 13:55:00.684: ref D02B7CAB.EEB6365A (13:54:51.932 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.684: org D02B7CB4.9AD24C22 (13:55:00.604 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.684: rec D02B7CB4.0889592E (13:55:00.033 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.684: xmt D02B7CB4.08AC6A53 (13:55:00.033 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.684: inp D02B7CB4.AF3DD50F (13:55:00.684 UTC Fri Sep 3
> 2010)
>
> .Sep 3 13:55:00.684: Authentication key 0
>
>
>
>
>
> DEBUG on R1
>
>
>
> Sep 3 13:53:56.049: NTP message received from 10.0.5.1 on interface
> 'Vlan1'
> (10
>
> .0.9.1).
>
> Sep 3 13:53:56.049: NTP Core(DEBUG): ntp_receive: message received
>
> Sep 3 13:53:56.049: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next
> acti
>
> on is 3.
>
> Sep 3 13:53:56.049: NTP Core(DEBUG): ntp_receive: doing fast answer to
> client.
>
> Sep 3 13:53:56.049: NTP message sent to 10.0.5.1, from interface 'Vlan1'
> (10.0.
>
> 9.1).
>
> carrylift_computrad#
>
> carrylift_computrad#
>
> Sep 3 13:55:00.029: NTP message received from 10.0.5.1 on interface
> 'Vlan1'
> (10
>
> .0.9.1).
>
> Sep 3 13:55:00.033: NTP Core(DEBUG): ntp_receive: message received
>
> Sep 3 13:55:00.033: NTP Core(DEBUG): ntp_receive: peer is 0x00000000, next
> acti
>
> on is 3.
>
> Sep 3 13:55:00.033: NTP Core(DEBUG): ntp_receive: doing fast answer to
> client.
>
> Sep 3 13:55:00.033: NTP message sent to 10.0.5.1, from interface 'Vlan1'
> (10.0.
>
> 9.1).
>
>
>
> Thanks
>
>
>
> Sunny
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
>

-- 
KJ
Blogs and organic groups at http://www.ccie.net

Received on Fri Sep 03 2010 - 18:38:01 ART

This archive was generated by hypermail 2.2.0 : Fri Oct 01 2010 - 05:58:05 ART