Re: NTP Authentications

From: Sam Munzani (sam@xxxxxxxxxxx)
Date: Wed Nov 15 2000 - 11:24:29 GMT-3

• Next message: Keith T. Hall: "RE: Multicast ping"
• Previous message: James Chen: "ccbootcamp lab 3 question"
• Maybe in reply to: Sam Munzani: "NTP Authentications"
• Next in thread: Ramil: "Re: NTP Authentications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

   
Thanks Tracy,

Now I understand how it works. I always though in order to get time from
master, client has to authenticate. Otherwise it will not get it's time.
It's not like that. However in peer mode both peers have to authenticate in
order to adjust each other's time.

Regards,
Sam

> Ok, I'll eat some crow! If you have a master coded, it will provide time
to
> any client. When you add in the key values to the client, it will ONLY
> accept the time from a master (or peer) that has the key as well. In
normal
> NTP servers, you can also require that the clients authenticate to the
> master but it doesn't look like Cisco's implementation has that ability.
> Sorry for the confusion.
>
> The master should read:
>
> Ntp authentication
> Ntp authentication-key 1 md5 keyname
> Ntp master
>
> The client will be:
>
> Ntp authentication
> Ntp authentication-key 1 md5 keyname
> Ntp server x.x.x.x key 1
>
> Tracy W. Blackmore
> T.S. Lad Consulting
> 1026 E Stanford Ave.
> Gilbert, AZ., 85234
> (480)558-0472
>
> -----Original Message-----
> From: Sam Munzani [mailto:sam@munzani.com]
> Sent: Tuesday, November 14, 2000 10:51 AM
> To: Tracy Blackmore
> Subject: Re: NTP Authentications
>
> << File: r6.TXT >> << File: r3.TXT >> << File: r2.TXT >>
> O.K. Here it comes.
> R6 is NTP master, I am using authentication on R2 with R6
> and not using any
> authentication on R3 to get time from R6.
>
> R3 still gets time without any authentication keys.
>
> Sam
> ----- Original Message -----
> From: "Tracy Blackmore" <TracyB@TSLAD.com>
> To: "'Sam Munzani'" <sam@munzani.com>
> Sent: Monday, November 13, 2000 4:01 AM
> Subject: RE: NTP Authentications
>
>
> > Without seeing your config, it's hard to say. If you have
> the following,
> it
> > should work (I have 11.2(23)).
> >
> > NTP AUTHENTICATE
> > NTP AUTHENTICATION-KEY xx MD5 key
> > NTP TRUSTED-KEY xx
> >
> > Once I configured the client, I had to reload it but it
> didn't work
> without
> > the lines above.
> >
> > -----Original Message-----
> > From: Sam Munzani [mailto:sam@munzani.com]
> > Sent: Monday, November 13, 2000 2:18 PM
> > To: ccielab@groupstudy.com
> > Subject: NTP Authentications
> >
> >
> > Hi Guys,
> >
> > This is discussed on group so many time but there is no
> definate answer on
> > archives.
> >
> > 1. NTP master serves time to authenticated clients only.
> All non
> > authenticated clients should not get time from master.
> >
> > I tried and it gets time even if you have wrong
> authentication key on
> > client. Any catch in this one?
> >
> > Sam

• Next message: Keith T. Hall: "RE: Multicast ping"
• Previous message: James Chen: "ccbootcamp lab 3 question"
• Maybe in reply to: Sam Munzani: "NTP Authentications"
• Next in thread: Ramil: "Re: NTP Authentications"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 08:25:45 GMT-3