From: Jared Scrivener (jscrivener@ipexpert.com)
Date: Sun Jan 04 2009 - 03:53:52 ARST
Too true. The copy and paste got the better of me. ;)
Cheers,
Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
-----Original Message-----
From: Tony Varriale [mailto:tvarriale@flamboyaninc.com]
Sent: Saturday, 3 January 2009 11:03 PM
To: 'Jared Scrivener'
Cc: 'GS'
Subject: RE: NTP Server
Actually, the "ntp clock-period" command is generated by the router when NTP
is enabled...it should not be entered by the person on it. So, that is not
needed.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jared Scrivener
Sent: Saturday, January 03, 2009 8:38 PM
To: 'Radioactive Frog'; 'Mr.M'
Cc: 'John Edom'; 'Eric Brouwers'; 'GS'; 'Ed Man'
Subject: RE: NTP Server
Nope. For what you want to do, you need:
Server:
ntp authentication-key 1 md5 CISCO1
ntp authentication-key 2 md5 CISCO2
ntp authentication-key 3 md5 CISCO3
ntp master 4
Client1:
ntp authentication-key 2 md5 CISCO2
ntp trusted-key 2
ntp authenticate
ntp clock-period 17179828
ntp server 1.1.1.1 key 1
:-)
Cheers,
Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: <mailto:jscrivener@ipexpert.com> jscrivener@ipexpert.com
_____
From: Radioactive Frog [mailto:pbhatkoti@gmail.com]
Sent: Saturday, 3 January 2009 9:24 PM
To: Mr.M
Cc: John Edom; Jared Scrivener; Eric Brouwers; GS; Ed Man
Subject: Re: NTP Server
Interesting.....
What will happen in below scenario?
Server:
ntp authentication-key 1 md5 CISCO1
ntp authentication-key 2 md5 CISCO2
ntp authentication-key 3 md5 CISCO3
ntp trusted-key 2 <----------------------------------?
ntp master 4
Client1:
ntp authentication-key 1 md5 032772382520 7
ntp authenticate
ntp clock-period 17179828
ntp server 1.1.1.1 key 1
NTP server has 3 keys - key1, key2 key3
I want client1 to be authenticated with servers' key#2 only. Will 'ntp
trusted-key2' on sever play any role in this scenario/?
-frog
On Sat, Jan 3, 2009 at 7:28 AM, Mr.M <mnoktes@gmail.com> wrote:
Kewl....thanks for getting back. Just lab it up too..you are right.
----- Original Message -----
From: John Edom
To: Jared Scrivener
Cc: Mr.M ; Eric Brouwers ; GS ; Ed Man
Sent: Friday, January 02, 2009 3:17 PM
Subject: Re: NTP Server
Yes, AFAIK, client authenticate server is it valid ntp server so client
will
use trusted-key to verify server...
Regards
On Fri, Jan 2, 2009 at 11:58 PM, Jared Scrivener <jscrivener@ipexpert.com>
wrote:
Hey Guys,
Eric is right on this one (as is the IE blog). The NTP trusted-key
command
is only needed on an NTP client to specify which server's NTP packets to
trust based on their NTP key.
http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_10.html#
<http://www.cisco.com/en/US/docs/ios/netmgmt/command/reference/nm_10.html#wp
1>
wp1
015038
Cheers,
Jared Scrivener CCIE3 #16983 (R&S, Security, SP), CISSP
Technical Instructor - IPexpert, Inc.
Telephone: +1.810.326.1444
Fax: +1.810.454.0130
Mailto: jscrivener@ipexpert.com
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Mr.M
Sent: Friday, 2 January 2009 2:39 PM
To: Eric Brouwers; GS
Cc: Ed Man
Subject: Re: NTP Server
Eric,
I don't know if that is correct statement. Please refer to cisco website
below and look at step 4.
http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdmhelp/5
<http://www.cisco.com/univercd/cc/td/doc/product/netsec/secmgmt/asdmhelp/5_0
p>
_0p
rocs/conf-ips/ntpserv.htm
Also I dont' see from internetworkexpert states that this command using
only
on client. From what i understand, if you have more than one key on
server,
then you can use this command to specific the one you want.
Cheers,
Monty
----- Original Message -----
From: "Eric Brouwers" <EricBrouwers@vodafone.nl>
To: "GS" <ccielab@groupstudy.com>
Cc: "Ed Man" <networkexpert08@gmail.com>
Sent: Friday, January 02, 2009 1:05 PM
Subject: Re: NTP Server
> Ed,
>
> Note that client authenticates server. ntp trusted-key statement is
only
> needed on client. Server side only needs the ntp authentication-key.
> Check out this link:
> http://www.internetworkexpert.com/resources/ntp-authentication.htm
>
> It shows following example:
>
> Server:
>
> ntp master 1
> ntp authentication-key 1 md5 CISCO
>
> Client:
>
> ntp authenticate
> ntp authentication-key 1 md5 CISCO
> ntp trusted-key 1
> ntp server 12.0.0.1 key 1
>
> Eric Brouwers
>
> Radioactive Frog wrote:
>
> Hi Ed,
> 'ntp trusted-key 1' is to tell router which key is valid for NTP
> authentication.
> Mind you, ntp server will still be syncing time with other
> non-authenticated
> clients. e.g. client not configured to use authentication with server.
> The only way to do that is to apply ACL.
>
> HTH
> -Frog
> CCIE voice#21569
>
> On Sat, Jan 3, 2009 at 12:10 AM, Ed Man <networkexpert08@gmail.com>
> wrote:
>
> Hi Group,
>
> Got confused when labbing with NTP...
>
> Server:
> ntp authentication-key 1 md5 CISCO 0
> ntp trusted-key 1
> ntp master 4
>
> Client:
> ntp authentication-key 1 md5 032772382520 7
> ntp authenticate
> ntp clock-period 17179828
> ntp server 1.1.1.1 key 1
>
> If "ntp trusted-key 1" is removed from server, client can
synchronized
> with
> server.
>
> My question is that do we really need server to have "ntp
trusted-key
> 1"
> configured.
>
> Thanks
> Ed.
>
> Blogs and organic groups at http://www.ccie.net
>
This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:36 ARST