I might throw this one in the air... NTP is UDP and completely unidirectional. There are no ACKs or anything like that. The protocol itself has no mechanism for two way comms so I would suggest that is why we cant so mutual authentication here.
If someone else has something to add here (even if it proves me wrong) I'm happy to hear it. Cheers, Matt CCIE #22386 CCSI #31207 On 20 January 2011 21:59, Bojan Zivancevic <[email protected]>wrote: > I have been searching for the "final' answer to this question but still > could not find it. Cisco doc is of no use, so it seems. Looked on the > internet also, but I am not convinced what can be done about it. If someone > could clear this up it will be a blast. > > So, for many years NTP authentication was one-way. Only client had to > authenticate the source i.e. only the device that gets its clock changed has > to make sure that the source is valid. Makes sense. But since 12.4T Cisco > made some changes and now if we are doing authentication we must make > configs symmetrical. We could have done it before as well, but it was not > mandatory. > > But I could not quite get if that is real mutual authentication or not. I > looked up on the CLI etc. But it just does not click to me. I would like > your opinion. > > And what about NTP peer authentication? Is that mutual auth? There is no > real explanation about this command on Cisco doc as well. > > Best Regards, > > Bojan Zivancevic > Network Engineer > ---- > _______________________________________________ > For more information regarding industry leading CCIE Lab training, please > visit www.ipexpert.com > _______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
