Re: NTP Server

From: John Edom (jedom123@gmail.com)
Date: Fri Jan 02 2009 - 18:17:37 ARST

• Next message: Mr.M: "Re: NTP Server"
• Previous message: John Edom: "VLAN Loadbalancing"
• Maybe in reply to: Ed Man: "NTP Server"
• Next in thread: Mr.M: "Re: NTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Yes, AFAIK, client authenticate server is it valid ntp server so client will
use trusted-key to verify server...

Regards

On Fri, Jan 2, 2009 at 11:58 PM, Jared Scrivener <jscrivener@ipexpert.com>wrote:

> Hey Guys,
>
> Eric is right on this one (as is the IE blog). The NTP trusted-key command
> is only needed on an NTP client to specify which server's NTP packets to
> trust based on their NTP key.
>
>
> http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_10.html#wp1
> 015038
>
> Cheers,
>
> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mr.M
> Sent: Friday, 2 January 2009 2:39 PM
> To: Eric Brouwers; GS
> Cc: Ed Man
> Subject: Re: NTP Server
>
> Eric,
> I don't know if that is correct statement. Please refer to cisco website
> below and look at step 4.
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdmhelp/5_0p
> rocs/conf-ips/ntpserv.htm<http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdmhelp/5_0procs/conf-ips/ntpserv.htm>
>
> Also I dont' see from internetworkexpert states that this command using
> only
>
> on client. From what i understand, if you have more than one key on server,
> then you can use this command to specific the one you want.
>
> Cheers,
> Monty
> ----- Original Message -----
> From: "Eric Brouwers" <EricBrouwers@vodafone.nl>
> To: "GS" <ccielab@groupstudy.com>
> Cc: "Ed Man" <networkexpert08@gmail.com>
> Sent: Friday, January 02, 2009 1:05 PM
> Subject: Re: NTP Server
>
>
> > Ed,
> >
> > Note that client authenticates server. ntp trusted-key statement is only
> > needed on client. Server side only needs the ntp authentication-key.
> > Check out this link:
> > http://www.internetworkexpert.com/resources/ntp-authentication.htm
> >
> > It shows following example:
> >
> > Server:
> >
> > ntp master 1
> > ntp authentication-key 1 md5 CISCO
> >
> > Client:
> >
> > ntp authenticate
> > ntp authentication-key 1 md5 CISCO
> > ntp trusted-key 1
> > ntp server 12.0.0.1 key 1
> >
> > Eric Brouwers
> >
> > Radioactive Frog wrote:
> >
> > Hi Ed,
> > 'ntp trusted-key 1' is to tell router which key is valid for NTP
> > authentication.
> > Mind you, ntp server will still be syncing time with other
> > non-authenticated
> > clients. e.g. client not configured to use authentication with server.
> > The only way to do that is to apply ACL.
> >
> > HTH
> > -Frog
> > CCIE voice#21569
> >
> > On Sat, Jan 3, 2009 at 12:10 AM, Ed Man <networkexpert08@gmail.com>
> > wrote:
> >
> > Hi Group,
> >
> > Got confused when labbing with NTP...
> >
> > Server:
> > ntp authentication-key 1 md5 CISCO 0
> > ntp trusted-key 1
> > ntp master 4
> >
> > Client:
> > ntp authentication-key 1 md5 032772382520 7
> > ntp authenticate
> > ntp clock-period 17179828
> > ntp server 1.1.1.1 key 1
> >
> > If "ntp trusted-key 1" is removed from server, client can synchronized
> > with
> > server.
> >
> > My question is that do we really need server to have "ntp trusted-key
> > 1"
> > configured.
> >
> > Thanks
> > Ed.
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > Blogs and organic groups at http://www.ccie.net
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > --------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG - http://www.avg.com
> > Version: 8.0.176 / Virus Database: 270.10.2/1871 - Release Date:
> 1-1-2009
>
> > 17:01
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net

• Next message: Mr.M: "Re: NTP Server"
• Previous message: John Edom: "VLAN Loadbalancing"
• Maybe in reply to: Ed Man: "NTP Server"
• Next in thread: Mr.M: "Re: NTP Server"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST