NTP authentication

August 6, 2008 at 6:06 pm | Posted in Blogroll, IP Services | Leave a comment

Server tell clients about the time

Clients authenticate the server (i.e. to validate trusted source). Clients do not tell server of the keys, authentication. So server does not need to authenticate clients. As the result, we only see ntp authenticate command on the client side.

Here’re the commands that need on Client/Server:

Client:

ntp authenticate

ntp authentication-key 1 md5 CISCO

ntp trusted-key 1

ntp server 1.2.3.4 key 1

Server:

ntp authentication-key 1 md5 CISCO

If Server is configured with authentication-key, but Client does not authenticate, then Client will still be in Sync.

Example config.

R5 is the NTP server, broadcast the time

R4 is NTP broadcast client

R1 & R6 are NTP client of R4. R1 & R6 also NTP peers with each other.

Configurations:

R5#sh run | in ntp|interface|address

interface Serial0
ip address 155.1.0.5 255.255.255.0
ntp broadcast key 45

ntp authentication-key 45 md5 CISCO45
ntp master 1

R4#sh run | in ntp|interface|address
interface FastEthernet0/0
ip address 155.1.146.4 255.255.255.0
interface Serial0/0
ip address 155.1.0.4 255.255.255.0
ntp broadcast client
ntp authentication-key 41 md5 CISCO41
ntp authentication-key 45 md5 CISCO45
ntp authentication-key 46 md5 CISCO46
ntp authenticate
ntp trusted-key 45

R1#sh run | in ntp|interface|address
interface FastEthernet0/0
ip address 155.1.146.1 255.255.255.0
ntp authentication-key 16 md5 CISCO16
ntp authentication-key 41 md5 CISCO41
ntp authenticate
ntp trusted-key 16
ntp trusted-key 41
ntp peer 155.1.146.6 key 16
ntp server 155.1.146.4 key 41

R6#sh run | in interface|address|ntp
interface FastEthernet0/0
ip address 155.1.146.6 255.255.255.0

ntp authentication-key 16 md5 CISCO16
ntp authentication-key 46 md5 CISCO46
ntp authenticate
ntp trusted-key 16
ntp trusted-key 46
ntp peer 155.1.146.1 key 16
ntp server 155.1.146.4 key 46

To verify:

R6#show ntp association detail

155.1.146.1 configured, authenticated, selected, sane, valid, stratum 3
ref ID 155.1.146.4, time CC44571E.E97E282B (17:00:14.912 UTC Wed Aug 6 2008)
our mode active, peer mode active, our poll intvl 256, peer poll intvl 256
root delay 58.38 msec, root disp 71.72, reach 377, sync dist 105.240
delay 3.22 msec, offset -6.6805 msec, dispersion 2.55
precision 2**16, version 3
org time CC4457B7.E8DCDE50 (17:02:47.909 UTC Wed Aug 6 2008)
rcv time CC4457B7.EAFC304A (17:02:47.917 UTC Wed Aug 6 2008)
xmt time CC445795.8B785A29 (17:02:13.544 UTC Wed Aug 6 2008)
filtdelay =     3.22    3.42    3.17    5.39    7.16    7.40    7.35    6.01
filtoffset =   -6.68   -5.96   -4.60   -2.48   -2.28   -1.18    0.68    0.55
filterror =     0.53    2.49    4.44    6.39    8.35   10.30   12.25   13.09

155.1.146.4 configured, authenticated, our_master, sane, valid, stratum 2
ref ID 155.1.0.5, time CC4457AD.3AC1E5BE (17:02:37.229 UTC Wed Aug 6 2008)
our mode client, peer mode server, our poll intvl 256, peer poll intvl 128
root delay 55.69 msec, root disp 69.66, reach 377, sync dist 103.561
delay 2.99 msec, offset -2.4377 msec, dispersion 4.56
precision 2**16, version 3
org time CC4457C3.8B3933CB (17:02:59.543 UTC Wed Aug 6 2008)
rcv time CC4457C3.8C3B4A26 (17:02:59.547 UTC Wed Aug 6 2008)
xmt time CC4457C3.8B659DD1 (17:02:59.544 UTC Wed Aug 6 2008)
filtdelay =     2.99    2.98    2.87    2.85    2.87    2.91    2.84    3.01
filtoffset =   -2.44   -7.93    3.03   -2.00   -2.88   -9.33  -10.41   -5.90
filterror =     0.02    1.97    3.92    5.87    7.83    9.78   11.73   12.71

Advertisements

Leave a Comment »

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at WordPress.com.
Entries and comments feeds.

%d bloggers like this: