Without "ntp authenticate" you are still passing the key but not really caring one way or the other (plain text, not md5 as I recall).
Once you turn on "ntp authenticate" you basically tell the routers to care. :) At that point, you also MUST put in the "ntp trusted-key" command on the client side in order to really believe it (strange as it is). Bottom line though, as Marvin said... Look at the show commands! HTH, Scott -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Roger RPF Sent: Monday, June 02, 2008 6:21 PM To: 'OSL CCIE Routing and Switching Lab Exam'; [EMAIL PROTECTED] Subject: Re: [OSL | CCIE_RS] NTP authentication Hi Marvin Well, somehow something is not correct. If I configure only the following as you told: Master: ntp authentication-key 1 md5 cisco ntp master 4 Client: ntp server x.x.x.x key 1 ntp authentication-key 1 md5 test Even if the password are not the same, I get the ntp on the client synchronised. So then I configure the client: ntp server x.x.x.x key 1 ntp authentication-key 1 md5 cisco ntp authenticate Still does not work. So I continue on the client: ntp server x.x.x.x key 1 ntp authentication-key 1 md5 cisco ntp authenticate ntp trusted key 1 Now everything is fine. So to me the client needs the 4 statements mentioned above, isn't it or am I missing something?? Roger -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Roger RPF Gesendet: Montag, 2. Juni 2008 23:32 An: 'OSL CCIE Routing and Switching Lab Exam' Betreff: Re: [OSL | CCIE_RS] NTP authentication Ok, that works but for which reason is there the ntp authenticate ntp trusted-key 1 In some examples in the PG it is used and in some not...hmmm Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marvin Greenlee Gesendet: Montag, 2. Juni 2008 22:33 An: OSL CCIE Routing and Switching Lab Exam Betreff: Re: [OSL | CCIE_RS] NTP authentication For a minimal config, the master just needs the command "ntp master" and the authentication key. With NTP the master just hands out the key, it is up to the client to decide whether they determine that it is valid. Other devices just need the key, and the command 'ntp server x.x.x.x key yy'. Verify with show ntp associations detail, and make sure that your clients show as "authenticated" On 6/2/08, Roger RPF <[EMAIL PROTECTED]> wrote: Hi Group, If I have a NTP master and want to use authentication with all my clients, is it not necessary to use the command ntp authenticate on the master? Master: ntp master 3 ntp source loopback 0 ntp authentication key 1 md5 test ntp authenticate --> necessary?? Client: ntp server x.x.x.x key 1 ntp authenticae ntp trusted-key 1 ntp authentication key 1 md5 test regards Roger
