From: Radioactive Frog (pbhatkoti@gmail.com)
Date: Sun Jan 04 2009 - 00:24:29 ARST
Interesting.....
What will happen in below scenario?
Server:
ntp authentication-key 1 md5 CISCO1
ntp authentication-key 2 md5 CISCO2
ntp authentication-key 3 md5 CISCO3
ntp trusted-key 2 <----------------------------------?
ntp master 4
Client1:
ntp authentication-key 1 md5 032772382520 7
ntp authenticate
ntp clock-period 17179828
ntp server 1.1.1.1 key 1
NTP server has 3 keys - key1, key2 key3
I want client1 to be authenticated with servers' key#2 only. Will 'ntp
trusted-key2' on sever play any role in this scenario/?
-frog
On Sat, Jan 3, 2009 at 7:28 AM, Mr.M <mnoktes@gmail.com> wrote:
> Kewl....thanks for getting back. Just lab it up too..you are right.
> ----- Original Message -----
> From: John Edom
> To: Jared Scrivener
> Cc: Mr.M ; Eric Brouwers ; GS ; Ed Man
> Sent: Friday, January 02, 2009 3:17 PM
> Subject: Re: NTP Server
>
>
> Yes, AFAIK, client authenticate server is it valid ntp server so client
> will
> use trusted-key to verify server...
>
> Regards
>
>
> On Fri, Jan 2, 2009 at 11:58 PM, Jared Scrivener <jscrivener@ipexpert.com
> >
> wrote:
>
> Hey Guys,
>
> Eric is right on this one (as is the IE blog). The NTP trusted-key
> command
> is only needed on an NTP client to specify which server's NTP packets to
> trust based on their NTP key.
>
>
> http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_10.html#
> wp1<http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_10.html#wp1>
> 015038
>
> Cheers,
>
> Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
> Technical Instructor - IPexpert, Inc.
> Telephone: +1.810.326.1444
> Fax: +1.810.454.0130
> Mailto: jscrivener@ipexpert.com
>
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> Mr.M
> Sent: Friday, 2 January 2009 2:39 PM
> To: Eric Brouwers; GS
> Cc: Ed Man
> Subject: Re: NTP Server
>
> Eric,
> I don't know if that is correct statement. Please refer to cisco
> website
> below and look at step 4.
>
>
> http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdmhelp/5
> _0p<http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdmhelp/5_0p>
> rocs/conf-ips/ntpserv.htm
>
> Also I dont' see from internetworkexpert states that this command using
> only
>
> on client. From what i understand, if you have more than one key on
> server,
> then you can use this command to specific the one you want.
>
> Cheers,
> Monty
> ----- Original Message -----
> From: "Eric Brouwers" <EricBrouwers@vodafone.nl>
> To: "GS" <ccielab@groupstudy.com>
> Cc: "Ed Man" <networkexpert08@gmail.com>
> Sent: Friday, January 02, 2009 1:05 PM
> Subject: Re: NTP Server
>
>
> > Ed,
> >
> > Note that client authenticates server. ntp trusted-key statement is
> only
> > needed on client. Server side only needs the ntp authentication-key.
> > Check out this link:
> > http://www.internetworkexpert.com/resources/ntp-authentication.htm
> >
> > It shows following example:
> >
> > Server:
> >
> > ntp master 1
> > ntp authentication-key 1 md5 CISCO
> >
> > Client:
> >
> > ntp authenticate
> > ntp authentication-key 1 md5 CISCO
> > ntp trusted-key 1
> > ntp server 12.0.0.1 key 1
> >
> > Eric Brouwers
> >
> > Radioactive Frog wrote:
> >
> > Hi Ed,
> > 'ntp trusted-key 1' is to tell router which key is valid for NTP
> > authentication.
> > Mind you, ntp server will still be syncing time with other
> > non-authenticated
> > clients. e.g. client not configured to use authentication with
> server.
> > The only way to do that is to apply ACL.
> >
> > HTH
> > -Frog
> > CCIE voice#21569
> >
> > On Sat, Jan 3, 2009 at 12:10 AM, Ed Man <networkexpert08@gmail.com
> >
> > wrote:
> >
> > Hi Group,
> >
> > Got confused when labbing with NTP...
> >
> > Server:
> > ntp authentication-key 1 md5 CISCO 0
> > ntp trusted-key 1
> > ntp master 4
> >
> > Client:
> > ntp authentication-key 1 md5 032772382520 7
> > ntp authenticate
> > ntp clock-period 17179828
> > ntp server 1.1.1.1 key 1
> >
> > If "ntp trusted-key 1" is removed from server, client can
> synchronized
> > with
> > server.
> >
> > My question is that do we really need server to have "ntp
> trusted-key
> > 1"
> > configured.
> >
> > Thanks
> > Ed.
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> > --------------------------------------------------------------------
> >
> > No virus found in this incoming message.
> > Checked by AVG - http://www.avg.com
> > Version: 8.0.176 / Virus Database: 270.10.2/1871 - Release Date:
> 1-1-2009
>
> > 17:01
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> >
> _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST