From: Schulz, Dave (DSchulz@dpsciences.com)
Date: Thu Jul 07 2005 - 15:54:20 GMT-3
Peter -
I tested your scenario in my lab and it appears to work correctly
....with md5 different is does not synchronize to the master (set at
stratum10). Then, if I change the md5 key to match at both sides, it
will work. However, I did notice a delay in the this function, so it is
not immediate. Also, if you last authenticated, then the clocks will
continue to run with that last time. The best way, I found to
check....is by using the "show ntp status" command....where it will tell
you when you are synchronized with the master. Then, go back to the
master and use the clock set command to change the time and see if the
R1 tracks to this time. I hope this helps.
Dave Schulz
Email: dschulz@dpsciences.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Teesa Peter
Sent: Thursday, July 07, 2005 10:19 AM
To: ccielab@groupstudy.com
Subject: NTP authenticaion
Hi,
R1 & R2 are connected through a point-to-point interface having ip
addresses 10.0.0.1 & 10.0.0.2 respectively. R2 is the ntp master.R1 is
synchronising with R2 and also I want to authenticate NTP.I configured
R2 as:
R2
!
ntp master 10
ntp trusted-key 1
ntp authenticate
ntp authentication-key 1
md5 ccie
!
R1
!
ntp server 10.0.0.2
ntp trusted-key 1
ntp authenticate
ntp
authentication-key 1 md5 cisco
!
Here the R1 is synchronising with R2 evenif
the key or password are different.So is it that here authentication is
not
working ?
The other thing is that if I change R1's ntp server command to
include the "key" ie
R1
!
ntp server 10.0.0.2 key 1
!
In this case R1 is
not synchronising.Here R1 will synchronise only if both keys and
passwords are
same.
So If I am asked to configure NTP authentication, need I add the "key"
keyword to my "ntp server" or " ntp peer " statement ?
Thanks,
Peter
This archive was generated by hypermail 2.1.4 : Sun Sep 04 2005 - 17:00:29 GMT-3