Jump to content
Sign in to follow this  
mashti

How to Configure NTP with authentication

Recommended Posts

We are going to configure NTP Authentication on router R5 and R6 with router R5 being the time server.

Configure such that router R6 has a stratum level of 5. Use the password ‘time’ for your authentication.

 

For this step we are going to configure R5 to be our NTP master.

 

We are then going to configure R6 to use R5 as its authenticated time server.

 

First we will set the clock on R5.

 

This is done under the enable mode, not under the config mode. Remember that the time is entered as military time, based on a 24 hour clock.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Now that the clock is set we want R5 to act as the NTP master. We are told that R6 should have a stratum of 5. In order for R6 to have a stratum of 5 our master will need a stratum of 4. Anyone who gets the time off of the master will have the master’s stratum plus 1.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Then we are going to set R6 to use R5 as its time server. We can point to any reachable IP address on R5, we suggest that you use a Loopback interface if possible since Loopbacks never flap.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

We do not have any authentication configured yet, but we should check to make sure our NTP is synchronized before adding it.

We can check to make sure R6 is synchronized with R5 by issuing the show ntp status command.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Now that we know our NTP is synchronizing we can go ahead and add the authentication. NTP authentication is a little different than most. For NTP authentication it is the client that authenticates the master, not the other way around. The master only need to be told the authentication-key that it will use and nothing else. We will configure the authentication-key on R5 using the specified password of ‘time’.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

The majority of the authentication commands go on the client, R6. We need to tell R6 to authenticate and what authentication-key to use

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

We then need to tell R6 to only accept the server if it uses key 1 – the same key number we are specifying in the authentication-key command. This command will override the original ntp server 5.1.1.1 command.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Finally on R6 we need to tell it to only trust key 1.

 

Hidden Content

    Give reaction to this post to see the hidden content.

 

Now that we have our NTP authentication configured we can check to make sure it is working by issuing the show ntp associations detail command on R6.

 

Hidden Content

    Give reaction to this post to see the hidden content.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

×
×
  • Create New...