> On Fri, Dec 9, 2011 at 10:20 AM, Cisco certification <
> ccielab_at_groupstudy.com> wrote:
>
>> Hi,
>>
>> You have tried to post to a GroupStudy.com certification mailing list.
>> Because
>> the server does not recognize you as a confirmed poster, you will be
>> required
>> to authenticate that you are using a valid e-mail address and are not a
>> spammer. By confirming this e-mail you certify that you are not sending
>> Unsolicited Bulk Email (UBE).
>>
>> PLEASE DO NOT SEND YOUR ORIGINAL MESSAGE AGAIN! BY CONFIRMING THIS EMAIL
>> YOUR ORIGINAL MESSAGE (WHICH IS NOW QUEUED IN THE SERVER) WILL BE POSTED.
>>
>>
>> By confirming this e-mail you also certify the following:
>>
>> 1. The message does NOT break Cisco's Non-Disclosure requirements.
>>
>> 2. The message is NOT designed to advertise a commercial product.
>>
>> 3. You understand all postings become property of GroupStudy.com
>>
>> 4. You have searched the archives prior to posting.
>>
>> 5. The message is NOT inflammatory.
>>
>> 6. The message is NOT a test message.
>>
>> To confirm, simply reply to this message. No editing is necessary. Once
>> confirmed, you will be able to post without additional confirmations.
>>
>>
>> Welcome to GroupStudy.com!
>>
>>
>> First time posters to GroupStudy.com are required to agree to the
>> GroupStudy terms and conditions.
>> Replying to this email, certifies you have read and agree to the
>> GroupStudy posting guidelines and terms and conditions.
>>
>> --- Original Message Follows ---
>>
>> Date: Fri, 9 Dec 2011 10:20:35 -0500
>> Subject: NTP authentication question
>> From: David Johnson <dmjohnson.intl_at_gmail.com>
>> To: ccielab_at_groupstudy.com
>>
>> Hi Experts
>> I'm sure this has been asked before, but I couldn't find it. I am looking
>> at NTP authentication and trying to figure out what the individual
>> commands
>> do.
>>
>> *Here is what I know:*
>> -<ntp trusted-key *id*> only has to be on the authenticating device
>> (usually the client). If it is configured on the server, or a device
>> without a configured <ntp server *ip-addr*> command, it will not affect
>> authentication of any clients. The same goes for <ntp authenticate>
>> command
>> on servers.
>> -Without the key *id* option in <ntp server *ip-addr*>, output from <show
>> ntp association detail> does not say authenticated. That is true
>> regardless of <ntp authenticate> command configured or not. From this, I
>> gather <ntp server *ip-addr* key *id*> is needed for authentication, along
>> with <ntp authenticate>.
>> -<ntp server *ip-addr* key *id*>, the key id must be included in the <ntp
>> trusted-key *id*> command, else the NTP peer will not authenticate. You
>> can have multiple ntp trusted keys as long as they match the server keys
>> and include the key id configured in ntp server command.
>>
>> *Here is what I do not know:*
>> -What does <ntp trusted-key *id*> command provide that <ntp server
>> *ip-addr*key
>> *id*> does not? While it is undoubtedly necessary for NTP authentication,
>> I do not see why the command is necessary in providing information the
>> other command does not.
>> -<ntp authenticate> command is only necessary for the clients, yes? If I
>> wanted the server to authenticate the clients, how would I go about doing
>> that?
>> -If NTP authentication only occurs with <ntp authenticate>, <ntp
>> trusted-key *id*> and <ntp server ip-addr key id>, why does Cisco make the
>> extra commands required? Why not just use the <ntp server *ip-addr* key
>> *id
>> *> command?
>>
>>
>> I have looked this up in books and online, but cannot find the granularity
>> of answers I am looking for. I'm sure there are a host of mistakes in my
>> assumptions, if you could straighten me out, I would appreciate it.
>>
>> *Testing Information:*
>> Below is my configuration, I tried to make it basic, the routers are
>> directly connected, and connectivity is fine:
>> (C2691-ADVENTERPRISEK9_SNA-M), Version 12.4(13b)
>>
>> ---------------------------------------------------------------------------------------
>> *R2 Configuration v1 -- Client (without key command in ntp server ip)*
>> ntp authentication-key 1 md5 021201481F575F 7
>> ntp authenticate
>> ntp trusted-key 1
>> ntp clock-period 17179896
>> ntp server 6.6.6.6
>>
>> (Original message truncated)
Blogs and organic groups at http://www.ccie.net
Received on Fri Dec 09 2011 - 13:40:13 ART
This archive was generated by hypermail 2.2.0 : Sun Jan 01 2012 - 08:27:00 ART