In the minimal example I mentioned, if passwords not correct, the time will still sync, however the output of 'show ntp associations detail" will NOT show as "authenticated".
Marvin Greenlee, CCIE #12237 (R&S, SP, Sec) Senior Technical Instructor - IPexpert, Inc. Telephone: +1.810.326.1444 Fax: +1.810.454.0130 Mailto: [EMAIL PROTECTED] Join our free online support and peer group communities: http://www.IPexpert.com/communities IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On Demand and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE Security Lab, CCIE Service Provider Lab, CCIE Voice Lab and CCIE Storage Lab Certifications. -----Original Message----- From: Roger RPF [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2008 6:21 PM To: 'OSL CCIE Routing and Switching Lab Exam'; [EMAIL PROTECTED] Subject: AW: [OSL | CCIE_RS] NTP authentication Hi Marvin Well, somehow something is not correct. If I configure only the following as you told: Master: ntp authentication-key 1 md5 cisco ntp master 4 Client: ntp server x.x.x.x key 1 ntp authentication-key 1 md5 test Even if the password are not the same, I get the ntp on the client synchronised. So then I configure the client: ntp server x.x.x.x key 1 ntp authentication-key 1 md5 cisco ntp authenticate Still does not work. So I continue on the client: ntp server x.x.x.x key 1 ntp authentication-key 1 md5 cisco ntp authenticate ntp trusted key 1 Now everything is fine. So to me the client needs the 4 statements mentioned above, isn't it or am I missing something?? Roger -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Roger RPF Gesendet: Montag, 2. Juni 2008 23:32 An: 'OSL CCIE Routing and Switching Lab Exam' Betreff: Re: [OSL | CCIE_RS] NTP authentication Ok, that works but for which reason is there the ntp authenticate ntp trusted-key 1 In some examples in the PG it is used and in some not...hmmm Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Marvin Greenlee Gesendet: Montag, 2. Juni 2008 22:33 An: OSL CCIE Routing and Switching Lab Exam Betreff: Re: [OSL | CCIE_RS] NTP authentication For a minimal config, the master just needs the command "ntp master" and the authentication key. With NTP the master just hands out the key, it is up to the client to decide whether they determine that it is valid. Other devices just need the key, and the command 'ntp server x.x.x.x key yy'. Verify with show ntp associations detail, and make sure that your clients show as "authenticated" On 6/2/08, Roger RPF <[EMAIL PROTECTED]> wrote: Hi Group, If I have a NTP master and want to use authentication with all my clients, is it not necessary to use the command ntp authenticate on the master? Master: ntp master 3 ntp source loopback 0 ntp authentication key 1 md5 test ntp authenticate --> necessary?? Client: ntp server x.x.x.x key 1 ntp authenticae ntp trusted-key 1 ntp authentication key 1 md5 test regards Roger
